Sep 21 07:23:59.860103: FIPS Product: YES Sep 21 07:23:59.860135: FIPS Kernel: NO Sep 21 07:23:59.860137: FIPS Mode: NO Sep 21 07:23:59.860139: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:23:59.860272: Initializing NSS Sep 21 07:23:59.860278: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:23:59.896443: NSS initialized Sep 21 07:23:59.896454: NSS crypto library initialized Sep 21 07:23:59.896456: FIPS HMAC integrity support [enabled] Sep 21 07:23:59.896457: FIPS mode disabled for pluto daemon Sep 21 07:23:59.939443: FIPS HMAC integrity verification self-test FAILED Sep 21 07:23:59.939524: libcap-ng support [enabled] Sep 21 07:23:59.939533: Linux audit support [enabled] Sep 21 07:23:59.939553: Linux audit activated Sep 21 07:23:59.939556: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1129 Sep 21 07:23:59.939558: core dump dir: /tmp Sep 21 07:23:59.939560: secrets file: /etc/ipsec.secrets Sep 21 07:23:59.939561: leak-detective disabled Sep 21 07:23:59.939562: NSS crypto [enabled] Sep 21 07:23:59.939563: XAUTH PAM support [enabled] Sep 21 07:23:59.939617: | libevent is using pluto's memory allocator Sep 21 07:23:59.939622: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:23:59.939633: | libevent_malloc: new ptr-libevent@0x561c57faa270 size 40 Sep 21 07:23:59.939637: | libevent_malloc: new ptr-libevent@0x561c57fab520 size 40 Sep 21 07:23:59.939639: | libevent_malloc: new ptr-libevent@0x561c57fab550 size 40 Sep 21 07:23:59.939641: | creating event base Sep 21 07:23:59.939642: | libevent_malloc: new ptr-libevent@0x561c57fab4e0 size 56 Sep 21 07:23:59.939645: | libevent_malloc: new ptr-libevent@0x561c57fab580 size 664 Sep 21 07:23:59.939653: | libevent_malloc: new ptr-libevent@0x561c57fab820 size 24 Sep 21 07:23:59.939656: | libevent_malloc: new ptr-libevent@0x561c57f9df30 size 384 Sep 21 07:23:59.939664: | libevent_malloc: new ptr-libevent@0x561c57fab840 size 16 Sep 21 07:23:59.939666: | libevent_malloc: new ptr-libevent@0x561c57fab860 size 40 Sep 21 07:23:59.939667: | libevent_malloc: new ptr-libevent@0x561c57fab890 size 48 Sep 21 07:23:59.939671: | libevent_realloc: new ptr-libevent@0x561c57f2e370 size 256 Sep 21 07:23:59.939673: | libevent_malloc: new ptr-libevent@0x561c57fab8d0 size 16 Sep 21 07:23:59.939677: | libevent_free: release ptr-libevent@0x561c57fab4e0 Sep 21 07:23:59.939679: | libevent initialized Sep 21 07:23:59.939682: | libevent_realloc: new ptr-libevent@0x561c57fab8f0 size 64 Sep 21 07:23:59.939684: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:23:59.939695: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:23:59.939697: NAT-Traversal support [enabled] Sep 21 07:23:59.939699: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:23:59.939703: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:23:59.939705: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:23:59.939730: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:23:59.939732: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:23:59.939734: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:23:59.939768: Encryption algorithms: Sep 21 07:23:59.939775: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:23:59.939778: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:23:59.939780: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:23:59.939782: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:23:59.939792: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:23:59.939815: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:23:59.939817: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:23:59.939820: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:23:59.939822: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:23:59.939824: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:23:59.939826: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:23:59.939828: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:23:59.939830: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:23:59.939832: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:23:59.939835: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:23:59.939849: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:23:59.939851: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:23:59.939856: Hash algorithms: Sep 21 07:23:59.939858: MD5 IKEv1: IKE IKEv2: Sep 21 07:23:59.939860: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:23:59.939861: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:23:59.939863: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:23:59.939865: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:23:59.939873: PRF algorithms: Sep 21 07:23:59.939875: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:23:59.939877: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:23:59.939879: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:23:59.939881: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:23:59.939882: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:23:59.939884: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:23:59.939899: Integrity algorithms: Sep 21 07:23:59.939901: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:23:59.939903: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:23:59.939906: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:23:59.939908: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:23:59.939910: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:23:59.939912: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:23:59.939914: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:23:59.939916: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:23:59.939917: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:23:59.939925: DH algorithms: Sep 21 07:23:59.939927: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:23:59.939929: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:23:59.939930: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:23:59.939934: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:23:59.939935: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:23:59.939937: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:23:59.939939: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:23:59.939941: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:23:59.939942: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:23:59.939944: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:23:59.939946: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:23:59.939947: testing CAMELLIA_CBC: Sep 21 07:23:59.939949: Camellia: 16 bytes with 128-bit key Sep 21 07:23:59.940032: Camellia: 16 bytes with 128-bit key Sep 21 07:23:59.940050: Camellia: 16 bytes with 256-bit key Sep 21 07:23:59.940067: Camellia: 16 bytes with 256-bit key Sep 21 07:23:59.940084: testing AES_GCM_16: Sep 21 07:23:59.940086: empty string Sep 21 07:23:59.940107: one block Sep 21 07:23:59.940122: two blocks Sep 21 07:23:59.940138: two blocks with associated data Sep 21 07:23:59.940153: testing AES_CTR: Sep 21 07:23:59.940154: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:23:59.940170: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:23:59.940186: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:23:59.940202: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:23:59.940216: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:23:59.940232: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:23:59.940247: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:23:59.940262: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:23:59.940278: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:23:59.940294: testing AES_CBC: Sep 21 07:23:59.940296: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:23:59.940311: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:23:59.940328: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:23:59.940345: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:23:59.940364: testing AES_XCBC: Sep 21 07:23:59.940366: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:23:59.940437: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:23:59.940513: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:23:59.940584: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:23:59.940657: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:23:59.940730: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:23:59.940825: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:23:59.941006: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:23:59.941080: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:23:59.941158: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:23:59.941296: testing HMAC_MD5: Sep 21 07:23:59.941298: RFC 2104: MD5_HMAC test 1 Sep 21 07:23:59.941400: RFC 2104: MD5_HMAC test 2 Sep 21 07:23:59.941489: RFC 2104: MD5_HMAC test 3 Sep 21 07:23:59.941604: 8 CPU cores online Sep 21 07:23:59.941607: starting up 7 crypto helpers Sep 21 07:23:59.941633: started thread for crypto helper 0 Sep 21 07:23:59.941640: | starting up helper thread 0 Sep 21 07:23:59.941652: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:23:59.941653: started thread for crypto helper 1 Sep 21 07:23:59.941673: | crypto helper 0 waiting (nothing to do) Sep 21 07:23:59.941681: | starting up helper thread 1 Sep 21 07:23:59.941694: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:23:59.941696: | crypto helper 1 waiting (nothing to do) Sep 21 07:23:59.941699: started thread for crypto helper 2 Sep 21 07:23:59.941716: started thread for crypto helper 3 Sep 21 07:23:59.941724: | starting up helper thread 3 Sep 21 07:23:59.941732: started thread for crypto helper 4 Sep 21 07:23:59.941735: | starting up helper thread 4 Sep 21 07:23:59.941740: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:23:59.941742: | starting up helper thread 2 Sep 21 07:23:59.941742: | crypto helper 4 waiting (nothing to do) Sep 21 07:23:59.941733: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:23:59.941759: started thread for crypto helper 5 Sep 21 07:23:59.941761: | crypto helper 3 waiting (nothing to do) Sep 21 07:23:59.941750: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:23:59.941768: | crypto helper 2 waiting (nothing to do) Sep 21 07:23:59.941774: | starting up helper thread 5 Sep 21 07:23:59.941779: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:23:59.941786: | starting up helper thread 6 Sep 21 07:23:59.941794: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:23:59.941779: started thread for crypto helper 6 Sep 21 07:23:59.941788: | crypto helper 5 waiting (nothing to do) Sep 21 07:23:59.941804: | checking IKEv1 state table Sep 21 07:23:59.941830: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:23:59.941832: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:23:59.941834: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:23:59.941835: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:23:59.941852: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:23:59.941853: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:23:59.941855: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:23:59.941856: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:23:59.941858: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:23:59.941863: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:23:59.941866: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:23:59.941867: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:23:59.941870: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:23:59.941858: | crypto helper 6 waiting (nothing to do) Sep 21 07:23:59.941872: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:23:59.941916: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:23:59.941917: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:23:59.941919: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:23:59.941921: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:23:59.941922: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:23:59.941923: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:23:59.941925: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:23:59.941926: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941928: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:23:59.941929: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941931: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:23:59.941932: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:23:59.941934: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:23:59.941935: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:23:59.941936: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:23:59.941938: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:23:59.941939: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:23:59.941941: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:23:59.941942: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:23:59.941944: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941945: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:23:59.941947: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941948: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:23:59.941952: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:23:59.941954: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:23:59.941956: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:23:59.941957: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:23:59.941959: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:23:59.941960: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:23:59.941962: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941963: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:23:59.941965: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941966: | INFO: category: informational flags: 0: Sep 21 07:23:59.941967: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941969: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:23:59.941970: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941972: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:23:59.941973: | -> XAUTH_R1 EVENT_NULL Sep 21 07:23:59.941975: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:23:59.941976: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:23:59.941978: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:23:59.941979: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:23:59.941981: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:23:59.941982: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:23:59.941984: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:23:59.941985: | -> UNDEFINED EVENT_NULL Sep 21 07:23:59.941987: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:23:59.941988: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:23:59.941990: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:23:59.941991: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:23:59.941993: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:23:59.941994: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:23:59.941999: | checking IKEv2 state table Sep 21 07:23:59.942004: | PARENT_I0: category: ignore flags: 0: Sep 21 07:23:59.942005: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:23:59.942007: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:23:59.942009: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:23:59.942011: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:23:59.942012: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:23:59.942014: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:23:59.942016: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:23:59.942017: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:23:59.942019: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:23:59.942020: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:23:59.942022: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:23:59.942024: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:23:59.942025: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:23:59.942027: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:23:59.942028: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:23:59.942030: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:23:59.942031: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:23:59.942033: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:23:59.942034: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:23:59.942036: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:23:59.942038: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:23:59.942040: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:23:59.942042: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:23:59.942043: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:23:59.942045: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:23:59.942047: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:23:59.942048: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:23:59.942050: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:23:59.942051: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:23:59.942053: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:23:59.942055: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:23:59.942056: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:23:59.942058: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:23:59.942059: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:23:59.942061: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:23:59.942063: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:23:59.942064: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:23:59.942066: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:23:59.942068: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:23:59.942069: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:23:59.942071: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:23:59.942073: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:23:59.942074: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:23:59.942076: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:23:59.942077: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:23:59.942079: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:23:59.942120: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:23:59.942164: | Hard-wiring algorithms Sep 21 07:23:59.942166: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:23:59.942169: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:23:59.942171: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:23:59.942172: | adding 3DES_CBC to kernel algorithm db Sep 21 07:23:59.942173: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:23:59.942175: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:23:59.942176: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:23:59.942178: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:23:59.942179: | adding AES_CTR to kernel algorithm db Sep 21 07:23:59.942180: | adding AES_CBC to kernel algorithm db Sep 21 07:23:59.942182: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:23:59.942183: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:23:59.942185: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:23:59.942186: | adding NULL to kernel algorithm db Sep 21 07:23:59.942188: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:23:59.942189: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:23:59.942191: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:23:59.942192: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:23:59.942193: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:23:59.942195: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:23:59.942196: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:23:59.942198: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:23:59.942199: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:23:59.942201: | adding NONE to kernel algorithm db Sep 21 07:23:59.942218: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:23:59.942222: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:23:59.942233: | setup kernel fd callback Sep 21 07:23:59.942252: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561c57fb0f90 Sep 21 07:23:59.942255: | libevent_malloc: new ptr-libevent@0x561c57fbd0b0 size 128 Sep 21 07:23:59.942260: | libevent_malloc: new ptr-libevent@0x561c57fb0270 size 16 Sep 21 07:23:59.942266: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561c57fb0f50 Sep 21 07:23:59.942269: | libevent_malloc: new ptr-libevent@0x561c57fbd140 size 128 Sep 21 07:23:59.942272: | libevent_malloc: new ptr-libevent@0x561c57fb0290 size 16 Sep 21 07:23:59.942420: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:23:59.942427: selinux support is enabled. Sep 21 07:23:59.942496: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:23:59.942619: | unbound context created - setting debug level to 5 Sep 21 07:23:59.942640: | /etc/hosts lookups activated Sep 21 07:23:59.942653: | /etc/resolv.conf usage activated Sep 21 07:23:59.942684: | outgoing-port-avoid set 0-65535 Sep 21 07:23:59.942701: | outgoing-port-permit set 32768-60999 Sep 21 07:23:59.942703: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:23:59.942705: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:23:59.942706: | Setting up events, loop start Sep 21 07:23:59.942708: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561c57fab4e0 Sep 21 07:23:59.942710: | libevent_malloc: new ptr-libevent@0x561c57fc7630 size 128 Sep 21 07:23:59.942712: | libevent_malloc: new ptr-libevent@0x561c57fc76c0 size 16 Sep 21 07:23:59.942716: | libevent_realloc: new ptr-libevent@0x561c57f2c6c0 size 256 Sep 21 07:23:59.942718: | libevent_malloc: new ptr-libevent@0x561c57fc76e0 size 8 Sep 21 07:23:59.942720: | libevent_realloc: new ptr-libevent@0x561c57fbc4b0 size 144 Sep 21 07:23:59.942721: | libevent_malloc: new ptr-libevent@0x561c57fc7700 size 152 Sep 21 07:23:59.942724: | libevent_malloc: new ptr-libevent@0x561c57fc77a0 size 16 Sep 21 07:23:59.942726: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:23:59.942728: | libevent_malloc: new ptr-libevent@0x561c57fc77c0 size 8 Sep 21 07:23:59.942729: | libevent_malloc: new ptr-libevent@0x561c57fc77e0 size 152 Sep 21 07:23:59.942731: | signal event handler PLUTO_SIGTERM installed Sep 21 07:23:59.942732: | libevent_malloc: new ptr-libevent@0x561c57fc7880 size 8 Sep 21 07:23:59.942734: | libevent_malloc: new ptr-libevent@0x561c57fc78a0 size 152 Sep 21 07:23:59.942736: | signal event handler PLUTO_SIGHUP installed Sep 21 07:23:59.942737: | libevent_malloc: new ptr-libevent@0x561c57fc7940 size 8 Sep 21 07:23:59.942739: | libevent_realloc: release ptr-libevent@0x561c57fbc4b0 Sep 21 07:23:59.942740: | libevent_realloc: new ptr-libevent@0x561c57fc7960 size 256 Sep 21 07:23:59.942742: | libevent_malloc: new ptr-libevent@0x561c57fbc4b0 size 152 Sep 21 07:23:59.942744: | signal event handler PLUTO_SIGSYS installed Sep 21 07:23:59.943041: | created addconn helper (pid:1281) using fork+execve Sep 21 07:23:59.943053: | forked child 1281 Sep 21 07:23:59.943085: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:23:59.943101: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:23:59.943111: listening for IKE messages Sep 21 07:23:59.943161: | Inspecting interface lo Sep 21 07:23:59.943167: | found lo with address 127.0.0.1 Sep 21 07:23:59.943169: | Inspecting interface eth0 Sep 21 07:23:59.943172: | found eth0 with address 192.0.1.254 Sep 21 07:23:59.943173: | Inspecting interface eth1 Sep 21 07:23:59.943176: | found eth1 with address 192.1.2.45 Sep 21 07:23:59.943212: Kernel supports NIC esp-hw-offload Sep 21 07:23:59.943221: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:23:59.943243: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:23:59.943250: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:23:59.943253: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:23:59.943275: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:23:59.943295: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:23:59.943298: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:23:59.943301: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:23:59.943322: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:23:59.943340: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:23:59.943343: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:23:59.943345: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:23:59.943396: | no interfaces to sort Sep 21 07:23:59.943400: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:23:59.943405: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7cd0 Sep 21 07:23:59.943407: | libevent_malloc: new ptr-libevent@0x561c57fc7d10 size 128 Sep 21 07:23:59.943409: | libevent_malloc: new ptr-libevent@0x561c57fc7da0 size 16 Sep 21 07:23:59.943414: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:23:59.943416: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7dc0 Sep 21 07:23:59.943417: | libevent_malloc: new ptr-libevent@0x561c57fc7e00 size 128 Sep 21 07:23:59.943419: | libevent_malloc: new ptr-libevent@0x561c57fc7e90 size 16 Sep 21 07:23:59.943422: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:23:59.943423: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7eb0 Sep 21 07:23:59.943425: | libevent_malloc: new ptr-libevent@0x561c57fc7ef0 size 128 Sep 21 07:23:59.943426: | libevent_malloc: new ptr-libevent@0x561c57fc7f80 size 16 Sep 21 07:23:59.943429: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:23:59.943431: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7fa0 Sep 21 07:23:59.943432: | libevent_malloc: new ptr-libevent@0x561c57fc7fe0 size 128 Sep 21 07:23:59.943434: | libevent_malloc: new ptr-libevent@0x561c57fc8070 size 16 Sep 21 07:23:59.943437: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:23:59.943438: | add_fd_read_event_handler: new ethX-pe@0x561c57fc8090 Sep 21 07:23:59.943440: | libevent_malloc: new ptr-libevent@0x561c57fc80d0 size 128 Sep 21 07:23:59.943441: | libevent_malloc: new ptr-libevent@0x561c57fc8160 size 16 Sep 21 07:23:59.943444: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:23:59.943446: | add_fd_read_event_handler: new ethX-pe@0x561c57fc8180 Sep 21 07:23:59.943447: | libevent_malloc: new ptr-libevent@0x561c57fc81c0 size 128 Sep 21 07:23:59.943449: | libevent_malloc: new ptr-libevent@0x561c57fc8250 size 16 Sep 21 07:23:59.943451: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:23:59.943454: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:23:59.943456: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:23:59.943471: loading secrets from "/etc/ipsec.secrets" Sep 21 07:23:59.943485: | saving Modulus Sep 21 07:23:59.943489: | saving PublicExponent Sep 21 07:23:59.943491: | ignoring PrivateExponent Sep 21 07:23:59.943493: | ignoring Prime1 Sep 21 07:23:59.943494: | ignoring Prime2 Sep 21 07:23:59.943496: | ignoring Exponent1 Sep 21 07:23:59.943498: | ignoring Exponent2 Sep 21 07:23:59.943500: | ignoring Coefficient Sep 21 07:23:59.943502: | ignoring CKAIDNSS Sep 21 07:23:59.943524: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:23:59.943526: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:23:59.943529: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:23:59.943534: | certs and keys locked by 'process_secret' Sep 21 07:23:59.943538: | certs and keys unlocked by 'process_secret' Sep 21 07:23:59.943542: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:23:59.943548: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:23:59.943560: | spent 0.481 milliseconds in whack Sep 21 07:23:59.973011: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:23:59.973047: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:23:59.973051: listening for IKE messages Sep 21 07:23:59.973095: | Inspecting interface lo Sep 21 07:23:59.973100: | found lo with address 127.0.0.1 Sep 21 07:23:59.973102: | Inspecting interface eth0 Sep 21 07:23:59.973105: | found eth0 with address 192.0.1.254 Sep 21 07:23:59.973106: | Inspecting interface eth1 Sep 21 07:23:59.973108: | found eth1 with address 192.1.2.45 Sep 21 07:23:59.973162: | no interfaces to sort Sep 21 07:23:59.973169: | libevent_free: release ptr-libevent@0x561c57fc7d10 Sep 21 07:23:59.973171: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7cd0 Sep 21 07:23:59.973173: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7cd0 Sep 21 07:23:59.973175: | libevent_malloc: new ptr-libevent@0x561c57fc7d10 size 128 Sep 21 07:23:59.973180: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:23:59.973183: | libevent_free: release ptr-libevent@0x561c57fc7e00 Sep 21 07:23:59.973184: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7dc0 Sep 21 07:23:59.973186: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7dc0 Sep 21 07:23:59.973187: | libevent_malloc: new ptr-libevent@0x561c57fc7e00 size 128 Sep 21 07:23:59.973190: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:23:59.973193: | libevent_free: release ptr-libevent@0x561c57fc7ef0 Sep 21 07:23:59.973194: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7eb0 Sep 21 07:23:59.973196: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7eb0 Sep 21 07:23:59.973197: | libevent_malloc: new ptr-libevent@0x561c57fc7ef0 size 128 Sep 21 07:23:59.973200: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:23:59.973203: | libevent_free: release ptr-libevent@0x561c57fc7fe0 Sep 21 07:23:59.973204: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7fa0 Sep 21 07:23:59.973206: | add_fd_read_event_handler: new ethX-pe@0x561c57fc7fa0 Sep 21 07:23:59.973207: | libevent_malloc: new ptr-libevent@0x561c57fc7fe0 size 128 Sep 21 07:23:59.973210: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:23:59.973213: | libevent_free: release ptr-libevent@0x561c57fc80d0 Sep 21 07:23:59.973214: | free_event_entry: release EVENT_NULL-pe@0x561c57fc8090 Sep 21 07:23:59.973216: | add_fd_read_event_handler: new ethX-pe@0x561c57fc8090 Sep 21 07:23:59.973217: | libevent_malloc: new ptr-libevent@0x561c57fc80d0 size 128 Sep 21 07:23:59.973220: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:23:59.973222: | libevent_free: release ptr-libevent@0x561c57fc81c0 Sep 21 07:23:59.973224: | free_event_entry: release EVENT_NULL-pe@0x561c57fc8180 Sep 21 07:23:59.973225: | add_fd_read_event_handler: new ethX-pe@0x561c57fc8180 Sep 21 07:23:59.973227: | libevent_malloc: new ptr-libevent@0x561c57fc81c0 size 128 Sep 21 07:23:59.973229: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:23:59.973231: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:23:59.973233: forgetting secrets Sep 21 07:23:59.973240: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:23:59.973266: loading secrets from "/etc/ipsec.secrets" Sep 21 07:23:59.973277: | saving Modulus Sep 21 07:23:59.973279: | saving PublicExponent Sep 21 07:23:59.973281: | ignoring PrivateExponent Sep 21 07:23:59.973283: | ignoring Prime1 Sep 21 07:23:59.973285: | ignoring Prime2 Sep 21 07:23:59.973287: | ignoring Exponent1 Sep 21 07:23:59.973289: | ignoring Exponent2 Sep 21 07:23:59.973290: | ignoring Coefficient Sep 21 07:23:59.973292: | ignoring CKAIDNSS Sep 21 07:23:59.973321: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:23:59.973323: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:23:59.973326: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:23:59.973330: | certs and keys locked by 'process_secret' Sep 21 07:23:59.973351: | certs and keys unlocked by 'process_secret' Sep 21 07:23:59.973355: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:23:59.973362: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:23:59.973367: | spent 0.376 milliseconds in whack Sep 21 07:23:59.973721: | processing signal PLUTO_SIGCHLD Sep 21 07:23:59.973736: | waitpid returned pid 1281 (exited with status 0) Sep 21 07:23:59.973740: | reaped addconn helper child (status 0) Sep 21 07:23:59.973743: | waitpid returned ECHILD (no child processes left) Sep 21 07:23:59.973747: | spent 0.019 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:00.154397: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.154419: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.154425: | Added new connection testmanual1 with policy ENCRYPT+IKEV2_ALLOW Sep 21 07:24:00.154460: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.154462: | from whack: got --esp= Sep 21 07:24:00.154483: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.154486: | counting wild cards for (none) is 15 Sep 21 07:24:00.154488: | counting wild cards for (none) is 15 Sep 21 07:24:00.154494: added connection description "testmanual1" Sep 21 07:24:00.154501: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ENCRYPT+IKEV2_ALLOW Sep 21 07:24:00.154506: | 1.2.3.4[+S?C]...2.3.4.5[+S?C] Sep 21 07:24:00.154511: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.154517: | spent 0.127 milliseconds in whack Sep 21 07:24:00.211738: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.211769: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.211776: | Added new connection testmanual2 with policy ENCRYPT+IKEV2_ALLOW Sep 21 07:24:00.211830: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.211836: | from whack: got --esp= Sep 21 07:24:00.211866: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.211869: | counting wild cards for (none) is 15 Sep 21 07:24:00.211872: | counting wild cards for (none) is 15 Sep 21 07:24:00.211877: added connection description "testmanual2" Sep 21 07:24:00.211887: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+IKEV2_ALLOW Sep 21 07:24:00.211894: | 1.2.3.5[+S?C]...2.3.4.6[+S?C] Sep 21 07:24:00.211901: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.211907: | spent 0.175 milliseconds in whack Sep 21 07:24:00.267372: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.267394: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.267401: | Added new connection testmanual3 with policy PSK+ENCRYPT+IKEV2_ALLOW Sep 21 07:24:00.267435: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.267442: | from whack: got --esp= Sep 21 07:24:00.267463: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.267466: | counting wild cards for (none) is 15 Sep 21 07:24:00.267468: | counting wild cards for (none) is 15 Sep 21 07:24:00.267472: added connection description "testmanual3" Sep 21 07:24:00.267479: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+IKEV2_ALLOW Sep 21 07:24:00.267484: | 1.2.3.6[+S?C]...2.3.4.7[+S?C] Sep 21 07:24:00.267489: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.267494: | spent 0.131 milliseconds in whack Sep 21 07:24:00.400670: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.400686: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.400689: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.400691: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.400693: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.400696: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.400701: | Added new connection test-default with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.400704: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:24:00.400741: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.400744: | from whack: got --esp= Sep 21 07:24:00.400766: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.400770: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.400773: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.400776: added connection description "test-default" Sep 21 07:24:00.400791: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.400800: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.400807: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.400812: | spent 0.145 milliseconds in whack Sep 21 07:24:00.487392: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.487409: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.487427: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.487429: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.487430: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.487433: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.487439: | Added new connection test-v1-secret with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.487445: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.487451: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.487468: added connection description "test-v1-secret" Sep 21 07:24:00.487475: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.487498: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.487504: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.487511: | spent 0.138 milliseconds in whack Sep 21 07:24:00.568616: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.568631: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.568633: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.568635: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.568637: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.568640: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.568645: | Added new connection test-v1-rsasig with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.568650: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.568653: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.568656: added connection description "test-v1-rsasig" Sep 21 07:24:00.568663: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.568668: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.568674: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.568679: | spent 0.0705 milliseconds in whack Sep 21 07:24:00.648510: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.648528: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.648532: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.648533: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.648535: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.648538: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.648543: | Added new connection test-passthrough with policy none+PASS+NEVER_NEGOTIATE Sep 21 07:24:00.648545: | No AUTH policy was set for type=passthrough - defaulting to AUTH_NEVER Sep 21 07:24:00.648549: | counting wild cards for 3.3.3.3 is 0 Sep 21 07:24:00.648552: | counting wild cards for 5.5.5.5 is 0 Sep 21 07:24:00.648555: added connection description "test-passthrough" Sep 21 07:24:00.648562: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE Sep 21 07:24:00.648566: | 3.3.3.3<3.3.3.3>...5.5.5.5<5.5.5.5> Sep 21 07:24:00.648572: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.648578: | spent 0.0759 milliseconds in whack Sep 21 07:24:00.739327: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.739346: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.739365: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.739367: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.739369: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.739376: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.739396: | Added new connection test1 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.739442: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.739449: | from whack: got --esp= Sep 21 07:24:00.739480: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.739492: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.739497: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.739517: added connection description "test1" Sep 21 07:24:00.739528: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.739535: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.739546: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.739553: | spent 0.247 milliseconds in whack Sep 21 07:24:00.820332: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.820362: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.820366: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.820384: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.820386: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.820393: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.820401: | Added new connection test2 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.820492: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.820495: | from whack: got --esp= Sep 21 07:24:00.820530: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.820549: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.820553: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.820558: added connection description "test2" Sep 21 07:24:00.820568: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.820575: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.820583: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.820590: | spent 0.266 milliseconds in whack Sep 21 07:24:00.901315: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.901332: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.901350: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.901352: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.901354: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.901359: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.901365: | Added new connection test3 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.901438: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.901440: | from whack: got --esp= Sep 21 07:24:00.901461: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.901466: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.901468: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.901475: added connection description "test3" Sep 21 07:24:00.901483: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.901487: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.901492: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.901497: | spent 0.203 milliseconds in whack Sep 21 07:24:00.981666: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:00.981688: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.981693: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.981696: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.981699: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:00.981706: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:00.981713: | Added new connection test5 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.981766: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:00.981770: | from whack: got --esp= Sep 21 07:24:00.981823: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:00.981832: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:00.981836: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:00.981841: added connection description "test5" Sep 21 07:24:00.981852: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:00.981859: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:00.981882: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:00.981889: | spent 0.229 milliseconds in whack Sep 21 07:24:01.072867: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.072884: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.072890: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.072892: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.072894: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.072899: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.072905: | Added new connection test6 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.072940: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:01.072942: | from whack: got --esp= Sep 21 07:24:01.072964: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:01.072969: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:01.072972: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:01.072975: added connection description "test6" Sep 21 07:24:01.072984: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.072996: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:01.073004: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.073011: | spent 0.151 milliseconds in whack Sep 21 07:24:01.156869: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.156890: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.156895: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.156898: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.156901: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.156908: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.156917: | Added new connection test7 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.156955: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:01.156957: | from whack: got --esp= Sep 21 07:24:01.156979: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:01.156984: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:01.156987: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:01.156990: added connection description "test7" Sep 21 07:24:01.156998: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.157002: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:01.157008: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.157013: | spent 0.153 milliseconds in whack Sep 21 07:24:01.246859: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.246879: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.246884: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.246887: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.246890: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.246896: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.246904: | Added new connection test8 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.246945: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:01.246948: | from whack: got --esp= Sep 21 07:24:01.246970: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:01.246974: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:01.246977: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:01.246981: added connection description "test8" Sep 21 07:24:01.246989: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.246996: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:01.247004: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.247011: | spent 0.16 milliseconds in whack Sep 21 07:24:01.327274: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.327293: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.327298: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.327301: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.327304: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.327324: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.327332: | Added new connection test9 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.327366: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:01.327368: | from whack: got --esp= Sep 21 07:24:01.327389: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:01.327394: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:24:01.327397: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:24:01.327400: added connection description "test9" Sep 21 07:24:01.327408: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:01.327427: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:24:01.327433: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.327437: | spent 0.174 milliseconds in whack Sep 21 07:24:01.487124: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.487146: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.487150: Failed to add connection "failtestmanual1": non-shunt connection must have AH or ESP Sep 21 07:24:01.487156: | flush revival: connection 'failtestmanual1' wasn't on the list Sep 21 07:24:01.487159: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.487165: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.487170: | spent 0.0532 milliseconds in whack Sep 21 07:24:01.544536: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.544555: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.544560: Failed to add connection "failtestmanual2": leftauth= and rightauth= require ikev2 Sep 21 07:24:01.544567: | flush revival: connection 'failtestmanual2' wasn't on the list Sep 21 07:24:01.544570: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.544576: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.544583: | spent 0.055 milliseconds in whack Sep 21 07:24:01.599992: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.600015: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.600023: Failed to add connection "failtestmanual3": leftauth=null is unequal to rightauth=rsasig so authby=PSK must not be set Sep 21 07:24:01.600032: | flush revival: connection 'failtestmanual3' wasn't on the list Sep 21 07:24:01.600035: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.600043: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.600050: | spent 0.0664 milliseconds in whack Sep 21 07:24:01.655997: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.656020: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.656034: Failed to add connection "failtestmanual4": leftauth=null is unequal to rightauth=rsasig so authby=RSASIG must not be set Sep 21 07:24:01.656041: | flush revival: connection 'failtestmanual4' wasn't on the list Sep 21 07:24:01.656044: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.656051: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.656057: | spent 0.0685 milliseconds in whack Sep 21 07:24:01.786782: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.786817: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.786822: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.786824: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.786825: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.786829: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.786832: Failed to add connection "failtest0": cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null) Sep 21 07:24:01.786839: | flush revival: connection 'failtest0' wasn't on the list Sep 21 07:24:01.786842: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.786850: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.786857: | spent 0.0783 milliseconds in whack Sep 21 07:24:01.888101: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.888118: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.888123: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.888130: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.888133: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.888138: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.888141: Failed to add connection "failtest1": leftauth= and rightauth= require ikev2 Sep 21 07:24:01.888149: | flush revival: connection 'failtest1' wasn't on the list Sep 21 07:24:01.888154: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.888163: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.888170: | spent 0.076 milliseconds in whack Sep 21 07:24:01.968662: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:01.968681: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.968685: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.968688: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.968690: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:01.968694: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:01.968699: Failed to add connection "failtest2": leftauth=rsasig is unequal to rightauth=secret so authby=PSK must not be set Sep 21 07:24:01.968708: | flush revival: connection 'failtest2' wasn't on the list Sep 21 07:24:01.968711: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:01.968722: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:01.968729: | spent 0.0747 milliseconds in whack Sep 21 07:24:02.063329: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.063346: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.063350: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.063352: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.063354: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.063356: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.063360: Failed to add connection "failtest3": leftauth=rsasig is unequal to rightauth=secret so authby=RSASIG must not be set Sep 21 07:24:02.063367: | flush revival: connection 'failtest3' wasn't on the list Sep 21 07:24:02.063372: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.063381: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.063386: | spent 0.0648 milliseconds in whack Sep 21 07:24:02.143510: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.143561: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.143567: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.143571: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.143574: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.143579: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.143585: Failed to add connection "failtest4": leftauth=rsasig is unequal to rightauth=secret so authby=AUTHNULL must not be set Sep 21 07:24:02.143606: | flush revival: connection 'failtest4' wasn't on the list Sep 21 07:24:02.143623: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.143630: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.143637: | spent 0.136 milliseconds in whack Sep 21 07:24:02.224139: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.224157: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.224162: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.224165: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.224166: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.224169: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.224172: Failed to add connection "failtest5": leftauth= and rightauth= must both be set or both be unset Sep 21 07:24:02.224179: | flush revival: connection 'failtest5' wasn't on the list Sep 21 07:24:02.224183: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.224193: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.224201: | spent 0.0678 milliseconds in whack Sep 21 07:24:02.310216: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.310232: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.310238: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.310242: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.310245: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.310249: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.310279: Failed to add connection "failtest6": leftauth= and rightauth= must both be set or both be unset Sep 21 07:24:02.310289: | flush revival: connection 'failtest6' wasn't on the list Sep 21 07:24:02.310292: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.310311: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.310317: | spent 0.105 milliseconds in whack Sep 21 07:24:02.399671: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.399688: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.399692: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.399694: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.399696: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.399699: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.399701: Failed to add connection "failtest7": leftauth= and rightauth= must both be set or both be unset Sep 21 07:24:02.399708: | flush revival: connection 'failtest7' wasn't on the list Sep 21 07:24:02.399712: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.399720: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.399727: | spent 0.0622 milliseconds in whack Sep 21 07:24:02.490820: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.490837: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.490841: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.490844: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.490858: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.490861: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.490863: Failed to add connection "failtest8": shunt connection cannot have authentication method other then authby=never Sep 21 07:24:02.490870: | flush revival: connection 'failtest8' wasn't on the list Sep 21 07:24:02.490873: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.490897: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.490904: | spent 0.0899 milliseconds in whack Sep 21 07:24:02.570626: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.570643: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.570660: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.570662: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.570663: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:02.570666: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:02.570669: Failed to add connection "failtest9": leftauth= / rightauth= options are invalid for type=passthrough connection Sep 21 07:24:02.570676: | flush revival: connection 'failtest9' wasn't on the list Sep 21 07:24:02.570678: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:02.570684: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.570689: | spent 0.0839 milliseconds in whack Sep 21 07:24:02.761184: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:02.761562: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:02.761577: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:02.762702: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:02.762729: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:02.762739: | spent 1.55 milliseconds in whack Sep 21 07:24:03.284284: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:03.284511: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:03.284517: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:03.285057: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:03.285073: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:03.285081: | spent 0.802 milliseconds in whack Sep 21 07:24:04.316762: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:04.316792: shutting down Sep 21 07:24:04.316803: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:24:04.316807: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:24:04.316813: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:04.316815: forgetting secrets Sep 21 07:24:04.316820: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:04.316824: | start processing: connection "test9" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316827: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316829: | pass 0 Sep 21 07:24:04.316832: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316834: | pass 1 Sep 21 07:24:04.316836: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316839: | flush revival: connection 'test9' wasn't on the list Sep 21 07:24:04.316848: | stop processing: connection "test9" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316855: | start processing: connection "test8" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316857: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316859: | pass 0 Sep 21 07:24:04.316861: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316863: | pass 1 Sep 21 07:24:04.316865: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316868: | flush revival: connection 'test8' wasn't on the list Sep 21 07:24:04.316870: | stop processing: connection "test8" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316875: | start processing: connection "test7" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316878: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316880: | pass 0 Sep 21 07:24:04.316881: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316883: | pass 1 Sep 21 07:24:04.316885: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316887: | flush revival: connection 'test7' wasn't on the list Sep 21 07:24:04.316890: | stop processing: connection "test7" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316894: | start processing: connection "test6" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316896: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316898: | pass 0 Sep 21 07:24:04.316900: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316902: | pass 1 Sep 21 07:24:04.316904: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316906: | flush revival: connection 'test6' wasn't on the list Sep 21 07:24:04.316909: | stop processing: connection "test6" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316913: | start processing: connection "test5" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316915: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316917: | pass 0 Sep 21 07:24:04.316919: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316921: | pass 1 Sep 21 07:24:04.316923: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316938: | flush revival: connection 'test5' wasn't on the list Sep 21 07:24:04.316941: | stop processing: connection "test5" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316945: | start processing: connection "test3" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316947: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316949: | pass 0 Sep 21 07:24:04.316951: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316953: | pass 1 Sep 21 07:24:04.316955: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316957: | flush revival: connection 'test3' wasn't on the list Sep 21 07:24:04.316960: | stop processing: connection "test3" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316965: | start processing: connection "test2" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316967: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316969: | pass 0 Sep 21 07:24:04.316971: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316973: | pass 1 Sep 21 07:24:04.316974: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316977: | flush revival: connection 'test2' wasn't on the list Sep 21 07:24:04.316979: | stop processing: connection "test2" (in discard_connection() at connections.c:249) Sep 21 07:24:04.316983: | start processing: connection "test1" (in delete_connection() at connections.c:189) Sep 21 07:24:04.316986: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.316990: | pass 0 Sep 21 07:24:04.316992: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316994: | pass 1 Sep 21 07:24:04.316996: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.316998: | flush revival: connection 'test1' wasn't on the list Sep 21 07:24:04.317000: | stop processing: connection "test1" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317048: | start processing: connection "test-passthrough" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317052: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317054: | pass 0 Sep 21 07:24:04.317056: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317057: | pass 1 Sep 21 07:24:04.317060: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317062: | flush revival: connection 'test-passthrough' wasn't on the list Sep 21 07:24:04.317065: | stop processing: connection "test-passthrough" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317068: | start processing: connection "test-v1-rsasig" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317071: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317072: | pass 0 Sep 21 07:24:04.317075: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317077: | pass 1 Sep 21 07:24:04.317079: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317081: | flush revival: connection 'test-v1-rsasig' wasn't on the list Sep 21 07:24:04.317084: | stop processing: connection "test-v1-rsasig" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317087: | start processing: connection "test-v1-secret" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317090: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317092: | pass 0 Sep 21 07:24:04.317094: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317096: | pass 1 Sep 21 07:24:04.317099: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317101: | flush revival: connection 'test-v1-secret' wasn't on the list Sep 21 07:24:04.317104: | stop processing: connection "test-v1-secret" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317108: | start processing: connection "test-default" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317126: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317129: | pass 0 Sep 21 07:24:04.317131: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317133: | pass 1 Sep 21 07:24:04.317135: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317138: | flush revival: connection 'test-default' wasn't on the list Sep 21 07:24:04.317141: | stop processing: connection "test-default" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317146: | start processing: connection "testmanual3" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317148: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317151: | pass 0 Sep 21 07:24:04.317153: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317155: | pass 1 Sep 21 07:24:04.317157: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317160: | flush revival: connection 'testmanual3' wasn't on the list Sep 21 07:24:04.317163: | stop processing: connection "testmanual3" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317167: | start processing: connection "testmanual2" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317170: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317172: | pass 0 Sep 21 07:24:04.317189: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317191: | pass 1 Sep 21 07:24:04.317193: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317195: | flush revival: connection 'testmanual2' wasn't on the list Sep 21 07:24:04.317198: | stop processing: connection "testmanual2" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317215: | start processing: connection "testmanual1" (in delete_connection() at connections.c:189) Sep 21 07:24:04.317218: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:04.317220: | pass 0 Sep 21 07:24:04.317222: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317224: | pass 1 Sep 21 07:24:04.317227: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:04.317229: | flush revival: connection 'testmanual1' wasn't on the list Sep 21 07:24:04.317232: | stop processing: connection "testmanual1" (in discard_connection() at connections.c:249) Sep 21 07:24:04.317237: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:24:04.317239: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:24:04.317249: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:24:04.317252: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:24:04.317255: shutting down interface eth0/eth0 192.0.1.254:4500 Sep 21 07:24:04.317258: shutting down interface eth0/eth0 192.0.1.254:500 Sep 21 07:24:04.317261: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:24:04.317264: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:24:04.317268: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:24:04.317276: | libevent_free: release ptr-libevent@0x561c57fc7d10 Sep 21 07:24:04.317279: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7cd0 Sep 21 07:24:04.317291: | libevent_free: release ptr-libevent@0x561c57fc7e00 Sep 21 07:24:04.317294: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7dc0 Sep 21 07:24:04.317300: | libevent_free: release ptr-libevent@0x561c57fc7ef0 Sep 21 07:24:04.317303: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7eb0 Sep 21 07:24:04.317310: | libevent_free: release ptr-libevent@0x561c57fc7fe0 Sep 21 07:24:04.317312: | free_event_entry: release EVENT_NULL-pe@0x561c57fc7fa0 Sep 21 07:24:04.317319: | libevent_free: release ptr-libevent@0x561c57fc80d0 Sep 21 07:24:04.317321: | free_event_entry: release EVENT_NULL-pe@0x561c57fc8090 Sep 21 07:24:04.317327: | libevent_free: release ptr-libevent@0x561c57fc81c0 Sep 21 07:24:04.317329: | free_event_entry: release EVENT_NULL-pe@0x561c57fc8180 Sep 21 07:24:04.317334: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:04.317861: | libevent_free: release ptr-libevent@0x561c57fc7630 Sep 21 07:24:04.317870: | free_event_entry: release EVENT_NULL-pe@0x561c57fab4e0 Sep 21 07:24:04.317875: | libevent_free: release ptr-libevent@0x561c57fbd140 Sep 21 07:24:04.317877: | free_event_entry: release EVENT_NULL-pe@0x561c57fb0f50 Sep 21 07:24:04.317880: | libevent_free: release ptr-libevent@0x561c57fbd0b0 Sep 21 07:24:04.317883: | free_event_entry: release EVENT_NULL-pe@0x561c57fb0f90 Sep 21 07:24:04.317886: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:24:04.317888: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:24:04.317891: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:24:04.317893: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:24:04.317895: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:24:04.317898: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:24:04.317901: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:24:04.317903: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:24:04.317905: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:24:04.317910: | libevent_free: release ptr-libevent@0x561c57fc7700 Sep 21 07:24:04.317913: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:24:04.317915: | libevent_free: release ptr-libevent@0x561c57fc77e0 Sep 21 07:24:04.317919: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:24:04.317922: | libevent_free: release ptr-libevent@0x561c57fc78a0 Sep 21 07:24:04.317923: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:24:04.317925: | libevent_free: release ptr-libevent@0x561c57fbc4b0 Sep 21 07:24:04.317928: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:24:04.317930: | releasing event base Sep 21 07:24:04.317941: | libevent_free: release ptr-libevent@0x561c57fc7960 Sep 21 07:24:04.317943: | libevent_free: release ptr-libevent@0x561c57f9df30 Sep 21 07:24:04.317945: | libevent_free: release ptr-libevent@0x561c57fab820 Sep 21 07:24:04.317947: | libevent_free: release ptr-libevent@0x561c57fab8f0 Sep 21 07:24:04.317948: | libevent_free: release ptr-libevent@0x561c57fab840 Sep 21 07:24:04.317951: | libevent_free: release ptr-libevent@0x561c57fc76c0 Sep 21 07:24:04.317952: | libevent_free: release ptr-libevent@0x561c57fc77a0 Sep 21 07:24:04.317954: | libevent_free: release ptr-libevent@0x561c57fab8d0 Sep 21 07:24:04.317955: | libevent_free: release ptr-libevent@0x561c57fb0270 Sep 21 07:24:04.317957: | libevent_free: release ptr-libevent@0x561c57fb0290 Sep 21 07:24:04.317958: | libevent_free: release ptr-libevent@0x561c57fc8250 Sep 21 07:24:04.317960: | libevent_free: release ptr-libevent@0x561c57fc8160 Sep 21 07:24:04.317961: | libevent_free: release ptr-libevent@0x561c57fc8070 Sep 21 07:24:04.317963: | libevent_free: release ptr-libevent@0x561c57fc7f80 Sep 21 07:24:04.317964: | libevent_free: release ptr-libevent@0x561c57fc7e90 Sep 21 07:24:04.317965: | libevent_free: release ptr-libevent@0x561c57fc7da0 Sep 21 07:24:04.317967: | libevent_free: release ptr-libevent@0x561c57f2e370 Sep 21 07:24:04.317969: | libevent_free: release ptr-libevent@0x561c57fc7880 Sep 21 07:24:04.317970: | libevent_free: release ptr-libevent@0x561c57fc77c0 Sep 21 07:24:04.317971: | libevent_free: release ptr-libevent@0x561c57fc76e0 Sep 21 07:24:04.317973: | libevent_free: release ptr-libevent@0x561c57fc7940 Sep 21 07:24:04.317974: | libevent_free: release ptr-libevent@0x561c57f2c6c0 Sep 21 07:24:04.317976: | libevent_free: release ptr-libevent@0x561c57fab860 Sep 21 07:24:04.317978: | libevent_free: release ptr-libevent@0x561c57fab890 Sep 21 07:24:04.317979: | libevent_free: release ptr-libevent@0x561c57fab580 Sep 21 07:24:04.317981: | releasing global libevent data Sep 21 07:24:04.317983: | libevent_free: release ptr-libevent@0x561c57faa270 Sep 21 07:24:04.317985: | libevent_free: release ptr-libevent@0x561c57fab520 Sep 21 07:24:04.317986: | libevent_free: release ptr-libevent@0x561c57fab550