FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:6859 core dump dir: /var/tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x56366a5838c0 size 40 | libevent_malloc: new ptr-libevent@0x56366a584fe0 size 40 | libevent_malloc: new ptr-libevent@0x56366a585010 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x56366a584fa0 size 56 | libevent_malloc: new ptr-libevent@0x56366a585040 size 664 | libevent_malloc: new ptr-libevent@0x56366a5852e0 size 24 | libevent_malloc: new ptr-libevent@0x56366a53ea20 size 384 | libevent_malloc: new ptr-libevent@0x56366a585300 size 16 | libevent_malloc: new ptr-libevent@0x56366a585320 size 40 | libevent_malloc: new ptr-libevent@0x56366a585350 size 48 | libevent_realloc: new ptr-libevent@0x56366a585390 size 256 | libevent_malloc: new ptr-libevent@0x56366a5854a0 size 16 | libevent_free: release ptr-libevent@0x56366a584fa0 | libevent initialized | libevent_realloc: new ptr-libevent@0x56366a5854c0 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | starting up helper thread 3 | checking IKEv1 state table | status value returned by setting the priority of this thread (crypto helper 6) 22 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 3) 22 | MAIN_R0: category: half-open IKE SA flags: 0: | crypto helper 6 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 5) 22 | -> MAIN_R1 EVENT_SO_DISCARD | crypto helper 3 waiting (nothing to do) | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | crypto helper 5 waiting (nothing to do) | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56366a58fbe0 | libevent_malloc: new ptr-libevent@0x56366a596cb0 size 128 | libevent_malloc: new ptr-libevent@0x56366a585600 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56366a58a090 | libevent_malloc: new ptr-libevent@0x56366a596d40 size 128 | libevent_malloc: new ptr-libevent@0x56366a589fe0 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56366a589e50 | libevent_malloc: new ptr-libevent@0x56366a5a12b0 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a1340 size 16 | libevent_realloc: new ptr-libevent@0x56366a5a1360 size 256 | libevent_malloc: new ptr-libevent@0x56366a5a1470 size 8 | libevent_realloc: new ptr-libevent@0x56366a595fb0 size 144 | libevent_malloc: new ptr-libevent@0x56366a5a1490 size 152 | libevent_malloc: new ptr-libevent@0x56366a5a1530 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x56366a5a1550 size 8 | libevent_malloc: new ptr-libevent@0x56366a5a1570 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x56366a5a1610 size 8 | libevent_malloc: new ptr-libevent@0x56366a5a1630 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x56366a5a16d0 size 8 | libevent_realloc: release ptr-libevent@0x56366a595fb0 | libevent_realloc: new ptr-libevent@0x56366a5a16f0 size 256 | libevent_malloc: new ptr-libevent@0x56366a595fb0 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:6906) using fork+execve | forked child 6906 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x56366a58af50 | libevent_malloc: new ptr-libevent@0x56366a5a1ad0 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a1b60 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1b80 | libevent_malloc: new ptr-libevent@0x56366a5a1bc0 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a1c50 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1c70 | libevent_malloc: new ptr-libevent@0x56366a5a1cb0 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a1d40 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1d60 | libevent_malloc: new ptr-libevent@0x56366a5a1da0 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a1e30 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1e50 | libevent_malloc: new ptr-libevent@0x56366a5a1e90 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a1f20 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1f40 | libevent_malloc: new ptr-libevent@0x56366a5a1f80 size 128 | libevent_malloc: new ptr-libevent@0x56366a5a2010 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.392 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5a4980 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5a4950 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5a4920 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5a4fd0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5a4aa0 | unreference key: 0x56366a5a6470 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x56366a583810 added connection description "west" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-bcCritical with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-bcCritical@testing.libreswan.org,CN=west-bcCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-bcCritical' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5b0020 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5ae320 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5a4980 | unreference key: 0x56366a5afea0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcCritical.testing.libreswan.org, E=user-west-bcCritical@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcCritical.testing.libreswan.org, E=user-west-bcCritical@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west added connection description "west-bcCritical" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcCritical.testing.libreswan.org, E=user-west-bcCritical@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.695 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ekuCritical-eku-emailProtection with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ekuCritical-eku-emailProtection@testing.libreswan.org,CN=west-ekuCritical-eku-emailProtection.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ekuCritical-eku-emailProtection' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5b12f0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5b5800 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5adae0 | unreference key: 0x56366a5b4dc0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-emailProtection.testing.libreswan.org, E=user-west-ekuCritical-eku-emailProtection@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-emailProtection.testing.libreswan.org, E=user-west-ekuCritical-eku-emailProtection@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-bcCritical added connection description "west-ekuCritical-eku-emailProtection" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-emailProtection.testing.libreswan.org, E=user-west-ekuCritical-eku-emailProtection@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.688 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ekuOmit with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ekuOmit@testing.libreswan.org,CN=west-ekuOmit.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ekuOmit' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5adae0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5b5130 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5b62a0 | unreference key: 0x56366a5ba3a0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuOmit.testing.libreswan.org, E=user-west-ekuOmit@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuOmit.testing.libreswan.org, E=user-west-ekuOmit@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-ekuCritical-eku-emailProtection added connection description "west-ekuOmit" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuOmit.testing.libreswan.org, E=user-west-ekuOmit@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.644 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ku-keyAgreement with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 failed to find certificate named 'west-ku-keyAgreement' in the NSS database Failed to add connection "west-ku-keyAgreement" with invalid "left" certificate | flush revival: connection 'west-ku-keyAgreement' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.158 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-bcOmit with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-bcOmit@testing.libreswan.org,CN=west-bcOmit.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-bcOmit' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5b62a0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5baac0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5bade0 | unreference key: 0x56366a5bee20 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcOmit.testing.libreswan.org, E=user-west-bcOmit@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcOmit.testing.libreswan.org, E=user-west-bcOmit@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-ekuOmit added connection description "west-bcOmit" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcOmit.testing.libreswan.org, E=user-west-bcOmit@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.646 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ekuCritical-eku-ipsecIKE with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ekuCritical-eku-ipsecIKE@testing.libreswan.org,CN=west-ekuCritical-eku-ipsecIKE.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ekuCritical-eku-ipsecIKE' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5c0440 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5c5b20 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5c16e0 | unreference key: 0x56366a5c3d00 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-ipsecIKE.testing.libreswan.org, E=user-west-ekuCritical-eku-ipsecIKE@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-ipsecIKE.testing.libreswan.org, E=user-west-ekuCritical-eku-ipsecIKE@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-bcOmit added connection description "west-ekuCritical-eku-ipsecIKE" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-ipsecIKE.testing.libreswan.org, E=user-west-ekuCritical-eku-ipsecIKE@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.649 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-eku-serverAuth with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-eku-serverAuth@testing.libreswan.org,CN=west-eku-serverAuth.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-eku-serverAuth' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5c16e0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5c65c0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5c80b0 | unreference key: 0x56366a5ca890 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-serverAuth.testing.libreswan.org, E=user-west-eku-serverAuth@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-serverAuth.testing.libreswan.org, E=user-west-eku-serverAuth@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-ekuCritical-eku-ipsecIKE added connection description "west-eku-serverAuth" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-serverAuth.testing.libreswan.org, E=user-west-eku-serverAuth@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.657 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ku-nonRepudiation with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ku-nonRepudiation@testing.libreswan.org,CN=west-ku-nonRepudiation.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ku-nonRepudiation' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5cb2d0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5cabd0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5ca860 | unreference key: 0x56366a5d00e0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-nonRepudiation.testing.libreswan.org, E=user-west-ku-nonRepudiation@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-nonRepudiation.testing.libreswan.org, E=user-west-ku-nonRepudiation@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-eku-serverAuth added connection description "west-ku-nonRepudiation" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-nonRepudiation.testing.libreswan.org, E=user-west-ku-nonRepudiation@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.968 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ekuCritical with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ekuCritical@testing.libreswan.org,CN=west-ekuCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ekuCritical' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5d0b20 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5d03d0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5d0360 | unreference key: 0x56366a5d5860 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical.testing.libreswan.org, E=user-west-ekuCritical@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical.testing.libreswan.org, E=user-west-ekuCritical@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-ku-nonRepudiation added connection description "west-ekuCritical" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical.testing.libreswan.org, E=user-west-ekuCritical@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.644 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-kuCritical with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-kuCritical@testing.libreswan.org,CN=west-kuCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-kuCritical' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5d62a0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5d6040 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5d5b50 | unreference key: 0x56366a5dafc0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuCritical.testing.libreswan.org, E=user-west-kuCritical@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuCritical.testing.libreswan.org, E=user-west-kuCritical@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-ekuCritical added connection description "west-kuCritical" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuCritical.testing.libreswan.org, E=user-west-kuCritical@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.601 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-kuOmit with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-kuOmit@testing.libreswan.org,CN=west-kuOmit.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-kuOmit' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5dba00 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5db7a0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5db200 | unreference key: 0x56366a5e0720 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuOmit.testing.libreswan.org, E=user-west-kuOmit@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuOmit.testing.libreswan.org, E=user-west-kuOmit@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-kuCritical added connection description "west-kuOmit" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuOmit.testing.libreswan.org, E=user-west-kuOmit@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.639 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-eku-clientAuth with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-eku-clientAuth@testing.libreswan.org,CN=west-eku-clientAuth.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-eku-clientAuth' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5e0e70 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5e0ec0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5e0960 | unreference key: 0x56366a5e5d30 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-clientAuth.testing.libreswan.org, E=user-west-eku-clientAuth@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-clientAuth.testing.libreswan.org, E=user-west-eku-clientAuth@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-kuOmit added connection description "west-eku-clientAuth" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-clientAuth.testing.libreswan.org, E=user-west-eku-clientAuth@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.641 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-eku-ipsecIKE with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-eku-ipsecIKE@testing.libreswan.org,CN=west-eku-ipsecIKE.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-eku-ipsecIKE' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5e6770 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5e6040 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5e5d00 | unreference key: 0x56366a5eb560 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-ipsecIKE.testing.libreswan.org, E=user-west-eku-ipsecIKE@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-ipsecIKE.testing.libreswan.org, E=user-west-eku-ipsecIKE@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-eku-clientAuth added connection description "west-eku-ipsecIKE" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-ipsecIKE.testing.libreswan.org, E=user-west-eku-ipsecIKE@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.643 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ku-keyAgreement-digitalSignature with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ku-keyAgreement-digitalSignature@testing.libreswan.org,CN=west-ku-keyAgreement-digitalSignature.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ku-keyAgreement-digitalSignature' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5ebd40 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5f27e0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5eb7a0 | unreference key: 0x56366a5f1da0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-keyAgreement-digitalSignature.testing.libreswan.org, E=user-west-ku-keyAgreement-digitalSignature@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-keyAgreement-digitalSignature.testing.libreswan.org, E=user-west-ku-keyAgreement-digitalSignature@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-eku-ipsecIKE added connection description "west-ku-keyAgreement-digitalSignature" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-keyAgreement-digitalSignature.testing.libreswan.org, E=user-west-ku-keyAgreement-digitalSignature@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.643 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-sanCritical with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-sanCritical@testing.libreswan.org,CN=west-sanCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-sanCritical' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5eb7a0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5f2110 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5f3280 | unreference key: 0x56366a5f86e0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-sanCritical.testing.libreswan.org, E=user-west-sanCritical@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-sanCritical.testing.libreswan.org, E=user-west-sanCritical@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-ku-keyAgreement-digitalSignature added connection description "west-sanCritical" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-sanCritical.testing.libreswan.org, E=user-west-sanCritical@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.616 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection west-ekuBOGUS-bad with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-west-ekuBOGUS-bad@testing.libreswan.org,CN=west-ekuBOGUS-bad.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west-ekuBOGUS-bad' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5f9120 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5f8ec0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56366a5f8920 | unreference key: 0x56366a5fef60 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuBOGUS-bad.testing.libreswan.org, E=user-west-ekuBOGUS-bad@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuBOGUS-bad.testing.libreswan.org, E=user-west-ekuBOGUS-bad@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x56366a583810: west-sanCritical added connection description "west-ekuBOGUS-bad" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuBOGUS-bad.testing.libreswan.org, E=user-west-ekuBOGUS-bad@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.605 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x56366a5a1ad0 | free_event_entry: release EVENT_NULL-pe@0x56366a58af50 | add_fd_read_event_handler: new ethX-pe@0x56366a58af50 | libevent_malloc: new ptr-libevent@0x56366a5a1ad0 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x56366a5a1bc0 | free_event_entry: release EVENT_NULL-pe@0x56366a5a1b80 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1b80 | libevent_malloc: new ptr-libevent@0x56366a5a1bc0 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x56366a5a1cb0 | free_event_entry: release EVENT_NULL-pe@0x56366a5a1c70 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1c70 | libevent_malloc: new ptr-libevent@0x56366a5a1cb0 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x56366a5a1da0 | free_event_entry: release EVENT_NULL-pe@0x56366a5a1d60 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1d60 | libevent_malloc: new ptr-libevent@0x56366a5a1da0 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x56366a5a1e90 | free_event_entry: release EVENT_NULL-pe@0x56366a5a1e50 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1e50 | libevent_malloc: new ptr-libevent@0x56366a5a1e90 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x56366a5a1f80 | free_event_entry: release EVENT_NULL-pe@0x56366a5a1f40 | add_fd_read_event_handler: new ethX-pe@0x56366a5a1f40 | libevent_malloc: new ptr-libevent@0x56366a5a1f80 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.243 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 6906 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.01 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + none | base impairing = none | revival | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0683 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0364 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) | connection 'west' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x56366a604940 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" "west" #1: initiating v2 parent SA | constructing local IKE proposals for west (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5f8950 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #1 spent 0.143 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 resuming | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 0 starting work-order 1 for state #1 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.223 milliseconds in whack | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000579 seconds | (#1) spent 0.584 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f2090006900 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #1 | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x dd be 57 3b 85 95 04 5a 52 da 14 e1 c2 e4 81 7d | ikev2 g^x 5a 13 1d a4 b5 f9 8a 28 d1 a6 3c 66 7d db 24 51 | ikev2 g^x ed 64 40 d8 15 c5 7a f9 45 b4 e2 83 d4 70 ad 35 | ikev2 g^x ed 88 ce 61 ff 81 1b 31 72 04 8e 54 d2 6b db 20 | ikev2 g^x 60 66 90 24 9e 98 af 63 57 56 b9 7e 7f 48 4d b1 | ikev2 g^x 94 b1 dc 41 04 b0 b2 fa 66 c6 c8 f2 be 30 3f 5d | ikev2 g^x 10 38 0d 7b d5 24 4a 22 f1 70 48 f5 c6 32 16 1d | ikev2 g^x 2c d8 5d 49 67 04 4c cb 6c 4b 55 48 43 d5 36 ae | ikev2 g^x 0c 4d 85 2e 18 76 4e 05 2f fb ec 9b 02 de 1e c8 | ikev2 g^x 71 75 56 fe 15 0f 12 c6 f5 46 25 9b e3 35 32 81 | ikev2 g^x 3a 72 49 c4 89 13 0b d1 43 4c a2 d1 0a aa 71 0e | ikev2 g^x 97 5b 3f b7 69 55 5b 2e 90 0c 35 86 80 fd f8 99 | ikev2 g^x 59 da df f5 e0 bb 65 8c 3d 7a d9 a6 db 7b 9c 9d | ikev2 g^x 6e aa 62 40 a1 31 a5 d9 10 0b f4 fd 84 48 2f 2a | ikev2 g^x 49 ec bd cb 89 63 98 01 64 c4 67 38 57 41 5c 1c | ikev2 g^x 90 23 aa 69 5e 59 0a 57 d2 dd 8f 0e 00 55 a6 0a | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 5d 5c d0 58 9c 9d 3c 8a 4e 49 b9 62 8f cf e1 f3 | IKEv2 nonce cc 66 a2 ef 34 9b 2f b6 ab c7 77 9c 2b 6a 6b cf | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ae 6a 34 e3 cb c7 15 e9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= db cf 70 52 86 79 b0 9a e2 45 32 78 f6 73 cd 3b | natd_hash: hash= be 2d 61 81 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data db cf 70 52 86 79 b0 9a e2 45 32 78 f6 73 cd 3b | Notify data be 2d 61 81 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ae 6a 34 e3 cb c7 15 e9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 08 5a 54 90 d7 a7 47 50 94 1c af bf 18 d9 93 b3 | natd_hash: hash= 8a c3 00 a1 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 08 5a 54 90 d7 a7 47 50 94 1c af bf 18 d9 93 b3 | Notify data 8a c3 00 a1 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | ae 6a 34 e3 cb c7 15 e9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 dd be 57 3b 85 95 04 5a | 52 da 14 e1 c2 e4 81 7d 5a 13 1d a4 b5 f9 8a 28 | d1 a6 3c 66 7d db 24 51 ed 64 40 d8 15 c5 7a f9 | 45 b4 e2 83 d4 70 ad 35 ed 88 ce 61 ff 81 1b 31 | 72 04 8e 54 d2 6b db 20 60 66 90 24 9e 98 af 63 | 57 56 b9 7e 7f 48 4d b1 94 b1 dc 41 04 b0 b2 fa | 66 c6 c8 f2 be 30 3f 5d 10 38 0d 7b d5 24 4a 22 | f1 70 48 f5 c6 32 16 1d 2c d8 5d 49 67 04 4c cb | 6c 4b 55 48 43 d5 36 ae 0c 4d 85 2e 18 76 4e 05 | 2f fb ec 9b 02 de 1e c8 71 75 56 fe 15 0f 12 c6 | f5 46 25 9b e3 35 32 81 3a 72 49 c4 89 13 0b d1 | 43 4c a2 d1 0a aa 71 0e 97 5b 3f b7 69 55 5b 2e | 90 0c 35 86 80 fd f8 99 59 da df f5 e0 bb 65 8c | 3d 7a d9 a6 db 7b 9c 9d 6e aa 62 40 a1 31 a5 d9 | 10 0b f4 fd 84 48 2f 2a 49 ec bd cb 89 63 98 01 | 64 c4 67 38 57 41 5c 1c 90 23 aa 69 5e 59 0a 57 | d2 dd 8f 0e 00 55 a6 0a 29 00 00 24 5d 5c d0 58 | 9c 9d 3c 8a 4e 49 b9 62 8f cf e1 f3 cc 66 a2 ef | 34 9b 2f b6 ab c7 77 9c 2b 6a 6b cf 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 db cf 70 52 | 86 79 b0 9a e2 45 32 78 f6 73 cd 3b be 2d 61 81 | 00 00 00 1c 00 00 40 05 08 5a 54 90 d7 a7 47 50 | 94 1c af bf 18 d9 93 b3 8a c3 00 a1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5f8950 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5f8950 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48985.027902 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 0.86 milliseconds in resume sending helper answer | stop processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2090006900 | spent 0.00222 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 9e 4d eb 96 | d7 af 2d 58 70 b9 79 92 6c 46 dd 62 6e 03 5b 96 | ba 9d 2b ee 1a ed e9 a5 b9 10 bb 24 cc 2b 23 d1 | f8 81 3c 9e 1a 17 b6 00 c4 4a 05 3e 2c e1 2a 59 | a9 f4 10 e8 e0 0d ee d9 a3 f1 4b d0 2f 94 39 50 | 95 da 0a 80 35 e1 6d a9 dd 9b 16 86 50 ea 2f 26 | 06 45 2b 89 e3 be 9d 4d 08 0f 3e d8 59 c2 74 83 | d2 53 75 2f 98 96 71 e6 fd f9 58 07 8f 38 e6 68 | 84 e8 b4 a1 9f 79 37 ef 2f c2 44 5b 0e 61 78 8f | 49 e5 3f 72 b6 a4 ae 3a 96 f5 7b a5 fb cd 51 6b | ae b3 c3 70 e4 8d e1 76 f6 49 ee 89 6c 51 25 eb | c7 89 6f 55 70 d7 b4 c2 c7 ce 88 7b e9 f5 2f 80 | ac ef 35 18 58 e2 1b d6 64 e6 89 36 ac 82 bb 55 | ba 36 c2 dd 1d 9f df f4 8d 01 6e 38 b1 2b 6d c8 | c5 e7 f9 ba 25 af 73 2f 63 9e f1 57 95 23 d6 27 | 0c 8d 3b ca c6 d8 9b 92 4a fd 59 16 7f 8b d8 91 | 11 10 9f b3 37 4d 82 cc cc ce 21 b8 29 00 00 24 | 30 5d e7 95 ba e4 e4 f8 41 8f e5 91 cd d9 f2 4a | 68 27 87 1e ef 1e 04 da 36 77 b3 28 b1 2c 86 95 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 19 4d 68 50 86 72 fa 0e c7 e1 7d 76 1b 07 13 1a | 8a 56 3a d6 26 00 00 1c 00 00 40 05 a9 f5 81 df | 5f dd aa 5a 39 7b b9 06 0c 08 c5 44 eb 70 43 90 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ae 6a 34 e3 cb c7 15 e9 | natd_hash: rcookie= a6 9a 17 b2 01 5c ca 63 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= a9 f5 81 df 5f dd aa 5a 39 7b b9 06 0c 08 c5 44 | natd_hash: hash= eb 70 43 90 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ae 6a 34 e3 cb c7 15 e9 | natd_hash: rcookie= a6 9a 17 b2 01 5c ca 63 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 19 4d 68 50 86 72 fa 0e c7 e1 7d 76 1b 07 13 1a | natd_hash: hash= 8a 56 3a d6 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5f8950 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5f8950 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #1 spent 0.174 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.335 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.342 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 2 for state #1 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000789 seconds | (#1) spent 0.793 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f2088006b90 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | creating state object #2 at 0x56366a608f40 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "west" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5f8950 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a5f8950 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 183 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 191 | Sending [CERT] of certificate: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 04 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 | CERT 65 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 | CERT 65 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 ad 0f b4 15 9c ab | CERT 8e 81 ef 53 5b a7 c6 2b fc b5 bc 3a c2 52 67 80 | CERT f1 9e e2 83 ef 14 24 55 42 af 41 f0 3e e6 0c f4 | CERT 97 a2 fc dc ce 6f a7 8a 2c 83 8f a5 2b 7d 5b 05 | CERT b3 21 c1 60 97 bf ca ea 08 48 25 ee 74 63 69 25 | CERT 34 45 99 4a 00 e2 f1 18 ff 75 5b c5 d3 81 5e d6 | CERT 5b 81 65 69 a3 0a 4a ae e7 38 f7 00 1f 25 3e 1f | CERT a4 a4 99 32 f2 31 3a 4b 3d a2 fc 58 38 a1 16 14 | CERT 3c 83 d7 f0 95 7c db 2f e6 28 ca 8c 60 0b 52 eb | CERT 86 a9 5e 17 0d 8a 59 68 2a 07 e4 0e 4d af 57 d8 | CERT af ee 7b 01 67 7f fe d0 47 37 d5 a3 2f ce 34 4e | CERT b9 8a 93 d6 92 fa bf 7c 17 ac ae 51 3a da 70 45 | CERT 40 e9 8a 6b 43 bb 06 96 c9 27 d8 3e f7 1f 8b a3 | CERT ff c0 c6 b2 14 9f bf 74 3f b8 5e df f7 cb d2 95 | CERT 9b 0c 4c 35 f4 83 e8 61 da d2 9b 2b 16 54 08 8a | CERT 12 84 9f c7 7b b7 16 b4 13 66 32 da eb 6b ff fc | CERT bf 8b d8 e7 20 44 32 80 1f d4 13 24 c9 e2 01 33 | CERT 3b 70 32 ae c7 6c 16 41 3b 82 57 5f 41 50 93 07 | CERT d2 90 37 a1 fb 40 15 0d 5c be 87 ed f9 f5 ec af | CERT 8b 32 03 af a9 f6 ed 04 17 48 8b 4c e1 69 e0 98 | CERT 8e 8f f0 ae e7 a4 7a 96 b4 48 86 68 17 cd f7 00 | CERT f1 89 09 83 11 9f a7 6d 39 37 7c 50 e5 76 f2 d3 | CERT dd 30 01 80 6f d0 b3 d5 cd 32 3c 6c 85 44 d4 da | CERT a9 4e 8a de b0 6f 8b f1 e0 56 0d 91 0d 86 56 76 | CERT 71 fb 62 d9 52 85 5b ff 30 1d 02 03 01 00 01 a3 | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 77 | CERT 65 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 77 65 73 74 40 | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 87 04 c0 01 02 2d 30 0b 06 03 55 | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 38 51 3d | CERT 6b f7 c6 4a 7a a2 b3 56 de 5b 40 30 5b 1d 4f 0e | CERT 6c c7 e7 84 9c 49 9b bb a6 7f df 9e 02 5f da f7 | CERT ba 42 2e 74 35 aa b3 59 ca 98 b6 e0 37 62 f6 ac | CERT 8c 2d 50 3b 58 5d b3 9e 4d 12 56 e8 79 2a 84 f0 | CERT ee 91 9f 0d 21 1a 7b 6a 61 19 cc 71 21 7d 33 58 | CERT 99 44 f8 c5 6a f1 3c c4 91 9e 26 f8 c7 5e 7a e6 | CERT 67 3d a1 13 bb ce 21 96 ca fe 9c 92 d6 46 a2 ab | CERT 0b d7 6f 49 b8 d6 4d 31 64 a1 00 f1 | emitting length of IKEv2 Certificate Payload: 1265 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAa0Pt | private key for cert west not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAa0Pt | #1 spent 5.44 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 68 80 1a d8 83 9e f7 2d a4 bd 4b f2 83 62 5b 00 | rsa signature 1a d8 39 e9 87 0e f2 74 4b 05 9c 3d 03 26 75 6c | rsa signature ae c9 20 5d 04 17 b2 9c a9 13 03 f9 9d 04 61 6f | rsa signature 5b d5 c4 73 c4 66 a1 24 e5 ea 6a 97 af e6 ff 98 | rsa signature 04 51 a5 e5 cf c6 a0 ea 37 29 71 25 8e e8 c8 82 | rsa signature 8e d6 8c de 2d 25 19 6a a8 80 62 b2 a8 db b0 a9 | rsa signature 18 c6 92 fb a0 18 6a fb 84 4f 06 5f 49 da 3a cf | rsa signature 6a 16 c3 be d9 78 92 e0 48 5b 83 dc 3f a4 29 e5 | rsa signature f5 ed ea 3b b0 98 cc 1b e1 2d 44 eb e5 38 2a 54 | rsa signature 59 77 c6 36 54 98 a2 07 13 ae e1 f9 a3 af ce 43 | rsa signature 72 fb a8 67 d4 00 37 37 db 4b 5a fb 28 0f 9f 27 | rsa signature 02 bb 0f 2c ce 6b cf ab 12 37 d4 b6 49 fc f3 ac | rsa signature 8c 3e 62 f6 9c 49 bc 44 0f 9b 45 a2 ff 4b 5f a2 | rsa signature f3 e6 37 9b 9d d3 9a 3a 4d c3 53 fe 5c a7 26 3f | rsa signature ba 8e 62 b6 81 aa 90 1f 5f af 80 c6 85 4a 24 35 | rsa signature 95 45 5f a7 86 65 c3 0c fe 85 b3 36 67 de 7b 41 | rsa signature 76 d4 07 31 b0 29 9d 34 08 68 68 5b 3b af 80 28 | rsa signature 70 d4 52 22 78 2d 6d b6 11 32 53 36 8a fd d1 33 | rsa signature 21 a1 c6 b2 7a 81 1d 46 f8 6a dd 21 68 9b eb 94 | rsa signature cd d3 5c 0c 36 2b 6f 67 91 49 4f bf 69 d9 d8 b0 | rsa signature 8c 36 14 a5 7c c5 4b ac 3f fd 8f 5b 27 f1 9b 84 | rsa signature f1 9a d0 66 d0 88 af 46 70 5d 2b a9 a9 69 d1 84 | rsa signature a7 ab c8 07 43 e6 64 29 37 f7 86 1c c1 37 ed 6c | rsa signature 67 d5 bb 17 35 e9 2d 6f 0e 44 a1 9a b5 0a 9a 48 | #1 spent 5.7 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #1 | netlink_get_spi: allocated 0x49b33642 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 49 b3 36 42 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 49 b3 36 42 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 49 b3 36 42 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 49 b3 36 42 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2089 | emitting length of ISAKMP Message: 2117 | **parse ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2117 (0x845) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2089 (0x829) | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 | cleartext fragment 55 04 03 0c 1a 77 65 73 74 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f | cleartext fragment 75 73 65 72 2d 77 65 73 74 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 | cleartext fragment 02 02 01 04 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 | cleartext fragment 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 | cleartext fragment 39 34 34 35 39 5a 30 81 b4 31 0b 30 09 06 03 55 | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 | cleartext fragment 55 04 03 0c 1a 77 65 73 74 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f | cleartext fragment 75 73 65 72 2d 77 65 73 74 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | cleartext fragment ad 0f b4 15 9c ab 8e 81 ef 53 5b a7 c6 2b fc b5 | cleartext fragment bc 3a c2 52 67 80 f1 9e e2 83 ef 14 24 55 42 af | cleartext fragment 41 f0 3e e6 0c f4 97 a2 fc dc ce 6f a7 8a 2c 83 | cleartext fragment 8f a5 2b 7d 5b 05 b3 21 c1 60 97 bf ca ea 08 48 | cleartext fragment 25 ee 74 63 69 25 34 45 99 4a 00 e2 f1 18 ff 75 | cleartext fragment 5b c5 d3 81 5e d6 5b 81 65 69 a3 0a 4a ae e7 38 | cleartext fragment f7 00 1f 25 3e 1f a4 a4 99 32 f2 31 3a 4b 3d a2 | cleartext fragment fc 58 38 a1 16 14 3c 83 d7 f0 95 7c db 2f e6 28 | cleartext fragment ca 8c 60 0b 52 eb 86 a9 5e 17 0d 8a 59 68 2a 07 | cleartext fragment e4 0e 4d af 57 d8 af ee 7b 01 67 7f fe d0 47 37 | cleartext fragment d5 a3 2f ce 34 4e b9 8a 93 d6 92 fa bf 7c 17 ac | cleartext fragment ae 51 3a da 70 45 40 e9 8a 6b 43 bb 06 96 c9 27 | cleartext fragment d8 3e f7 1f 8b a3 ff c0 c6 b2 14 9f bf 74 3f b8 | cleartext fragment 5e df f7 cb d2 95 9b 0c 4c 35 f4 83 e8 61 da d2 | cleartext fragment 9b 2b 16 54 08 8a 12 84 9f c7 7b b7 16 b4 13 66 | cleartext fragment 32 da eb 6b ff fc bf 8b d8 e7 20 44 32 80 1f d4 | cleartext fragment 13 24 c9 e2 01 33 3b 70 32 ae c7 6c 16 41 3b 82 | cleartext fragment 57 5f 41 50 93 07 d2 90 37 a1 fb 40 15 0d 5c be | cleartext fragment 87 ed f9 f5 ec af 8b 32 03 af a9 f6 ed 04 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 17 48 8b 4c e1 69 e0 98 8e 8f f0 ae e7 a4 7a 96 | cleartext fragment b4 48 86 68 17 cd f7 00 f1 89 09 83 11 9f a7 6d | cleartext fragment 39 37 7c 50 e5 76 f2 d3 dd 30 01 80 6f d0 b3 d5 | cleartext fragment cd 32 3c 6c 85 44 d4 da a9 4e 8a de b0 6f 8b f1 | cleartext fragment e0 56 0d 91 0d 86 56 76 71 fb 62 d9 52 85 5b ff | cleartext fragment 30 1d 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d | cleartext fragment 11 04 40 30 3e 82 1a 77 65 73 74 2e 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 81 1a 77 65 73 74 40 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 | cleartext fragment 01 02 2d 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 | cleartext fragment 03 81 81 00 1a 38 51 3d 6b f7 c6 4a 7a a2 b3 56 | cleartext fragment de 5b 40 30 5b 1d 4f 0e 6c c7 e7 84 9c 49 9b bb | cleartext fragment a6 7f df 9e 02 5f da f7 ba 42 2e 74 35 aa b3 59 | cleartext fragment ca 98 b6 e0 37 62 f6 ac 8c 2d 50 3b 58 5d b3 9e | cleartext fragment 4d 12 56 e8 79 2a 84 f0 ee 91 9f 0d 21 1a 7b 6a | cleartext fragment 61 19 cc 71 21 7d 33 58 99 44 f8 c5 6a f1 3c c4 | cleartext fragment 91 9e 26 f8 c7 5e 7a e6 67 3d a1 13 bb ce | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 21 96 ca fe 9c 92 d6 46 a2 ab 0b d7 6f 49 b8 d6 | cleartext fragment 4d 31 64 a1 00 f1 21 00 01 88 01 00 00 00 68 80 | cleartext fragment 1a d8 83 9e f7 2d a4 bd 4b f2 83 62 5b 00 1a d8 | cleartext fragment 39 e9 87 0e f2 74 4b 05 9c 3d 03 26 75 6c ae c9 | cleartext fragment 20 5d 04 17 b2 9c a9 13 03 f9 9d 04 61 6f 5b d5 | cleartext fragment c4 73 c4 66 a1 24 e5 ea 6a 97 af e6 ff 98 04 51 | cleartext fragment a5 e5 cf c6 a0 ea 37 29 71 25 8e e8 c8 82 8e d6 | cleartext fragment 8c de 2d 25 19 6a a8 80 62 b2 a8 db b0 a9 18 c6 | cleartext fragment 92 fb a0 18 6a fb 84 4f 06 5f 49 da 3a cf 6a 16 | cleartext fragment c3 be d9 78 92 e0 48 5b 83 dc 3f a4 29 e5 f5 ed | cleartext fragment ea 3b b0 98 cc 1b e1 2d 44 eb e5 38 2a 54 59 77 | cleartext fragment c6 36 54 98 a2 07 13 ae e1 f9 a3 af ce 43 72 fb | cleartext fragment a8 67 d4 00 37 37 db 4b 5a fb 28 0f 9f 27 02 bb | cleartext fragment 0f 2c ce 6b cf ab 12 37 d4 b6 49 fc f3 ac 8c 3e | cleartext fragment 62 f6 9c 49 bc 44 0f 9b 45 a2 ff 4b 5f a2 f3 e6 | cleartext fragment 37 9b 9d d3 9a 3a 4d c3 53 fe 5c a7 26 3f ba 8e | cleartext fragment 62 b6 81 aa 90 1f 5f af 80 c6 85 4a 24 35 95 45 | cleartext fragment 5f a7 86 65 c3 0c fe 85 b3 36 67 de 7b 41 76 d4 | cleartext fragment 07 31 b0 29 9d 34 08 68 68 5b 3b af 80 28 70 d4 | cleartext fragment 52 22 78 2d 6d b6 11 32 53 36 8a fd d1 33 21 a1 | cleartext fragment c6 b2 7a 81 1d 46 f8 6a dd 21 68 9b eb 94 cd d3 | cleartext fragment 5c 0c 36 2b 6f 67 91 49 4f bf 69 d9 d8 b0 8c 36 | cleartext fragment 14 a5 7c c5 4b ac 3f fd 8f 5b 27 f1 9b 84 f1 9a | cleartext fragment d0 66 d0 88 af 46 70 5d 2b a9 a9 69 d1 84 a7 ab | cleartext fragment c8 07 43 e6 64 29 37 f7 86 1c c1 37 ed 6c 67 d5 | cleartext fragment bb 17 35 e9 2d 6f 0e 44 a1 9a b5 0a 9a 48 2c 00 | cleartext fragment 00 a4 02 00 00 20 01 03 04 02 49 b3 36 42 03 00 | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 | cleartext fragment 00 00 02 00 00 20 02 03 04 02 49 b3 36 42 03 00 | cleartext fragment 00 0c 01 00 00 14 80 0e 00 80 00 00 00 08 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 148 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 05 00 00 00 02 00 00 30 03 03 04 04 49 b3 36 42 | cleartext fragment 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | cleartext fragment 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 | cleartext fragment 05 00 00 00 00 00 00 30 04 03 04 04 49 b3 36 42 | cleartext fragment 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 | cleartext fragment 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 | cleartext fragment 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | cleartext fragment 00 00 ff ff c0 01 02 2d c0 01 02 2d 00 00 00 18 | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 01 02 17 | cleartext fragment c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 181 | emitting length of ISAKMP Message: 209 | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 b3 d7 ec 42 b5 03 e4 c3 5b 2e 10 b1 | be f7 40 ad 41 70 f0 63 cf 9a 4a 37 8f dd 91 5d | 18 aa 89 28 d3 79 7b 6d 61 06 6d e5 25 14 94 48 | 5c 13 4b 70 26 6c 01 9c 3c 4c c2 0e f5 01 0a e7 | 9f bc eb 56 b5 1f 40 01 3a e3 5f 5d 89 e8 5a 62 | b0 db 35 87 d1 a2 4a 38 34 32 fb bb 99 08 c0 7c | e8 2d ed 26 5b 2f 9f 5e a5 d5 33 84 97 03 36 9c | 96 d3 9b 2c b1 f4 32 ce c9 bb 9e df 59 6b d5 91 | 4f c1 78 e2 d7 07 0a 64 e2 ca 16 a6 28 9f a8 e5 | c8 1b d5 a6 f7 d9 d2 ee f3 f8 0a 5a f6 ad 44 04 | fa d8 bf 02 bf e6 78 d3 06 d8 97 a4 fe 06 f5 6d | fd 10 71 81 17 0f 8d a9 d3 72 1b cc 23 ae 39 1a | 41 e3 d3 d6 eb 4a 29 64 39 13 a4 6c 36 2f 97 cf | 07 59 58 90 2a 6b 0e 86 56 91 af c7 d7 53 7f 64 | 85 72 9b 62 d3 22 d5 9f 61 3c 6d f8 7b 8a aa fa | bf d4 5d ff b2 11 d3 00 68 35 47 2c 0b 89 da f9 | e4 ac b9 fe a1 bc 5b 07 51 2c 98 ea d7 93 34 85 | 1d 16 e0 91 92 02 3c 92 00 4c d0 90 2d f0 5b 54 | 3b 27 8f 42 6c 94 33 a0 03 31 2a 92 24 34 5c d4 | 3e 3d 63 cc 57 7c 9e 06 fb 0c 96 7a b4 cd 2c 10 | d7 36 ff e3 41 d5 7f 45 68 39 f4 55 36 42 02 34 | c3 7a e9 bc 29 bd a5 59 52 15 16 ab 7c 46 02 37 | 71 6d 05 8a 80 93 82 8e 20 6a 3d 55 3a 9a 0a 08 | e7 1e f5 7a 9f 38 ce fc ad e6 09 b4 45 13 2d 4a | 1d 22 a8 5e c8 be 50 9d 8b f1 9e b5 86 a2 fe 08 | 2b 35 24 27 0f 1a de 25 62 8b de f2 d2 16 bf 30 | da 35 1e 53 0d 70 27 42 42 02 9d ca 6c b2 63 01 | 9e e0 bb 1b a6 69 b1 8c 6e 53 0c 3a 45 1a f1 7f | 71 77 23 f4 7a e2 44 9d 8d 14 f9 fe 15 91 10 89 | 1a 6d ac 2b 30 5b e5 50 a2 aa 5a d1 17 49 81 b4 | fe 58 48 2c 87 43 a8 c1 21 cd 2d 88 d5 05 c9 73 | b2 83 d0 3e 90 d9 72 04 99 e6 ae | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 56 16 0f 63 bc 89 62 ab 46 cc 38 cd | 5b 40 ab e3 ea 4a 6b a9 aa 5a 07 b3 71 0e 32 8e | fa 9e 4c 1b 4d 6e 54 1c d5 97 17 43 c3 60 01 27 | 2c 39 fa 8d f6 17 31 1c 74 b2 18 f3 01 88 02 f8 | 11 fd 78 9a e0 ec 6e 0e 4b f4 ac ed c0 f8 9a e2 | e4 82 fd 05 29 86 53 76 92 39 25 2f 51 5b 9d ce | fd b9 3d fd 5c 79 43 1c bf 18 6f 62 78 cf 3a 44 | 0b 24 b0 86 b3 c0 b0 d4 3f f7 57 24 3c 70 4f 28 | 75 06 9e 56 3d ec 3f c0 10 84 e5 39 17 20 7d 8d | 3e f0 40 d6 16 02 0e 0b 37 56 f8 73 de f8 eb 4b | c8 2c ba 11 38 82 bc 72 0d 9a b3 89 20 bd 8c 10 | 34 c3 74 7d 6c 77 b2 e3 4c 6d d1 ee 06 cf 51 b9 | db 90 71 2e d4 9c fe 78 f1 1e 59 1b 8e 4d da 18 | ac 00 02 05 30 5d 79 c4 76 91 4f 93 26 cd c4 d3 | d3 fb 20 d2 0f 65 83 e0 e0 ba 9f 55 9c 30 82 ac | 2f 2c 93 51 bb 3b 42 81 48 04 ca 23 10 0e d1 a5 | b3 e2 a6 69 ec b1 d8 79 08 bb e1 81 6c ec 4b 9d | 52 70 dc 3c bc 3a e5 fc c2 17 ae 81 7f 8f db 35 | bd f4 63 f5 41 2d db d8 27 35 f2 f7 42 ff f7 ed | 87 c7 c4 d5 af db dc 6c a2 72 c8 dd 1c 47 7c a4 | 3e 5b e0 4a 95 cb e5 f6 28 e3 54 50 bf b0 f0 a1 | 41 95 d5 9f cb 0f 04 a9 4c b6 14 ac e9 62 40 e5 | 62 c5 59 dc ee 8b 89 dc 99 c4 dd d0 70 13 2c 45 | 38 b0 67 58 28 6c 07 1e bb 80 44 1d 4f 21 ba ed | 39 fb b0 ac ae e5 1c ea 6c 31 f5 93 53 a3 b1 c8 | c2 07 89 b1 de 77 94 6e 16 d0 c0 99 d0 ea 10 1f | 01 a4 fe 39 78 54 ba 6c de 62 7b 48 e7 88 0c 5f | 96 58 78 8b c7 fc d2 64 cc 52 a5 8f c6 83 70 42 | 15 eb 17 c9 15 5e 65 c5 f5 37 7a 8b dc 6c 83 54 | 4c 10 5a 6b c7 b1 ab 60 f9 09 34 42 f7 e1 d0 6a | 17 42 f4 d5 3e 0e 46 2e 52 7b 48 2e 59 37 d9 00 | 54 51 10 bd 3d f7 1a 41 a1 d2 2f | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 48 89 af f3 aa 8b 91 db c3 18 1f b1 | fc 6e c2 96 65 09 f8 46 fa 6e c3 78 6f 12 72 4d | 64 35 ee 95 54 53 d9 41 90 74 02 cc bc 41 1c fe | 3b 58 a5 92 cd a5 ff 0b bf 3a 91 bc 2c a1 30 21 | 1b 27 cb 1e aa 65 5e b2 ec d2 2f 09 d8 83 d6 98 | 43 a8 6f 91 37 4d 89 15 cc 38 22 00 51 a9 4b 65 | cf 2e 0a 31 ff 3d 73 fa 0c 2a bb fe e5 4f 66 aa | 87 c3 53 60 af 00 d3 13 91 e0 c7 7e 5a cd b9 42 | e2 75 12 55 a8 bd 32 64 02 53 e5 3f ee d4 9b 8d | fc 36 12 9d 26 88 65 af 10 39 73 c9 56 45 66 2d | 8c 08 de ce b0 48 2e ef af 0c 2f c8 3a 43 82 94 | 4c 44 3c 29 41 cb b1 54 a0 81 77 c8 a8 09 74 b8 | 87 f0 fc 73 fe eb 7f 44 c5 5e 5b 51 bd 12 b3 c7 | cb e6 a3 b4 c3 9f 11 8b 97 39 09 31 fa 81 3d cb | 84 a3 44 fe 0a 69 de 2b e0 f0 21 4e 36 f1 d3 a7 | 4d 06 87 b8 91 22 58 9e a5 4b 33 d0 7d a3 ee ed | fb 87 4d 4e 85 48 f6 78 58 bd 28 97 1c 06 15 c9 | 67 9b 4d b8 48 60 70 62 88 61 77 56 ee a9 1c fc | 8b df 6e 15 a4 27 c3 31 62 d1 fd 54 28 a0 e3 3a | 7b b0 71 65 77 30 2b 49 bf be 14 0b 92 ab 37 9e | 5f e5 fb 6e 30 af a4 72 03 ba ba ae 97 03 66 3b | c8 f1 ad 6e 2e 2a df 95 b7 3f f7 2f dc 21 ae f2 | d0 bb 9b 72 9d 01 19 10 de 79 d6 67 69 75 36 c0 | 9b 9f 5a b1 2a 81 1f 5c e0 aa 5a 19 51 4d 87 37 | c1 cc 0c c3 6e e1 85 23 08 02 ce 2b 89 26 0c c0 | 22 7c 89 ac 1e 6e a4 47 94 a6 a0 63 bb 68 2f 26 | e6 13 29 11 72 f3 56 6e f7 ad e4 a6 ab c0 30 8a | ca 5c 63 fd 7e 76 f9 ec c7 ba 11 90 91 d8 f3 bb | ea b1 bb 04 03 08 d6 4d 64 38 5c 99 2b 38 17 92 | 79 f5 39 bd 97 eb 5c df 2b 29 b7 2f e0 7d 4e ec | 24 b3 69 72 ec 76 d9 ef 82 65 8e 12 81 92 d8 4e | 6d 6f 3d 5b 05 7c 1f b0 86 24 5a | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 06 2b a9 01 92 30 a2 c8 76 5d 4f c7 | a4 75 3b 06 28 9e 69 5b c9 04 c2 45 61 95 00 27 | 4e f8 47 a9 ff 18 26 34 b6 e0 5c 11 e6 85 9d f1 | 53 47 7e b8 12 a5 fc a6 9a 9c 55 6c 66 22 63 06 | bd 44 c7 51 32 53 02 28 ef 87 02 c6 d7 85 6d 7d | f2 bf 06 91 1f b4 36 9f d6 dd 69 f1 28 e3 1a be | cc 55 e1 cd f0 37 aa cf 74 50 75 94 db 52 de 94 | bc de a2 5d fa dd 6e 72 65 29 0d 92 fd 08 ec 4f | 69 a1 a5 8f 6a 3d 2d ae a4 f1 80 58 84 3d 43 5a | 5a 81 b9 0c 7b 8e 3f 77 c6 d6 64 a5 9f f8 b2 02 | 45 9d b0 33 df fb 23 cb e5 21 f1 15 e5 b1 19 2f | fc 7b 45 7c 20 02 0f 38 e0 af d5 11 8a a9 23 1f | 7c df 87 99 61 92 bf d4 bb d6 aa 6a 22 7c 3b 99 | 1a 5d 12 28 12 b3 54 ac 0a 1a dd c3 2b f8 b5 f9 | 66 00 f4 14 e9 88 df 26 35 e5 e4 8b 87 33 b5 7a | 30 83 53 e3 9a be ac b7 91 91 46 cb 77 d6 73 e1 | 31 39 97 43 ec c3 a6 1c 86 dc c5 3c 58 e7 79 3e | 1e e6 9f 27 b7 55 2c 40 e4 d8 35 55 89 ab 2c 44 | d9 81 3a 2f 49 b1 48 d6 98 c1 3e fb 0a 35 10 82 | 2f 87 1f 2a 60 47 ee 54 54 7f ca d6 d5 98 69 18 | 07 b2 af ed b8 cc b0 ab be 16 10 47 54 19 c4 08 | 1e 30 d2 95 59 e4 5b 10 ba c2 dc 4c 7b ea 8c ef | 81 ce 9f fe bc 7e 36 71 7c a6 64 9f bd 1a c0 54 | 4c 7a ea 83 f4 95 12 55 3d 19 a5 b4 5c e6 18 7c | 9d 77 98 fd 39 c7 d2 fb 3f 1a 0a aa 7b 88 53 59 | c1 54 ac 9e c4 0c 50 3b 58 e7 86 fc e5 5a 73 f8 | 27 61 00 2e 55 64 66 bb 12 a3 21 25 95 9e ff 39 | 68 e0 bd c4 3e 34 f3 54 3c 6a f0 6a e3 a8 ab bc | 18 fa 0d 43 d4 8e 2d 71 24 43 52 6d 84 1d 54 ca | 1c f8 b4 74 ee 9c 67 81 26 6e 82 f4 3c 70 75 05 | 7f 76 f3 01 cb 20 f0 ae ca ab f9 15 08 89 21 dc | c8 92 7e b1 63 b4 51 9c f2 ec cd | sending 209 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 35 20 23 08 00 00 00 01 00 00 00 d1 00 00 00 b5 | 00 05 00 05 96 68 e7 e1 c4 f2 fd a6 df e5 bb 72 | ee 2b 94 a7 a5 d5 77 5e 0e 1e 65 24 19 6a 4e 25 | ef b6 86 4a eb e6 c1 8c 7e c0 7f 4d 41 a5 e3 e9 | 55 58 fb be 1f 17 0b c9 e2 97 b4 56 ea 65 e8 f3 | 39 0f 44 f8 d7 ef f5 59 d9 61 82 cb 20 e0 72 1f | d0 81 9b f6 9e 18 38 9c f5 39 ba d0 4e 7a fa b7 | 13 1c 2b 5d 23 f5 01 b6 af 17 05 74 36 85 cf 8f | 8a 4f 07 c3 7c 50 1c 78 5b 59 60 3d 3c 0a 1a bc | 29 a7 57 b9 b6 aa 99 38 65 e3 de e3 f4 3a 16 52 | b6 e2 b7 17 91 cb dc 0f 09 76 57 b4 5f fe 75 41 | d5 6e 80 ff d5 58 84 c5 04 8e 68 0c ba 62 26 a7 | 42 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ada30 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f2090006900 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48985.037956 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 6.85 milliseconds in resume sending helper answer | stop processing: state #2 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2088006b90 | spent 0.00215 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ae 6a 34 e3 cb c7 15 e9 a6 9a 17 b2 01 5c ca 63 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 10 f6 28 03 30 7c 6c 4c dd db dd de 02 1a c3 3f | 8d 9b 14 7a 4d b6 f8 25 f0 6d 2e d4 f8 8f e1 1e | 8f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 6a 34 e3 cb c7 15 e9 | responder cookie: | a6 9a 17 b2 01 5c ca 63 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #1 ikev2.ike failed auth-failed "west" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #2 fd@25 .st_dev=9 .st_ino=1674351 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2090006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ada30 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ada30 | inserting event EVENT_RETRANSMIT, timeout in 59.995235 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f2090006900 size 128 "west" #2: STATE_PARENT_I2: suppressing retransmits; will wait 59.995235 seconds for retry | #2 spent 0.0669 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #2 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.175 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.182 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west" (in terminate_a_connection() at terminate.c:69) "west": terminating SAs using this connection | connection 'west' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5453f0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "west" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "west" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted other | #2 spent 0.0669 milliseconds in total | [RE]START processing: state #2 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) "west" #2: deleting state (STATE_PARENT_I2) aged 0.074s and NOT sending notification | child state #2: PARENT_I2(open IKE SA) => delete | child state #2: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2090006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ada30 | priority calculation of connection "west" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | start processing: state #1 connection "west" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted auth-failed | #1 spent 9.74 milliseconds in total | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) "west" #1: deleting state (STATE_PARENT_I2) aged 0.079s and NOT sending notification | parent state #1: PARENT_I2(open IKE SA) => delete | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a5f8950 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west | State DB: deleting IKEv2 state #1 in PARENT_I2 | parent state #1: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west' wasn't on the list | stop processing: connection "west" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.375 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-bcCritical" (in initiate_a_connection() at initiate.c:186) | connection 'west-bcCritical' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x56366a5a3770 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-bcCritical" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-bcCritical" IKE SA #3 "west-bcCritical" "west-bcCritical" #3: initiating v2 parent SA | constructing local IKE proposals for west-bcCritical (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-bcCritical": constructed local IKE proposals for west-bcCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 3 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5ada30 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #3 spent 0.107 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-bcCritical" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.152 milliseconds in whack | crypto helper 4 resuming | crypto helper 4 starting work-order 3 for state #3 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 3 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 3 time elapsed 0.000578 seconds | (#3) spent 0.584 milliseconds in crypto helper computing work-order 3: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 3 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f208c006900 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 3 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #3 | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-bcCritical (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c7 df aa a8 7b 08 1d 27 48 b0 5a 72 07 a3 2c c0 | ikev2 g^x f0 44 3d 97 09 ff 3f e0 f1 bc bf 19 ab b1 f6 94 | ikev2 g^x cb f7 5b 4e c2 25 c4 be c3 4a 47 47 c2 37 f4 71 | ikev2 g^x 13 8c b4 c4 29 89 91 14 e1 a3 3b 29 1c 54 8a 3d | ikev2 g^x 78 8b 9e 41 80 5b 25 d0 a3 04 e1 b6 ba d9 ba 96 | ikev2 g^x b5 1f e0 2f 13 7f 2f 87 68 8c 3f ce d1 53 b6 c5 | ikev2 g^x b0 68 27 22 a2 e2 7f 56 48 1c 24 f6 b1 1a 7c 35 | ikev2 g^x 51 07 e0 5c 6c 04 10 4d 01 ca e9 f9 97 55 57 3d | ikev2 g^x c8 f9 6d f3 05 35 35 06 c2 81 27 57 a4 d2 ac d2 | ikev2 g^x 32 03 73 2a 5f fc 3b 55 27 a5 05 ae 45 c5 43 d9 | ikev2 g^x f1 5f 32 d6 ab ce cc 11 6b 5b d0 dc db 1a 14 35 | ikev2 g^x 08 64 1c c3 40 1c 03 52 58 d1 16 84 8b 19 39 f7 | ikev2 g^x 3e 42 4f ee 3b 6b 8c b8 18 b2 2a d0 2c 4f 24 34 | ikev2 g^x d5 a8 b1 d4 00 4d 78 de c5 59 79 92 9f 05 6e 8f | ikev2 g^x f5 10 ba 8b 5b 04 4e 13 8e 74 2d d8 8a 94 4a a3 | ikev2 g^x b4 e2 4c d4 e3 e2 f9 9a e1 71 54 6b 55 34 8c c6 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 3e 14 ef 4f 72 b6 ee 9b 48 0f c4 6b d5 45 3b 54 | IKEv2 nonce e4 94 e1 85 20 41 45 e0 a3 10 24 84 1b 63 e1 d6 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 0d 31 61 e3 f4 f0 af 01 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= a0 6a c9 43 e7 8a ac a7 d6 02 40 44 d9 b5 ed d7 | natd_hash: hash= 1c f6 0e 61 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a0 6a c9 43 e7 8a ac a7 d6 02 40 44 d9 b5 ed d7 | Notify data 1c f6 0e 61 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 0d 31 61 e3 f4 f0 af 01 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 63 ab 47 94 f4 bb df 7f 3e bf e3 66 d2 84 d3 57 | natd_hash: hash= cc 3d 48 0e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 63 ab 47 94 f4 bb df 7f 3e bf e3 66 d2 84 d3 57 | Notify data cc 3d 48 0e | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #3: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #3 to 4294967295 after switching state | Message ID: IKE #3 skipping update_recv as MD is fake | Message ID: sent #3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-bcCritical" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0d 31 61 e3 f4 f0 af 01 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 c7 df aa a8 7b 08 1d 27 | 48 b0 5a 72 07 a3 2c c0 f0 44 3d 97 09 ff 3f e0 | f1 bc bf 19 ab b1 f6 94 cb f7 5b 4e c2 25 c4 be | c3 4a 47 47 c2 37 f4 71 13 8c b4 c4 29 89 91 14 | e1 a3 3b 29 1c 54 8a 3d 78 8b 9e 41 80 5b 25 d0 | a3 04 e1 b6 ba d9 ba 96 b5 1f e0 2f 13 7f 2f 87 | 68 8c 3f ce d1 53 b6 c5 b0 68 27 22 a2 e2 7f 56 | 48 1c 24 f6 b1 1a 7c 35 51 07 e0 5c 6c 04 10 4d | 01 ca e9 f9 97 55 57 3d c8 f9 6d f3 05 35 35 06 | c2 81 27 57 a4 d2 ac d2 32 03 73 2a 5f fc 3b 55 | 27 a5 05 ae 45 c5 43 d9 f1 5f 32 d6 ab ce cc 11 | 6b 5b d0 dc db 1a 14 35 08 64 1c c3 40 1c 03 52 | 58 d1 16 84 8b 19 39 f7 3e 42 4f ee 3b 6b 8c b8 | 18 b2 2a d0 2c 4f 24 34 d5 a8 b1 d4 00 4d 78 de | c5 59 79 92 9f 05 6e 8f f5 10 ba 8b 5b 04 4e 13 | 8e 74 2d d8 8a 94 4a a3 b4 e2 4c d4 e3 e2 f9 9a | e1 71 54 6b 55 34 8c c6 29 00 00 24 3e 14 ef 4f | 72 b6 ee 9b 48 0f c4 6b d5 45 3b 54 e4 94 e1 85 | 20 41 45 e0 a3 10 24 84 1b 63 e1 d6 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 a0 6a c9 43 | e7 8a ac a7 d6 02 40 44 d9 b5 ed d7 1c f6 0e 61 | 00 00 00 1c 00 00 40 05 63 ab 47 94 f4 bb df 7f | 3e bf e3 66 d2 84 d3 57 cc 3d 48 0e | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5ada30 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-bcCritical" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ada30 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #3 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48985.219269 | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD | #3 spent 0.795 milliseconds in resume sending helper answer | stop processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f208c006900 | spent 0.00212 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 e0 80 9c 3a | 8b 0f 69 53 0a 75 55 b0 93 4f f1 c5 f6 6a 71 63 | f3 17 8d ad 27 cc 47 fe a4 02 bc 8c 8b c2 e2 ca | b3 78 74 7e 50 29 e8 55 80 1c 24 f4 41 2c c8 a4 | 65 05 3f 1c b8 52 e8 31 52 4b 8e d4 42 87 6f 1a | bc ec 0b db a5 7b f3 6f d9 5c 7f 66 cc d6 20 90 | ed d7 1f b4 99 91 85 bb 2b e7 8e aa 0b a5 e6 82 | 40 d6 04 e4 a0 4b 91 4c de 23 50 b9 ae 25 e5 ab | a3 69 00 85 07 ba e4 5b 09 46 a5 63 60 f8 27 53 | 94 27 6c 58 15 62 13 7f d0 47 6a d7 d3 fd 03 62 | b9 db 47 d6 65 9f 29 93 78 f8 eb 0b 1b 43 6c 6f | 09 ae 94 bb 48 67 f0 6c 49 ce 8a 9d 03 c0 61 9b | f2 40 71 a2 20 f8 26 1a c0 bb 6b 7d 8a cd f3 da | 95 57 35 6d be 2f ec 89 ba 72 ad bf db 18 2d 63 | 5e 5c 93 bb b8 d0 84 13 57 ad 32 27 2c 7f c0 37 | 7b d2 ba 70 c4 c6 d4 a2 53 e2 de db 0a 80 83 f4 | 6f 2f dc 1a 6a 5f d9 4f 91 b3 5b f1 29 00 00 24 | d8 d9 a8 1e 8d 5f e1 06 90 c4 20 e7 78 d4 e8 58 | 74 32 74 ed 2c ec c7 41 fb 76 c1 79 34 73 9f 12 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | c5 bb eb 3c 56 e8 41 64 27 a5 d4 64 ae 27 7a dd | 27 62 f4 0d 26 00 00 1c 00 00 40 05 2c d8 a8 0d | 30 01 7c ba f4 47 a0 8c 24 f4 dd 30 5a 5f 13 b6 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #3 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #3 is idle | #3 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] | #3 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-bcCritical (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 0d 31 61 e3 f4 f0 af 01 | natd_hash: rcookie= 1f 4a a2 83 e1 88 a6 7d | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 2c d8 a8 0d 30 01 7c ba f4 47 a0 8c 24 f4 dd 30 | natd_hash: hash= 5a 5f 13 b6 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 0d 31 61 e3 f4 f0 af 01 | natd_hash: rcookie= 1f 4a a2 83 e1 88 a6 7d | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c5 bb eb 3c 56 e8 41 64 27 a5 d4 64 ae 27 7a dd | natd_hash: hash= 27 62 f4 0d | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 4 for state #3 | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ada30 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f208c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #3 spent 0.135 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #3 and saving MD | #3 is busy; has a suspended MD | [RE]START processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-bcCritical" #3 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #3 spent 0.323 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.33 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 4 for state #3 | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 4 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 4 time elapsed 0.0008 seconds | (#3) spent 0.801 milliseconds in crypto helper computing work-order 4: ikev2_inR1outI2 KE (pcr) | crypto helper 2 sending results from work-order 4 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f20800054f0 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 4 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #3: calculating g^{xy}, sending I2 | creating state object #4 at 0x56366a60bee0 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.child started | duplicating state object #3 "west-bcCritical" as #4 for IPSEC SA | #4 setting local endpoint to 192.1.2.45:500 from #3.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #3.#4; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #3 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #3.#4 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f208c002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f208c002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | parent state #3: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 205 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 ca 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2e 30 2c 06 03 55 04 03 0c 25 77 65 73 | my identity 74 2d 62 63 43 72 69 74 69 63 61 6c 2e 74 65 73 | my identity 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | my identity 72 67 31 39 30 37 06 09 2a 86 48 86 f7 0d 01 09 | my identity 01 16 2a 75 73 65 72 2d 77 65 73 74 2d 62 63 43 | my identity 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e 67 2e | my identity 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 213 | Sending [CERT] of certificate: E=user-west-bcCritical@testing.libreswan.org,CN=west-bcCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1257 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 e5 30 82 04 4e a0 03 02 01 02 02 01 17 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 ca 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2e 30 2c 06 03 55 04 03 0c 25 77 | CERT 65 73 74 2d 62 63 43 72 69 74 69 63 61 6c 2e 74 | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | CERT 2e 6f 72 67 31 39 30 37 06 09 2a 86 48 86 f7 0d | CERT 01 09 01 16 2a 75 73 65 72 2d 77 65 73 74 2d 62 | CERT 63 43 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e | CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | CERT 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | CERT 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | CERT bb 16 d4 fd 7d 09 32 ea 35 a9 f9 5c f8 6b d1 a8 | CERT 8b a8 69 14 a6 e0 aa 58 e3 d6 1f 85 f0 cc d7 89 | CERT c7 22 e1 a8 41 5a 71 a4 41 54 75 25 1f cb 1a 6d | CERT 93 d5 81 42 55 bc 1c 26 37 8e 11 1e 11 ed a0 9f | CERT fd 5d ad 28 50 80 ba 37 5d f6 7b a6 50 db 7c f4 | CERT 25 10 6f e4 72 48 ed c7 45 5a 89 8e 90 da 7a 75 | CERT be 00 32 03 6b 68 1b c4 9e d0 ed 98 2c 37 62 74 | CERT ca 63 b7 a6 6d 18 39 92 4b 38 3e b8 54 7e 12 35 | CERT 5f 9f 9f 1d f1 16 c1 6a 01 50 53 e0 91 9c 3e 2a | CERT 9a f4 32 cc 32 6e f0 bb c1 b9 50 7d 92 c9 9c 96 | CERT 78 9b 46 85 18 a9 b0 2a 76 8a ee c5 10 c6 3c b8 | CERT 3b 35 b2 1f 1d 5b 41 22 e1 fe 22 18 a2 18 f1 39 | CERT 14 fa 08 d5 5e 4d ea ca 11 9f 8f db 00 4d 71 65 | CERT e4 da 1a 04 e0 2f 71 8a df 38 eb f7 3b ee c9 75 | CERT ac 98 a0 78 9e a4 90 52 a1 ec 9b 81 84 a0 cd 8c | CERT 14 25 90 82 16 af a4 43 0c 4c 0e 95 18 b3 fa 50 | CERT 63 9d cc b2 9b ef 04 49 ec 73 58 54 a5 91 49 fb | CERT be 62 aa 68 c9 c2 08 d3 4a 35 4d 9f bc 39 20 0c | CERT 36 ad 0b 6c 28 6c f1 1f 51 09 7c 74 07 4b f5 d5 | CERT bd 9f 96 15 d4 f7 bb 6f aa 16 12 b1 f6 49 27 44 | CERT 6b 90 5e e5 8b c5 2f 81 89 d8 6e 2b f9 05 f4 6e | CERT e8 9c 4f c1 6f e7 dc 26 79 06 11 da 89 74 99 5f | CERT 1a ea 60 58 5e 38 f0 7d dc 9d 4c e7 b2 c0 f1 ad | CERT 16 2c fc 33 07 01 c8 69 04 22 c0 81 ef 2e c0 a1 | CERT 02 03 01 00 01 a3 81 ee 30 81 eb 30 09 06 03 55 | CERT 1d 13 04 02 30 00 30 30 06 03 55 1d 11 04 29 30 | CERT 27 82 25 77 65 73 74 2d 62 63 43 72 69 74 69 63 | CERT 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | CERT 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 | CERT 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30 14 | CERT 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 | CERT 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 01 01 | CERT 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 | CERT 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 | CERT 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f | CERT 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | CERT 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b | CERT 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d | CERT 01 01 0b 05 00 03 81 81 00 7c 85 22 2f c2 2b c7 | CERT 14 34 4c bc 38 19 09 ab 4e 63 d8 66 7e 9a c2 86 | CERT b5 a3 32 94 6d d5 22 b8 57 43 74 94 86 eb 0f fa | CERT e9 1e 26 b4 ff 44 b5 05 8a 24 52 2d 5f 61 bb 79 | CERT 0b c6 a2 5a 90 0b 18 ee 38 bd 88 1d 4b db 22 40 | CERT 29 1d a2 c3 aa 34 6d 13 8c d7 fc c3 64 85 c1 c8 | CERT 36 d6 b5 a4 c8 ab 11 d1 c4 97 5a 33 f8 36 49 2f | CERT 4c e6 fd 0f 83 8e 76 06 58 b1 82 79 47 06 11 9f | CERT 53 d0 3e e4 74 dd 9c d4 80 | emitting length of IKEv2 Certificate Payload: 1262 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcCritical.testing.libreswan.org, E=user-west-bcCritical@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAbsW1 | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAbsW1 | private key for cert west-bcCritical not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAbsW1 | #3 spent 5.39 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 68 42 d5 cd b2 6c b4 e2 7d 23 b8 02 97 e5 3e 64 | rsa signature 9d ed ce db 16 2e f2 b4 0e 82 52 87 02 d3 da 07 | rsa signature f6 ea f4 cd 48 3b 22 71 d2 a0 ba f7 c2 fe 19 99 | rsa signature ea 38 8d fa a5 72 39 18 11 f0 0a 13 db 59 db 05 | rsa signature 2e 7d a6 a7 63 c3 41 c1 9f ae cb 33 fa 1b e5 12 | rsa signature e4 f5 13 b8 81 00 d8 9a 1e 0b cc a5 f3 d8 15 bb | rsa signature d5 4e 0a 1a 6e 38 e6 9f 2e fb 32 03 c0 b1 36 5b | rsa signature 72 06 d7 99 c9 5f 7b da 07 4b 74 eb ce 17 68 ba | rsa signature 50 6b 04 a1 a2 a7 49 56 a0 aa 2c 82 fa 49 56 c4 | rsa signature 53 1e 03 7b 51 df e1 f6 23 14 fc ac f2 9f be 92 | rsa signature 44 82 36 46 cc f3 85 c3 54 93 c4 0f eb bf b5 4d | rsa signature b8 e0 32 fc 5d 05 fd c4 bd d2 40 53 20 2d 8c 8d | rsa signature 7e 7b 2d 3d cb ed 6f ae 18 b8 bf 4c 5d e1 31 74 | rsa signature 91 56 6c 21 c1 29 07 d6 14 c3 57 5a ca 56 cf 44 | rsa signature 17 4b d3 5c 17 fe 14 da 16 6e 28 fd 34 3d e1 d8 | rsa signature 4c a6 7d 66 1b 8c a0 24 2c aa 07 e6 3b db e3 3e | rsa signature fb d0 97 90 6c c2 17 6a 26 6c 01 6f 6a 97 8d 17 | rsa signature 1d f3 cf c5 d5 ff 6c 57 57 6c 8c 1b fd b8 2f dc | rsa signature 9c 8e 4d 72 1b 7d 08 3c a5 34 02 32 28 38 d1 d6 | rsa signature aa aa d3 bc 87 38 a3 02 c1 63 91 65 2a 50 52 dc | rsa signature b9 36 89 e3 70 f0 a6 c1 10 0a 88 a9 ae 48 e0 b2 | rsa signature e7 b0 75 9f 2c 2c 8e 93 42 95 a3 f6 57 5e 84 29 | rsa signature 74 b0 f6 b4 9d 45 fc 6e 16 d4 2c f0 9e fb c9 93 | rsa signature 47 a8 76 da db d3 9d 95 c1 cf 72 6b 2b 15 db 3b | #3 spent 5.66 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #3 | netlink_get_spi: allocated 0x467c8172 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-bcCritical (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-bcCritical": constructed local ESP/AH proposals for west-bcCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 46 7c 81 72 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 46 7c 81 72 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 46 7c 81 72 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 46 7c 81 72 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2108 | emitting length of ISAKMP Message: 2136 | **parse ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2136 (0x858) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2108 (0x83c) | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 d5 09 00 00 00 30 81 ca 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2e 30 2c 06 03 | cleartext fragment 55 04 03 0c 25 77 65 73 74 2d 62 63 43 72 69 74 | cleartext fragment 69 63 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 31 39 30 37 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 2a 75 73 65 72 2d | cleartext fragment 77 65 73 74 2d 62 63 43 72 69 74 69 63 61 6c 40 | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | cleartext fragment 6e 2e 6f 72 67 27 00 04 ee 04 30 82 04 e5 30 82 | cleartext fragment 04 4e a0 03 02 01 02 02 01 17 30 0d 06 09 2a 86 | cleartext fragment 48 86 f7 0d 01 01 0b 05 00 30 81 ac 31 0b 30 09 | cleartext fragment 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 | cleartext fragment 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 | cleartext fragment 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 | cleartext fragment 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 | cleartext fragment 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 | cleartext fragment 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 | cleartext fragment 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 | cleartext fragment 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e | cleartext fragment 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 | cleartext fragment 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 | cleartext fragment 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 39 | cleartext fragment 30 39 31 35 31 39 34 34 35 39 5a 18 0f 32 30 32 | cleartext fragment 32 30 39 31 34 31 39 34 34 35 39 5a 30 81 ca 31 | cleartext fragment 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f | cleartext fragment 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e | cleartext fragment 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 | cleartext fragment 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c | cleartext fragment 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 | cleartext fragment 31 2e 30 2c 06 03 55 04 03 0c 25 77 65 73 74 2d | cleartext fragment 62 63 43 72 69 74 69 63 61 6c 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 31 39 30 37 06 09 2a 86 48 86 f7 0d 01 09 01 16 | cleartext fragment 2a 75 73 65 72 2d 77 65 73 74 2d 62 63 43 72 69 | cleartext fragment 74 69 63 61 6c 40 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | cleartext fragment 01 8f 00 30 82 01 8a 02 82 01 81 00 bb 16 d4 fd | cleartext fragment 7d 09 32 ea 35 a9 f9 5c f8 6b d1 a8 8b a8 69 14 | cleartext fragment a6 e0 aa 58 e3 d6 1f 85 f0 cc d7 89 c7 22 e1 a8 | cleartext fragment 41 5a 71 a4 41 54 75 25 1f cb 1a 6d 93 d5 81 42 | cleartext fragment 55 bc 1c 26 37 8e 11 1e 11 ed a0 9f fd 5d ad 28 | cleartext fragment 50 80 ba 37 5d f6 7b a6 50 db 7c f4 25 10 6f e4 | cleartext fragment 72 48 ed c7 45 5a 89 8e 90 da 7a 75 be 00 32 03 | cleartext fragment 6b 68 1b c4 9e d0 ed 98 2c 37 62 74 ca 63 b7 a6 | cleartext fragment 6d 18 39 92 4b 38 3e b8 54 7e 12 35 5f 9f 9f 1d | cleartext fragment f1 16 c1 6a 01 50 53 e0 91 9c 3e 2a 9a f4 32 cc | cleartext fragment 32 6e f0 bb c1 b9 50 7d 92 c9 9c 96 78 9b 46 85 | cleartext fragment 18 a9 b0 2a 76 8a ee c5 10 c6 3c b8 3b 35 b2 1f | cleartext fragment 1d 5b 41 22 e1 fe 22 18 a2 18 f1 39 14 fa 08 d5 | cleartext fragment 5e 4d ea ca 11 9f 8f db 00 4d 71 65 e4 da 1a 04 | cleartext fragment e0 2f 71 8a df 38 eb f7 3b ee c9 75 ac 98 a0 78 | cleartext fragment 9e a4 90 52 a1 ec 9b 81 84 a0 cd 8c 14 25 90 82 | cleartext fragment 16 af a4 43 0c 4c 0e 95 18 b3 fa 50 63 9d | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment cc b2 9b ef 04 49 ec 73 58 54 a5 91 49 fb be 62 | cleartext fragment aa 68 c9 c2 08 d3 4a 35 4d 9f bc 39 20 0c 36 ad | cleartext fragment 0b 6c 28 6c f1 1f 51 09 7c 74 07 4b f5 d5 bd 9f | cleartext fragment 96 15 d4 f7 bb 6f aa 16 12 b1 f6 49 27 44 6b 90 | cleartext fragment 5e e5 8b c5 2f 81 89 d8 6e 2b f9 05 f4 6e e8 9c | cleartext fragment 4f c1 6f e7 dc 26 79 06 11 da 89 74 99 5f 1a ea | cleartext fragment 60 58 5e 38 f0 7d dc 9d 4c e7 b2 c0 f1 ad 16 2c | cleartext fragment fc 33 07 01 c8 69 04 22 c0 81 ef 2e c0 a1 02 03 | cleartext fragment 01 00 01 a3 81 ee 30 81 eb 30 09 06 03 55 1d 13 | cleartext fragment 04 02 30 00 30 30 06 03 55 1d 11 04 29 30 27 82 | cleartext fragment 25 77 65 73 74 2d 62 63 43 72 69 74 69 63 61 6c | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 | cleartext fragment 02 07 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 | cleartext fragment 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 | cleartext fragment 03 02 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 | cleartext fragment 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 | cleartext fragment 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 | cleartext fragment 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e | cleartext fragment 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | cleartext fragment 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 | cleartext fragment 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 0b 05 00 03 81 81 00 7c 85 22 2f c2 2b c7 14 34 | cleartext fragment 4c bc 38 19 09 ab 4e 63 d8 66 7e 9a c2 86 b5 a3 | cleartext fragment 32 94 6d d5 22 b8 57 43 74 94 86 eb 0f fa e9 1e | cleartext fragment 26 b4 ff 44 b5 05 8a 24 52 2d 5f 61 bb 79 0b c6 | cleartext fragment a2 5a 90 0b 18 ee 38 bd 88 1d 4b db 22 40 29 1d | cleartext fragment a2 c3 aa 34 6d 13 8c d7 fc c3 64 85 c1 c8 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 36 d6 b5 a4 c8 ab 11 d1 c4 97 5a 33 f8 36 49 2f | cleartext fragment 4c e6 fd 0f 83 8e 76 06 58 b1 82 79 47 06 11 9f | cleartext fragment 53 d0 3e e4 74 dd 9c d4 80 21 00 01 88 01 00 00 | cleartext fragment 00 68 42 d5 cd b2 6c b4 e2 7d 23 b8 02 97 e5 3e | cleartext fragment 64 9d ed ce db 16 2e f2 b4 0e 82 52 87 02 d3 da | cleartext fragment 07 f6 ea f4 cd 48 3b 22 71 d2 a0 ba f7 c2 fe 19 | cleartext fragment 99 ea 38 8d fa a5 72 39 18 11 f0 0a 13 db 59 db | cleartext fragment 05 2e 7d a6 a7 63 c3 41 c1 9f ae cb 33 fa 1b e5 | cleartext fragment 12 e4 f5 13 b8 81 00 d8 9a 1e 0b cc a5 f3 d8 15 | cleartext fragment bb d5 4e 0a 1a 6e 38 e6 9f 2e fb 32 03 c0 b1 36 | cleartext fragment 5b 72 06 d7 99 c9 5f 7b da 07 4b 74 eb ce 17 68 | cleartext fragment ba 50 6b 04 a1 a2 a7 49 56 a0 aa 2c 82 fa 49 56 | cleartext fragment c4 53 1e 03 7b 51 df e1 f6 23 14 fc ac f2 9f be | cleartext fragment 92 44 82 36 46 cc f3 85 c3 54 93 c4 0f eb bf b5 | cleartext fragment 4d b8 e0 32 fc 5d 05 fd c4 bd d2 40 53 20 2d 8c | cleartext fragment 8d 7e 7b 2d 3d cb ed 6f ae 18 b8 bf 4c 5d e1 31 | cleartext fragment 74 91 56 6c 21 c1 29 07 d6 14 c3 57 5a ca 56 cf | cleartext fragment 44 17 4b d3 5c 17 fe 14 da 16 6e 28 fd 34 3d e1 | cleartext fragment d8 4c a6 7d 66 1b 8c a0 24 2c aa 07 e6 3b db e3 | cleartext fragment 3e fb d0 97 90 6c c2 17 6a 26 6c 01 6f 6a 97 8d | cleartext fragment 17 1d f3 cf c5 d5 ff 6c 57 57 6c 8c 1b fd b8 2f | cleartext fragment dc 9c 8e 4d 72 1b 7d 08 3c a5 34 02 32 28 38 d1 | cleartext fragment d6 aa aa d3 bc 87 38 a3 02 c1 63 91 65 2a 50 52 | cleartext fragment dc b9 36 89 e3 70 f0 a6 c1 10 0a 88 a9 ae 48 e0 | cleartext fragment b2 e7 b0 75 9f 2c 2c 8e 93 42 95 a3 f6 57 5e 84 | cleartext fragment 29 74 b0 f6 b4 9d 45 fc 6e 16 d4 2c f0 9e fb c9 | cleartext fragment 93 47 a8 76 da db d3 9d 95 c1 cf 72 6b 2b 15 db | cleartext fragment 3b 2c 00 00 a4 02 00 00 20 01 03 04 02 46 7c 81 | cleartext fragment 72 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 00 | cleartext fragment 08 05 00 00 00 02 00 00 20 02 03 04 02 46 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 167 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 7c 81 72 03 00 00 0c 01 00 00 14 80 0e 00 80 00 | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 46 | cleartext fragment 7c 81 72 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 46 | cleartext fragment 7c 81 72 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 07 | cleartext fragment 00 00 10 00 00 ff ff c0 01 02 2d c0 01 02 2d 00 | cleartext fragment 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 | cleartext fragment 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 200 | emitting length of ISAKMP Message: 228 | suspend processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #4: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #4 to 0 after switching state | Message ID: recv #3.#4 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #3.#4 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-bcCritical" #4: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 47 7d 28 da 58 11 bc d1 68 8d 14 76 | 72 82 9b f5 11 38 dc 9c 3e 6d 64 fe 94 2c 4d 99 | ef 3e ce f0 f7 30 f5 f4 45 90 69 93 9d e6 bb 5d | ea f8 b6 35 79 b5 9c b8 54 a9 6e 71 af b6 35 68 | e5 1f e5 f7 cb 84 0f 9a 37 e1 13 7c c6 fe 26 0b | b3 ef 16 44 67 bc 54 18 23 a7 21 7b 67 4c bf 5a | da eb 72 77 d5 67 79 ad 33 f3 e4 59 0a 77 a9 96 | ea de aa 27 7c 9e 28 7f 79 6a 6b 89 e4 40 94 e6 | 8d 5c 4e 57 fa cc ff 31 a4 1c 4d fc 1a 16 75 f9 | 5f 3e e7 74 d2 0a bb be d5 20 cb 30 59 9d 4a f5 | b2 88 c8 48 e8 d4 18 d1 33 e8 3b eb f4 4f b2 d0 | 66 b5 d7 a9 a7 cf f3 88 9a 26 fc a0 ef 2c bc 42 | 11 57 21 19 ff 30 c3 b9 31 43 43 cb 62 df 4d 6a | 57 0e f8 ff c0 50 cf 87 3c cd e5 fc dd 02 6b 9b | 1f b6 aa 23 0f f2 0f 87 34 4b b7 d8 84 d2 2c 4a | 19 1c eb 3b e8 a3 1f 6b 71 83 df 79 40 f7 93 fe | c4 c4 2e 57 25 dc c6 0c 8d a4 6c e2 67 de 94 ad | f8 75 97 e9 60 a4 59 cf ea 03 ec 8b 31 10 77 e1 | 63 0f 4e 4e 21 2f 16 69 45 17 4e e5 14 bb 63 8f | a5 1d f0 55 c5 43 85 be c1 7a 28 b9 23 ee 58 a3 | d9 c7 23 4f 62 55 80 69 00 3f 85 03 01 1c 89 97 | 9f 75 50 27 f2 b4 2b 50 fc 62 de d8 01 9c 66 9b | d8 f9 2a 97 73 6c 4a 8c 24 fb 8d a2 11 d2 fe ec | ba 1a fb 77 8b d9 59 5c 2b e2 fb 2a 72 51 8c 1f | fe 4d 03 99 ae 9f 14 35 6e c2 61 c3 f7 2a 15 01 | 38 26 f7 10 f1 a5 db a4 49 3e 0a 19 8e a2 e0 88 | c4 0c 76 c3 b8 44 e5 1e ef 0a 90 ff a9 bc ac f1 | 5f 1c 69 fe f6 69 15 9c 1a 6b c5 81 88 39 03 a0 | e5 3c 00 13 1b 9e fa d8 25 66 38 f8 2d 70 6a 9b | 68 61 05 12 06 8c c6 37 88 9d 45 23 9a 0c 43 84 | 14 ff 20 2a da 87 78 cf 2c 51 25 1e ca ca 00 a7 | e3 3c 87 24 d2 d4 e0 59 4e 15 28 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 ec 8a 95 a2 92 f1 b7 53 c9 fb f0 e3 | de 3a 9b 03 95 1c a1 9a b5 9f 5f 5c 60 4b 61 3a | 8c 99 cb bf dc f8 29 e7 08 55 86 25 4e aa c8 ba | 0a 8f 65 42 e0 3d 88 7a 93 84 a2 a7 ba a3 38 2b | aa b2 04 75 ca 91 33 65 88 37 54 e8 b8 9b de 04 | 89 c7 0b fa 12 32 d3 52 3d 7f ed 3d 49 72 1f 17 | 45 be 2c 43 25 0a c5 fa 89 63 48 68 1b 1d f6 07 | 60 0f d8 a4 01 36 f6 2e 62 b5 7d 38 94 c9 0c 6a | dc 96 70 01 e9 38 11 54 0d 6c 98 10 85 cb a4 57 | 09 a0 29 96 37 92 76 87 3b 7f b1 dc 60 26 aa 36 | 4a 71 b6 c7 5f e1 fa f7 ff aa 14 7e cb c4 8d 25 | 4e bf df 90 46 e5 22 4c 3b 6f 4d a7 7e d0 d3 43 | cb e4 18 e8 12 da 14 31 7e 68 48 a1 e3 81 5e 4d | 56 b9 79 86 e7 65 1a 5d a4 b8 6e 68 6d 1e b1 6a | d7 95 51 6b 41 cb 26 20 18 bc 8c b5 ef 05 b5 c2 | 21 c3 f6 4f b2 d0 9a a7 13 32 4b 86 55 07 65 91 | eb 7c 43 6b d5 a2 05 3d c4 b2 b4 df 4e 22 8a 98 | 68 13 2e 85 d5 d6 e3 61 90 bf a4 0d fe 97 ff d0 | 2c f9 7c 78 96 d4 cb a0 7f 06 72 7f a2 a3 d7 dd | 9c 82 b0 a4 46 8c b8 21 88 9a c6 e1 36 59 ce d0 | 36 87 5b db 1a 3a ba 16 5e f1 de 36 44 e2 05 f7 | d5 60 6b 60 14 f9 01 e4 3f 1e 45 05 60 3c 34 6d | 6d 7c 64 e9 93 73 da 02 79 4f 9f 83 37 5c d6 7a | ec 8a 42 54 21 54 65 cd 5c e5 ec c9 3b ec b4 d3 | eb 54 d8 f1 d4 19 c2 44 75 5d 16 9f 8f 28 e4 2b | fe bf c3 64 57 8d 01 c0 7c 1f 30 95 35 af 4f bd | 68 45 3c fa 9a d8 95 3a e6 6e dd 7e ca 80 38 35 | 05 16 46 33 08 3a 01 0a ff c7 f4 c0 fe 02 89 71 | e2 84 21 6b ac 43 7f 18 85 72 6d a1 28 5d 7e fe | 07 76 e4 d6 24 3c 8a 5b d5 4e db 89 3c f2 0f c8 | 77 48 d8 08 64 b2 3b dc 85 e3 5a 1d e0 77 77 2d | 58 79 ac 28 f1 ec 8c 39 7b 4c fc | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 1c 08 2a 56 9a ce da d5 0c ce a1 da | 4e e6 f0 d8 14 95 f1 96 f8 59 25 52 1e 66 de 67 | 39 76 22 de 75 95 07 56 66 e3 a6 1f 07 1e 43 f1 | 8b c0 a0 b1 cb 2b 35 11 72 09 0e 7e 24 42 d5 e4 | cb e0 bc 25 4a 73 b6 c2 46 34 40 c7 3a 80 23 21 | 25 30 ae f6 eb 21 b5 92 e2 fb f3 12 8e 52 ba aa | 5e f1 bb 86 21 96 73 f7 d5 f4 58 07 18 e9 5c 32 | 87 29 ed 6a 62 f6 38 f3 ec da 0b f6 6a 10 e3 4f | 5b 8e 9a bb fd ec d0 05 8b 6f 4a f6 24 06 f3 5f | 29 19 30 ed ff e1 da 89 53 fc 75 7a 6d c8 af 9b | 89 30 b1 63 f9 b3 60 5f b9 cb ba 6b 89 3b c2 5d | 62 9f 7c cd 88 5f a2 9a a0 79 51 41 1e a8 2f ff | b9 02 a7 e3 06 7b af 33 cb e1 41 cc 9b cd 5e d1 | ec 2c 5e 3a d6 67 19 63 ee 3a ad 3b 91 ce da 0f | 86 6b fc 1d b5 dd 22 57 8a 58 ca c4 c8 88 38 b8 | 33 00 e6 06 22 9d 26 91 0c d0 5d 73 42 9a c6 3a | 51 2a 7a e1 a5 2e ba da af 17 30 fc b6 68 b2 da | cf e9 da 83 b4 64 b5 79 3b a3 12 d9 56 a0 86 ad | 2d 71 e7 10 66 3a b1 ca 20 84 e5 ed fb 14 aa a8 | 55 ba 88 c8 b6 1d 78 66 07 11 56 14 7d 7b 2f 30 | 2e d6 c6 db 1c cc 2c a8 46 7e 28 f1 ec 0f c0 2c | 1d ca 7a c2 28 bf c0 0e 2c fb e7 6c 47 e7 49 94 | f2 6f a9 ad 7e 76 24 12 12 3c f0 9e 81 bd 4e 16 | ca 31 16 2e 0e 61 2b 98 42 04 ca 60 b4 58 e4 58 | 51 ad 52 84 a1 dc 93 8a 85 00 a1 91 f9 ae d1 19 | c1 6f 15 bf 46 32 25 ce f6 62 4d 4a 5d c1 7d dd | 89 59 82 c9 b2 1c 17 03 26 6d ea 4e b4 61 ca 83 | 68 6d 68 7e 70 33 c1 70 8c 7c 78 68 cc 6b 6a 08 | 54 82 35 b8 62 34 a2 a6 4f d6 c1 55 ca fb 4f 04 | 5c 6b a1 1f f6 83 6a 7a f1 3d bf d4 47 36 2c 28 | 59 de da 11 3e f1 54 bc 77 9a c8 6f f2 74 0c a1 | 06 67 d9 a9 a1 70 e8 72 3c 14 d5 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 63 06 3c 31 5b 08 4e 03 63 b6 d4 40 | be 78 40 2e 2e 24 0a be 92 cd da 74 68 8a 40 69 | 40 4e f1 29 35 9e 91 db c5 10 bf f4 ae 34 21 e6 | c2 78 4a 6a d6 e5 c0 60 69 60 84 95 35 34 5d 6e | 5c 6d e1 6f f6 9b b2 0f f3 de 76 cb 24 19 8f 93 | 8f a2 f8 87 86 f6 75 67 5f 17 76 e2 b3 31 8b 3d | 82 c8 fd 6a b4 f6 72 4e d9 a7 4b 32 fe 90 e3 a3 | 44 4f c3 e9 7c ce 74 79 29 46 0a d5 df ca 8b 58 | ca 58 08 e3 60 ea c6 47 29 3e 22 83 16 36 14 cc | c2 02 af 61 1f 27 fc 65 56 2b 29 ad 6e 52 de 26 | b4 14 20 75 aa e6 38 60 b4 be 3b a3 0a f1 86 cb | 04 db a2 b6 2d a8 dd 03 7d 07 4f f7 8d 30 9e 57 | 30 af d3 66 88 06 dd b9 1a 62 48 20 99 c9 ed b1 | 78 1a ee 16 f4 b9 68 9b dd ad 28 6d e5 9e 88 d5 | 1e 25 95 29 e6 bf 4e 8f c4 af 26 17 32 41 ba e4 | b9 03 7a ff a0 c9 b6 ca e7 7c d8 5f dd 74 4b 51 | 35 6d 12 27 7c 8c b4 04 53 43 4a 37 b1 eb b7 0a | 95 8b 9a ff 55 5d 59 a4 aa 44 71 49 b9 d2 ab bf | 13 e6 54 de 0e 02 c7 13 6e a5 ba 4b 8d 11 2b 51 | c3 bf ad 99 1a d2 86 33 17 81 26 8f 48 bd 42 02 | 48 e4 3d d6 c0 0f 45 25 b2 60 52 2d e7 8a e5 94 | 56 a7 cd 49 76 7c 19 ec 9c 01 5e 78 dd c3 cb 68 | ec d0 04 5f 50 36 5d 6b cd 23 ac 1b fd 9a 14 a6 | 76 62 34 ef f2 b4 1b d8 10 71 f2 35 bd 68 b2 59 | 06 20 cd 46 c7 2b d7 6e c4 a4 76 d1 86 11 44 2c | 19 7d 16 bd ee da 7a 41 38 93 7a 61 a9 b3 ff 95 | 1d 8a 12 49 bf fc 34 45 85 f4 ff 2c 16 66 bb f0 | 1e 0a 83 d7 97 65 cc 1b be a5 c8 52 64 64 44 1f | ee 76 e8 05 5b 35 37 e1 31 7b f5 dc 94 38 fa 8e | 18 9a 33 e6 c5 bc e7 9b a0 5f 81 4c 9d de 38 32 | 97 2b eb 9f 54 f0 3c 83 25 89 fa 51 f6 a8 4f c7 | 09 44 4c 5e db d2 a9 6e 26 a7 35 | sending 228 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 35 20 23 08 00 00 00 01 00 00 00 e4 00 00 00 c8 | 00 05 00 05 79 47 d6 a0 e0 d9 27 a6 2c 2f 25 bc | b6 0d c4 0b 04 9b 21 3c 91 b6 d1 b4 2c f8 fd 4d | 1c b0 80 a7 f3 50 52 45 3c ac 8c d8 d2 ee 32 e5 | 2d e0 00 1e c4 e1 5b 48 0b c7 a4 cb a0 b6 31 a8 | d8 da 73 2d 68 cd 02 66 82 57 43 a6 72 2a dc 47 | 40 b8 f1 e6 cf 3b 51 b5 e2 9b b0 c4 8a a2 7f 3f | 71 67 c2 c0 58 79 83 9c 19 86 a7 ad da f7 e3 ce | 05 7f d5 1b 00 fe a6 0d 3f 9a 58 ff a9 13 e8 e4 | 72 20 aa bb 08 f7 fd f4 80 94 7b 4a d9 10 ca d7 | 73 8e 18 fd 3c 91 6b 0a 2a 0c 0d 9b 2d c4 9f 74 | 18 99 41 09 93 57 15 d3 73 be 79 f6 b7 78 3c 88 | 73 84 e9 01 6e c3 18 57 ab 87 fe bb 4f 7f 76 83 | 68 e5 d2 41 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-bcCritical" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5cb290 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f208c006900 size 128 | #4 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48985.229102 | resume sending helper answer for #3 suppresed complete_v2_state_transition() | #3 spent 6.85 milliseconds in resume sending helper answer | stop processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f20800054f0 | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 0d 31 61 e3 f4 f0 af 01 1f 4a a2 83 e1 88 a6 7d | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 4c c3 1c d7 3b a5 c9 fc 4c 1b 97 ab 11 81 7f 98 | 50 38 89 60 29 26 81 dc 7b c8 d0 cc 2d b5 1a 9d | cd | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 0d 31 61 e3 f4 f0 af 01 | responder cookie: | 1f 4a a2 83 e1 88 a6 7d | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #3 in PARENT_I2 (find_v2_ike_sa) | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #4 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #4 is idle | #4 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #4 in state PARENT_I2: sent v2I2, expected v2R2 | #4 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-bcCritical" #4: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #3 ikev2.ike failed auth-failed "west-bcCritical" #4: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #4 fd@25 .st_dev=9 .st_ino=1674361 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #3 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f208c006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5cb290 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5cb290 | inserting event EVENT_RETRANSMIT, timeout in 59.997148 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f208c006900 size 128 "west-bcCritical" #4: STATE_PARENT_I2: suppressing retransmits; will wait 59.997148 seconds for retry | #4 spent 0.0566 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #3 spent 0.19 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.2 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-bcCritical" (in terminate_a_connection() at terminate.c:69) "west-bcCritical": terminating SAs using this connection | connection 'west-bcCritical' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a6260} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "west-bcCritical" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev2.child deleted other | #4 spent 0.0566 milliseconds in total | [RE]START processing: state #4 connection "west-bcCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-bcCritical" #4: deleting state (STATE_PARENT_I2) aged 0.081s and NOT sending notification | child state #4: PARENT_I2(open IKE SA) => delete | child state #4: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f208c006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5cb290 | priority calculation of connection "west-bcCritical" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-bcCritical" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-bcCritical | State DB: deleting IKEv2 state #4 in CHILDSA_DEL | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #3 | start processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #3 ikev2.ike deleted auth-failed | #3 spent 9.65 milliseconds in total | [RE]START processing: state #3 connection "west-bcCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-bcCritical" #3: deleting state (STATE_PARENT_I2) aged 0.085s and NOT sending notification | parent state #3: PARENT_I2(open IKE SA) => delete | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f208c002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-bcCritical | State DB: deleting IKEv2 state #3 in PARENT_I2 | parent state #3: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-bcCritical" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-bcCritical' wasn't on the list | stop processing: connection "west-bcCritical" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.643 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuOmit" (in initiate_a_connection() at initiate.c:186) | connection 'west-ekuOmit' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #5 at 0x56366a5a3770 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-ekuOmit" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-ekuOmit" IKE SA #5 "west-ekuOmit" "west-ekuOmit" #5: initiating v2 parent SA | constructing local IKE proposals for west-ekuOmit (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-ekuOmit": constructed local IKE proposals for west-ekuOmit (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 5 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5cb290 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #5 spent 0.15 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-ekuOmit" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | crypto helper 6 resuming | crypto helper 6 starting work-order 5 for state #5 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 5 | spent 0.226 milliseconds in whack | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 5 time elapsed 0.000758 seconds | (#5) spent 0.759 milliseconds in crypto helper computing work-order 5: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 5 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 5 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #5 | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-ekuOmit (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 99 42 66 d4 49 12 33 dd a6 0d 26 0d 6d 5a 0a 75 | ikev2 g^x d0 51 4c 68 23 14 a5 33 d8 ba 69 dd 07 89 2f fb | ikev2 g^x 95 0f 3f 23 75 83 86 e1 14 eb d1 eb 32 17 ba a6 | ikev2 g^x 9f 95 cd da e9 fe f4 11 82 de 60 5f 46 43 82 cd | ikev2 g^x b6 2f cc ae 5c 65 48 12 b8 8c 62 20 88 e4 1d bc | ikev2 g^x d3 9f 27 59 73 65 ca d6 20 24 0b 58 40 1f 4e 99 | ikev2 g^x 29 b6 18 26 de 6b f1 a4 0b fc d3 a8 58 82 dd f6 | ikev2 g^x 50 b4 8f 26 07 41 84 2d 8f 6d ab 19 64 ae 59 96 | ikev2 g^x 4e 18 14 2d 54 64 0e ee 94 07 fb f6 f0 00 f8 82 | ikev2 g^x 44 c3 42 ea 83 1d f0 dd 6c a0 a4 8c 5e 84 f8 b5 | ikev2 g^x 0d 09 e1 79 c4 65 9b 61 07 bf 23 2c c5 48 31 f5 | ikev2 g^x 86 42 ae 5f 8c 69 12 de f8 67 ba 7a a1 f8 9a a8 | ikev2 g^x d7 4e c7 49 f1 70 ea ea 10 5a 2d f2 af df 23 28 | ikev2 g^x f2 f6 cc 16 d3 77 85 8f e5 4a 3b 58 f8 d6 bc ac | ikev2 g^x 50 16 d7 b8 6f 54 0a 9e 5a 06 be 65 45 47 2d 22 | ikev2 g^x b9 ea 55 6f ec 1d 30 84 93 03 65 b7 cc 8e 54 c0 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce f3 db 46 c8 6f 3d 55 ba ad ca 56 87 a7 a9 af 6c | IKEv2 nonce 59 36 8d 7a ea 88 63 38 0a 5f 1e cc db 56 fa 3e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f de dc 03 cf 4e 38 fc | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= ed 7d 16 96 a6 5f d8 34 d1 4f 9b bc 27 25 1e 76 | natd_hash: hash= 6c d7 67 02 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ed 7d 16 96 a6 5f d8 34 d1 4f 9b bc 27 25 1e 76 | Notify data 6c d7 67 02 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f de dc 03 cf 4e 38 fc | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 91 66 b8 ed 10 f9 11 68 23 ca 49 2c 51 43 a1 1e | natd_hash: hash= 99 39 c9 8a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 91 66 b8 ed 10 f9 11 68 23 ca 49 2c 51 43 a1 1e | Notify data 99 39 c9 8a | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #5 to 4294967295 after switching state | Message ID: IKE #5 skipping update_recv as MD is fake | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-ekuOmit" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6f de dc 03 cf 4e 38 fc 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 99 42 66 d4 49 12 33 dd | a6 0d 26 0d 6d 5a 0a 75 d0 51 4c 68 23 14 a5 33 | d8 ba 69 dd 07 89 2f fb 95 0f 3f 23 75 83 86 e1 | 14 eb d1 eb 32 17 ba a6 9f 95 cd da e9 fe f4 11 | 82 de 60 5f 46 43 82 cd b6 2f cc ae 5c 65 48 12 | b8 8c 62 20 88 e4 1d bc d3 9f 27 59 73 65 ca d6 | 20 24 0b 58 40 1f 4e 99 29 b6 18 26 de 6b f1 a4 | 0b fc d3 a8 58 82 dd f6 50 b4 8f 26 07 41 84 2d | 8f 6d ab 19 64 ae 59 96 4e 18 14 2d 54 64 0e ee | 94 07 fb f6 f0 00 f8 82 44 c3 42 ea 83 1d f0 dd | 6c a0 a4 8c 5e 84 f8 b5 0d 09 e1 79 c4 65 9b 61 | 07 bf 23 2c c5 48 31 f5 86 42 ae 5f 8c 69 12 de | f8 67 ba 7a a1 f8 9a a8 d7 4e c7 49 f1 70 ea ea | 10 5a 2d f2 af df 23 28 f2 f6 cc 16 d3 77 85 8f | e5 4a 3b 58 f8 d6 bc ac 50 16 d7 b8 6f 54 0a 9e | 5a 06 be 65 45 47 2d 22 b9 ea 55 6f ec 1d 30 84 | 93 03 65 b7 cc 8e 54 c0 29 00 00 24 f3 db 46 c8 | 6f 3d 55 ba ad ca 56 87 a7 a9 af 6c 59 36 8d 7a | ea 88 63 38 0a 5f 1e cc db 56 fa 3e 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ed 7d 16 96 | a6 5f d8 34 d1 4f 9b bc 27 25 1e 76 6c d7 67 02 | 00 00 00 1c 00 00 40 05 91 66 b8 ed 10 f9 11 68 | 23 ca 49 2c 51 43 a1 1e 99 39 c9 8a | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5cb290 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuOmit" #5: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5cb290 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #5 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48987.421819 | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD | #5 spent 1.18 milliseconds in resume sending helper answer | stop processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2084006900 | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 bd b2 95 6e | b9 04 2f 9c 23 27 97 cf 81 39 8e 35 3d 16 b5 66 | 44 b9 12 7a e5 b2 ba c7 c9 9a 21 74 58 6d 28 44 | 84 02 7b 60 db ac 0d a2 a6 c0 34 97 5e ed 74 ba | 2e 8e d3 56 71 2e e3 ca 8e ae 6e e1 80 83 fe 0c | fd eb 4b 8c f5 f3 8e 80 8d d2 b9 f6 3c 50 ef 6d | 55 65 0f c0 82 47 ca 87 33 0e 36 29 a2 b0 3f a3 | e8 c2 17 73 cf 7d b6 4a 7e 5c c1 8e f4 39 75 f6 | 27 67 b2 25 26 5f b2 64 d1 98 ca 7b 49 69 0b 66 | 43 a6 91 2d fe d3 67 5d 68 4a fa d8 5f 9e c3 6f | 6f a2 ac cf 82 62 09 d8 60 da 53 17 5b eb 2d 0d | b1 74 bc 70 75 fe 00 cf 57 25 f0 9c b8 30 7a 20 | b7 62 04 29 2a 40 ae 3d c5 9d 7a 84 2e 5c be 30 | 48 a7 88 ac e6 48 23 90 1d 56 ff 4f 59 bc d1 4f | 86 65 a7 7d 64 32 df f7 1d 12 53 64 f2 86 10 80 | a5 56 df 65 8d 4e 91 45 1e cd 7a b7 7f ae 26 37 | 59 00 1c 40 76 0d d1 f8 ce ad a6 e8 29 00 00 24 | 17 de 8e 79 5e ac 1d 7a ec ba 9c f5 a7 33 11 c9 | 53 14 0c a8 ea 7e 68 c6 3d ae 23 e8 99 05 02 65 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | a3 90 73 21 cb 31 9d 19 f4 ee 96 75 9b 4f ae 9e | ed dc e4 ab 26 00 00 1c 00 00 40 05 d0 6c 7c f9 | 7e c6 ac a6 e1 5d c2 fb e7 dc db 71 f4 27 a3 f1 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #5 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #5 is idle | #5 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #5 IKE SPIi and SPI[ir] | #5 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-ekuOmit (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f de dc 03 cf 4e 38 fc | natd_hash: rcookie= 95 4e ef 72 62 97 db 6a | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= d0 6c 7c f9 7e c6 ac a6 e1 5d c2 fb e7 dc db 71 | natd_hash: hash= f4 27 a3 f1 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f de dc 03 cf 4e 38 fc | natd_hash: rcookie= 95 4e ef 72 62 97 db 6a | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a3 90 73 21 cb 31 9d 19 f4 ee 96 75 9b 4f ae 9e | natd_hash: hash= ed dc e4 ab | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 6 for state #5 | state #5 requesting EVENT_RETRANSMIT to be deleted | #5 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5cb290 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2084002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #5 spent 0.143 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | crypto helper 3 resuming | [RE]START processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | crypto helper 3 starting work-order 6 for state #5 | "west-ekuOmit" #5 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 | stop processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.322 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.329 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 time elapsed 0.001429 seconds | (#5) spent 1.42 milliseconds in crypto helper computing work-order 6: ikev2_inR1outI2 KE (pcr) | crypto helper 3 sending results from work-order 6 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f20780054f0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 6 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #5: calculating g^{xy}, sending I2 | creating state object #6 at 0x56366a60bee0 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "west-ekuOmit" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.45:500 from #5.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #5.#6; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2084002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2084002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | parent state #5: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 199 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 c4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2b 30 29 06 03 55 04 03 0c 22 77 65 73 | my identity 74 2d 65 6b 75 4f 6d 69 74 2e 74 65 73 74 69 6e | my identity 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | my identity 36 30 34 06 09 2a 86 48 86 f7 0d 01 09 01 16 27 | my identity 75 73 65 72 2d 77 65 73 74 2d 65 6b 75 4f 6d 69 | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 207 | Sending [CERT] of certificate: E=user-west-ekuOmit@testing.libreswan.org,CN=west-ekuOmit.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1217 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 bd 30 82 04 26 a0 03 02 01 02 02 01 11 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 c4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2b 30 29 06 03 55 04 03 0c 22 77 | CERT 65 73 74 2d 65 6b 75 4f 6d 69 74 2e 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 31 36 30 34 06 09 2a 86 48 86 f7 0d 01 09 01 | CERT 16 27 75 73 65 72 2d 77 65 73 74 2d 65 6b 75 4f | CERT 6d 69 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 b5 94 0d a0 51 73 | CERT 97 8d 74 bb 5e 9c 62 9b 69 f3 9e 4b a4 c3 9b e2 | CERT 15 15 d7 05 ab d3 9c 7f 76 48 0a ed d7 ed 7e 34 | CERT 33 25 25 31 d3 a1 20 4f 17 1b 23 cb e2 91 4a fc | CERT d2 00 c6 e3 a2 94 92 72 57 db 05 28 39 4c 22 c8 | CERT e3 36 ed ca ca 25 7e 61 e7 35 b9 e8 47 72 c6 62 | CERT ac 84 a1 48 fd 6e 73 70 3a 7a be 6a 47 b2 23 a4 | CERT e8 6c ad 98 8a 7d 39 c7 01 48 31 45 18 65 be 46 | CERT 0f 66 cc 97 34 b2 e0 29 9c 18 8b 8c 5b cf 5a 2b | CERT 5c 54 f2 57 ed 41 0d 50 f7 47 7b 5a d8 8f ec 67 | CERT e4 c2 15 65 27 40 b1 56 da 01 76 86 0f 1c d5 4a | CERT d9 4b 32 1c 7d 0d fa 5a a1 7c 83 a6 6e c2 d0 23 | CERT a0 b8 82 2c 42 7d 7a de 96 89 75 2f eb 9f e7 92 | CERT e0 49 8a 96 0c d7 b4 1a e8 08 66 25 52 28 9c 3b | CERT 75 cf 7b 88 c2 5f 03 4a 0a d4 0a c4 05 1c e8 e3 | CERT 22 71 0c b3 2a df 3f bb 3f 0a c0 4c 7f d1 34 a6 | CERT a6 3c 4c 7f 28 79 6a 74 37 4f c4 b0 83 0f df e8 | CERT 31 a1 e5 42 c4 20 f9 a2 aa 3f f7 c3 5d 54 ab 46 | CERT 3f 44 b5 fe 14 b3 7a 25 95 cf 98 32 fd 34 d4 4c | CERT 28 dd 25 6f de 15 02 1d 1a 9b 56 73 98 b4 8a 38 | CERT f2 ca 4e 8e c8 fc 63 22 32 a3 bd 5d b2 20 0b a9 | CERT af cb 51 d8 90 bd 30 c7 c2 44 af 89 80 19 de 54 | CERT 9e 7c 7e d3 df 7c 61 e2 05 b6 54 03 dd db a1 25 | CERT e5 4d 3e 74 e8 d2 e3 21 b9 f2 71 2c 19 41 ec f0 | CERT af 73 21 76 29 9b b3 fe 2e 5b 02 03 01 00 01 a3 | CERT 81 cc 30 81 c9 30 09 06 03 55 1d 13 04 02 30 00 | CERT 30 2d 06 03 55 1d 11 04 26 30 24 82 22 77 65 73 | CERT 74 2d 65 6b 75 4f 6d 69 74 2e 74 65 73 74 69 6e | CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | CERT 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 41 06 08 | CERT 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 | CERT 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f | CERT 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | CERT 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 | CERT 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e | CERT 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d | CERT 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 | CERT 00 5e 48 68 ae d5 bb 95 27 00 c5 9e a4 3f 75 ce | CERT 68 11 a5 a4 81 fa a6 2b 62 74 de f6 1d 91 b1 40 | CERT a8 cd c5 43 d4 f0 74 c4 d5 2a 42 bf 19 46 2f 35 | CERT c9 ca b3 70 39 5b f8 b4 cb 15 4f bf ac b9 4e df | CERT b8 8a 2a e3 7a a6 22 e1 be ba 91 64 6a 07 6e 3a | CERT 81 88 87 8c 20 ec 70 ff 91 0b c0 65 ed cd 00 24 | CERT 73 56 af 36 8c ad 3d b4 15 1f c9 0a 8b 8e 4a db | CERT aa bf 8b 82 74 29 3d d8 a0 fe df f1 86 1a 3b 2b | CERT a7 | emitting length of IKEv2 Certificate Payload: 1222 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuOmit.testing.libreswan.org, E=user-west-ekuOmit@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAbWUD | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAbWUD | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAbWUD | private key for cert west-ekuOmit not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAbWUD | #5 spent 5.4 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 71 fd 8c d8 5e 21 56 ee 45 c5 8b e5 84 97 c2 d6 | rsa signature b9 ec 4c 5e 60 d0 a7 68 52 83 9d 38 d1 20 bb 56 | rsa signature ae 41 db 15 72 46 b1 16 86 b0 f4 e6 90 fa d0 54 | rsa signature 74 f3 70 f7 70 03 7f 99 a4 2f 51 6e 45 44 c1 0d | rsa signature 4d 3e 02 64 65 e3 ab 5d 23 c7 73 de 69 47 8d 52 | rsa signature 4a 68 30 ae 68 6f 84 80 e0 a4 67 2c 33 96 af a5 | rsa signature a1 d2 ba 01 cf 88 0d 7f 14 cd 3b 43 a2 96 61 71 | rsa signature f7 77 4f 23 0d 58 af 4d 34 6a 5d 41 3e 8a 5e fe | rsa signature 9c f2 7e b1 e2 9e 5f 3b 53 f9 76 c6 93 5d 26 17 | rsa signature 89 0a 71 a8 bd b4 b2 97 92 93 cc f1 ec ac cc 2f | rsa signature 1e 59 18 3a 61 90 ed 71 96 09 27 32 c5 4d 58 57 | rsa signature 3c bf f7 a8 d7 ca ae aa c9 92 34 a3 d1 f4 b0 9a | rsa signature 0a 01 8b f7 69 e8 fd 9c 6b 8f 18 2d e5 44 79 70 | rsa signature 11 9d 07 26 09 44 fd d9 76 db 95 85 cb e0 69 83 | rsa signature fc 0e 35 f9 36 bb 87 ef 63 5b df c8 d9 31 e6 5e | rsa signature 4c c6 40 37 7b a2 0b f9 fb d8 33 ee 8a 2a 80 b8 | rsa signature 9d 0f be 73 8c 74 da 56 7a 94 00 f6 72 86 a1 3a | rsa signature a3 12 cd d5 b9 d2 ba 90 f1 93 53 13 d5 9f 5c a9 | rsa signature 13 42 ba 64 5b dc 87 70 a9 dc b7 87 72 a9 a3 35 | rsa signature 50 69 9d 7c bd f3 70 be 4a 7d d3 7b 91 a2 a6 06 | rsa signature 3e af ea 8c de e5 97 b3 62 dc b5 34 35 a2 4f 38 | rsa signature d6 3e b4 73 68 c5 72 1d 31 42 f8 2b 14 ba 00 80 | rsa signature e7 99 63 84 6b 0f 98 41 8b 7d 2f bc d3 ff 80 ca | rsa signature eb 1e 03 a2 ee 35 6e 31 d0 d1 5c 6c 1f 5c 41 9b | #5 spent 5.68 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #5 | netlink_get_spi: allocated 0x9b4e1bcb for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-ekuOmit (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-ekuOmit": constructed local ESP/AH proposals for west-ekuOmit (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9b 4e 1b cb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9b 4e 1b cb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9b 4e 1b cb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9b 4e 1b cb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2062 | emitting length of ISAKMP Message: 2090 | **parse ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2090 (0x82a) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2062 (0x80e) | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 cf 09 00 00 00 30 81 c4 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2b 30 29 06 03 | cleartext fragment 55 04 03 0c 22 77 65 73 74 2d 65 6b 75 4f 6d 69 | cleartext fragment 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 31 36 30 34 06 09 2a 86 48 | cleartext fragment 86 f7 0d 01 09 01 16 27 75 73 65 72 2d 77 65 73 | cleartext fragment 74 2d 65 6b 75 4f 6d 69 74 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 | cleartext fragment 00 04 c6 04 30 82 04 bd 30 82 04 26 a0 03 02 01 | cleartext fragment 02 02 01 11 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 | cleartext fragment 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 | cleartext fragment 39 34 34 35 39 5a 30 81 c4 31 0b 30 09 06 03 55 | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2b 30 29 06 03 | cleartext fragment 55 04 03 0c 22 77 65 73 74 2d 65 6b 75 4f 6d 69 | cleartext fragment 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 31 36 30 34 06 09 2a 86 48 | cleartext fragment 86 f7 0d 01 09 01 16 27 75 73 65 72 2d 77 65 73 | cleartext fragment 74 2d 65 6b 75 4f 6d 69 74 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | cleartext fragment b5 94 0d a0 51 73 97 8d 74 bb 5e 9c 62 9b 69 f3 | cleartext fragment 9e 4b a4 c3 9b e2 15 15 d7 05 ab d3 9c 7f 76 48 | cleartext fragment 0a ed d7 ed 7e 34 33 25 25 31 d3 a1 20 4f 17 1b | cleartext fragment 23 cb e2 91 4a fc d2 00 c6 e3 a2 94 92 72 57 db | cleartext fragment 05 28 39 4c 22 c8 e3 36 ed ca ca 25 7e 61 e7 35 | cleartext fragment b9 e8 47 72 c6 62 ac 84 a1 48 fd 6e 73 70 3a 7a | cleartext fragment be 6a 47 b2 23 a4 e8 6c ad 98 8a 7d 39 c7 01 48 | cleartext fragment 31 45 18 65 be 46 0f 66 cc 97 34 b2 e0 29 9c 18 | cleartext fragment 8b 8c 5b cf 5a 2b 5c 54 f2 57 ed 41 0d 50 f7 47 | cleartext fragment 7b 5a d8 8f ec 67 e4 c2 15 65 27 40 b1 56 da 01 | cleartext fragment 76 86 0f 1c d5 4a d9 4b 32 1c 7d 0d fa 5a a1 7c | cleartext fragment 83 a6 6e c2 d0 23 a0 b8 82 2c 42 7d 7a de 96 89 | cleartext fragment 75 2f eb 9f e7 92 e0 49 8a 96 0c d7 b4 1a e8 08 | cleartext fragment 66 25 52 28 9c 3b 75 cf 7b 88 c2 5f 03 4a 0a d4 | cleartext fragment 0a c4 05 1c e8 e3 22 71 0c b3 2a df 3f bb 3f 0a | cleartext fragment c0 4c 7f d1 34 a6 a6 3c 4c 7f 28 79 6a 74 37 4f | cleartext fragment c4 b0 83 0f df e8 31 a1 e5 42 c4 20 f9 a2 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment aa 3f f7 c3 5d 54 ab 46 3f 44 b5 fe 14 b3 7a 25 | cleartext fragment 95 cf 98 32 fd 34 d4 4c 28 dd 25 6f de 15 02 1d | cleartext fragment 1a 9b 56 73 98 b4 8a 38 f2 ca 4e 8e c8 fc 63 22 | cleartext fragment 32 a3 bd 5d b2 20 0b a9 af cb 51 d8 90 bd 30 c7 | cleartext fragment c2 44 af 89 80 19 de 54 9e 7c 7e d3 df 7c 61 e2 | cleartext fragment 05 b6 54 03 dd db a1 25 e5 4d 3e 74 e8 d2 e3 21 | cleartext fragment b9 f2 71 2c 19 41 ec f0 af 73 21 76 29 9b b3 fe | cleartext fragment 2e 5b 02 03 01 00 01 a3 81 cc 30 81 c9 30 09 06 | cleartext fragment 03 55 1d 13 04 02 30 00 30 2d 06 03 55 1d 11 04 | cleartext fragment 26 30 24 82 22 77 65 73 74 2d 65 6b 75 4f 6d 69 | cleartext fragment 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 | cleartext fragment 03 02 07 80 30 41 06 08 2b 06 01 05 05 07 01 01 | cleartext fragment 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 | cleartext fragment 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 | cleartext fragment 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f | cleartext fragment 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b | cleartext fragment 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 01 0b 05 00 03 81 81 00 5e 48 68 ae d5 bb 95 | cleartext fragment 27 00 c5 9e a4 3f 75 ce 68 11 a5 a4 81 fa a6 2b | cleartext fragment 62 74 de f6 1d 91 b1 40 a8 cd c5 43 d4 f0 74 c4 | cleartext fragment d5 2a 42 bf 19 46 2f 35 c9 ca b3 70 39 5b f8 b4 | cleartext fragment cb 15 4f bf ac b9 4e df b8 8a 2a e3 7a a6 22 e1 | cleartext fragment be ba 91 64 6a 07 6e 3a 81 88 87 8c 20 ec 70 ff | cleartext fragment 91 0b c0 65 ed cd 00 24 73 56 af 36 8c ad 3d b4 | cleartext fragment 15 1f c9 0a 8b 8e 4a db aa bf 8b 82 74 29 3d d8 | cleartext fragment a0 fe df f1 86 1a 3b 2b a7 21 00 01 88 01 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 00 00 71 fd 8c d8 5e 21 56 ee 45 c5 8b e5 84 | cleartext fragment 97 c2 d6 b9 ec 4c 5e 60 d0 a7 68 52 83 9d 38 d1 | cleartext fragment 20 bb 56 ae 41 db 15 72 46 b1 16 86 b0 f4 e6 90 | cleartext fragment fa d0 54 74 f3 70 f7 70 03 7f 99 a4 2f 51 6e 45 | cleartext fragment 44 c1 0d 4d 3e 02 64 65 e3 ab 5d 23 c7 73 de 69 | cleartext fragment 47 8d 52 4a 68 30 ae 68 6f 84 80 e0 a4 67 2c 33 | cleartext fragment 96 af a5 a1 d2 ba 01 cf 88 0d 7f 14 cd 3b 43 a2 | cleartext fragment 96 61 71 f7 77 4f 23 0d 58 af 4d 34 6a 5d 41 3e | cleartext fragment 8a 5e fe 9c f2 7e b1 e2 9e 5f 3b 53 f9 76 c6 93 | cleartext fragment 5d 26 17 89 0a 71 a8 bd b4 b2 97 92 93 cc f1 ec | cleartext fragment ac cc 2f 1e 59 18 3a 61 90 ed 71 96 09 27 32 c5 | cleartext fragment 4d 58 57 3c bf f7 a8 d7 ca ae aa c9 92 34 a3 d1 | cleartext fragment f4 b0 9a 0a 01 8b f7 69 e8 fd 9c 6b 8f 18 2d e5 | cleartext fragment 44 79 70 11 9d 07 26 09 44 fd d9 76 db 95 85 cb | cleartext fragment e0 69 83 fc 0e 35 f9 36 bb 87 ef 63 5b df c8 d9 | cleartext fragment 31 e6 5e 4c c6 40 37 7b a2 0b f9 fb d8 33 ee 8a | cleartext fragment 2a 80 b8 9d 0f be 73 8c 74 da 56 7a 94 00 f6 72 | cleartext fragment 86 a1 3a a3 12 cd d5 b9 d2 ba 90 f1 93 53 13 d5 | cleartext fragment 9f 5c a9 13 42 ba 64 5b dc 87 70 a9 dc b7 87 72 | cleartext fragment a9 a3 35 50 69 9d 7c bd f3 70 be 4a 7d d3 7b 91 | cleartext fragment a2 a6 06 3e af ea 8c de e5 97 b3 62 dc b5 34 35 | cleartext fragment a2 4f 38 d6 3e b4 73 68 c5 72 1d 31 42 f8 2b 14 | cleartext fragment ba 00 80 e7 99 63 84 6b 0f 98 41 8b 7d 2f bc d3 | cleartext fragment ff 80 ca eb 1e 03 a2 ee 35 6e 31 d0 d1 5c 6c 1f | cleartext fragment 5c 41 9b 2c 00 00 a4 02 00 00 20 01 03 04 02 9b | cleartext fragment 4e 1b cb 03 00 00 0c 01 00 00 14 80 0e 01 00 00 | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 9b | cleartext fragment 4e 1b cb 03 00 00 0c 01 00 00 14 80 0e 00 80 00 | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 9b | cleartext fragment 4e 1b cb 03 00 00 0c 01 00 00 0c 80 0e 01 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 121 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 | cleartext fragment 0c 00 00 00 08 05 00 00 00 00 00 00 30 04 03 04 | cleartext fragment 04 9b 4e 1b cb 03 00 00 0c 01 00 00 0c 80 0e 00 | cleartext fragment 80 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 | cleartext fragment 0c 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 01 02 2d c0 01 02 | cleartext fragment 2d 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff | cleartext fragment ff c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 154 | emitting length of ISAKMP Message: 182 | suspend processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #6: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #6 to 0 after switching state | Message ID: recv #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #5.#6 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-ekuOmit" #6: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 86 3b bc 3b d4 7e 77 1a fd aa 02 8c | 49 b3 03 c6 6c 66 6c fa 09 bf 41 e3 91 ad d0 9f | eb 11 a4 06 01 00 fc d6 7b 68 c9 65 01 a9 60 86 | 68 4f d3 35 57 53 51 4f 43 b3 9c 8b ae d6 71 fd | b6 fe e9 99 37 6a 3c 2a e5 7b 33 e2 27 84 b9 73 | dc cf 8e a8 b4 d3 27 c4 9b 02 f7 20 ea 6f b2 70 | 79 06 18 19 f3 ee 70 25 4c b0 ea fb ae 80 63 8d | b7 e8 0f fd 9c ac d7 d6 dc f4 e1 70 bd 0b 17 0d | 22 8e fc 25 ad 06 8b 46 b6 87 0f 73 e0 7c ff 65 | e9 84 9b d8 d2 e3 82 81 79 6f bc f1 08 7e 05 19 | 57 4f ad e8 32 1a 65 db 7d b0 1e 38 f8 5e a8 da | 1a 83 52 ea da 6d 4c 40 67 31 1f 8b d5 20 fc 11 | c6 0d f5 41 98 ca 05 17 08 9a 26 eb fe 49 73 b4 | 25 bb d2 07 15 3f e6 2f 80 d1 b9 8c e1 33 fe 65 | eb 46 db 18 86 cf 9b a8 b3 b4 1f 6f 4f 57 91 08 | e9 53 59 3e 9c 18 e1 e1 7b f5 fb ba 02 8a 4b 66 | 24 b4 58 c1 21 4b d6 4e 6f 64 36 92 c8 22 64 ba | 48 98 15 04 6d 51 ed ad cf 2a c0 48 0d 2f 1d 42 | ea 94 98 9c 94 49 09 26 0a 78 be c0 6a d1 74 10 | 1a fe 67 85 98 81 04 f5 9b ec 0c 0a f1 28 bb 8c | 0d c0 d3 c1 fb e5 8b 86 f7 1f 4d d6 fd 3d 24 9c | 4c 2e 58 4b 23 20 db a6 eb 7b d9 15 1c fb 33 d4 | 16 29 b4 af 99 1e 30 70 a6 38 1f e7 03 90 4d 7e | 14 2e 3f 7b 16 1c 2b ab 80 fc 3e 70 fb bb 3b 62 | 57 92 3d 12 7c c1 ba 54 9f be 05 71 82 c4 44 d5 | 8b 86 8d a2 29 f8 78 61 bb 7f 5a 17 ce 54 17 45 | 45 7c b9 3b 1a 44 63 ff b7 53 0f 9a 72 a3 b4 7f | 60 15 fe 02 34 b4 49 d3 17 90 48 09 01 7d 23 49 | 3a a0 26 c4 41 62 7a b3 97 96 d8 09 df 48 5e cb | a0 7d fe ab 8a 86 33 7f 75 b2 fd 67 8c 8a 5e e2 | f0 86 b3 5e b9 45 fa 15 a0 d1 bf cd a8 28 ed ac | a8 30 db 0a 24 d2 9b 21 2c b9 db | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 dd ce 32 09 de 68 84 fd ab a7 5f d4 | 5d bc 4e 0b 0d 48 46 7a 2b d8 de 95 4a fa 63 ae | b7 06 47 3b 98 d7 6a 36 84 8a bf 69 70 d0 2b cf | ec 19 4e c8 85 f3 6e a5 64 bf 81 39 f6 77 82 35 | 03 56 c9 23 c6 70 09 d1 76 70 be 94 b4 3b 95 2b | 8e ed 8c 7e 86 4c fc ff 10 f0 9d f0 db ec 84 55 | b8 40 1f 96 1e a5 9f 2e 43 55 7d 70 f4 63 95 ca | 80 3a d4 c8 11 b3 00 97 85 af 80 c9 97 6d e8 85 | 5d 93 3c e4 e9 a5 10 db 52 a3 3b 86 ba 28 15 86 | b8 cc 62 39 5b c6 b7 f8 70 59 7c 06 4a ae 80 bd | 5a c8 b5 68 ec 05 58 df 7a 6f 92 76 7e 81 c6 6f | 68 5d f1 a7 c3 b5 66 c7 d9 65 3e ba ab a3 cb b9 | 58 65 31 6a b9 7b fa fa 36 12 d2 7a 68 48 bb 08 | 4a 22 b2 67 7d 98 d9 3b ba 09 8d f3 58 32 0b b8 | 58 28 52 3e 4b ff 35 0b 1a c8 e9 e5 64 59 25 04 | cf 93 6a 28 fe 0e 90 6b 99 e4 9b 75 25 d3 83 99 | ff 1f 1a de 8a 2c 08 17 b9 75 79 c9 e8 94 4a 90 | 50 ff 2f b4 33 f2 08 36 48 bb 93 9e f6 f1 b3 ec | fd 23 5c b4 88 b6 32 fc e3 e6 b4 52 76 8d d2 e9 | 25 21 95 81 be ad b0 60 2e bd 5a 1c ae cb 6a 92 | ab 12 8f 6a 38 78 27 ef 4a d0 94 8b 32 eb 5f 7a | 89 6e 33 10 5d 92 5d e5 c8 75 0a 9b 3e 0b 7f ae | da d6 f3 e5 c3 4d b4 25 66 b8 b0 1d 7b b9 85 5f | 37 f0 18 56 69 82 06 60 fc 02 94 1b 06 08 b9 7b | 07 e1 f8 8f b9 59 18 02 fc 87 8f 7a f1 e0 bb 6a | 70 1b a2 4c a1 ea e3 ff e3 69 8f 8a 61 f7 4a cf | 29 f9 70 0c a9 94 cc ed b7 82 60 61 41 da d8 71 | 66 1a ea 3a b0 61 de 54 15 ed 5c 8e b3 af 8b 62 | 13 55 8f 47 9e fd d3 f3 cc 8d f4 00 e2 4c 51 06 | 07 d9 1e f3 10 8e 87 c3 97 e3 ec 03 5b 7a f2 ed | 1c 13 fc bf 23 a8 0e 07 7b b5 36 96 c9 cd e9 dd | 6c 59 5c aa a2 68 47 72 e1 88 a6 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 51 28 4c bb 22 43 b3 5c 76 02 30 0a | 8b c1 20 da 9b 8c 62 fd c4 2e da 4e bc d8 fd f0 | 52 db d2 56 2b ae 15 b7 fd 4a 0d 4e 8f 71 a9 a3 | ac 88 2d e1 4e a6 26 4c d8 09 d5 37 e6 a1 b1 3c | ba b8 61 a1 b8 2c 15 24 d2 aa 3d 83 bb 44 d1 7f | 47 e7 e4 b5 f1 95 8c 8a 7d 9e ba f9 c9 22 f2 ad | ff fc 21 de d4 47 f5 13 60 0e 78 4e 4b 4f 77 92 | 6d 9a c7 da ca 99 0d 31 2a 21 67 38 83 db 56 69 | 76 7b c8 c7 a2 dd 71 4f 08 3f 77 26 7e c8 16 d5 | ab bb bd c0 13 d8 e4 57 94 cf ac 4f 86 10 5d a8 | 2d d5 39 53 ef 5c 71 2c 47 b6 55 e4 18 eb a9 92 | 7e fb 82 8c 63 91 cf 2a 92 ed 1c 99 80 5d 22 a9 | be bc ef 71 48 ed ca f1 b4 e1 b0 d1 5f 2d a5 61 | ad 05 5d a8 0e aa ff 69 ef e5 93 3d 99 61 c2 3f | a0 a3 7c 73 44 99 ba fe 71 46 93 4a 9a 33 9b 01 | c8 5f 05 81 a2 25 2e ab c7 41 c8 2a c8 7c 53 ad | df 0f 67 c4 04 2a b4 f1 1a a5 c2 6a ba 10 6a fe | 28 84 46 8e 62 13 40 36 56 6f 79 2b 61 7b 58 1d | 22 53 0d ef ee 0a 8c c4 46 60 1d 94 83 8b bf 61 | 2f cf 04 fe 88 27 16 a9 85 28 d4 1a 9f 53 94 20 | ad d0 23 58 fe bf 28 12 0d 09 09 2d ee 34 4f b0 | a2 b5 28 a7 93 0d 75 ea a9 7f 76 47 eb 2f 0d 4c | e2 68 8a 85 c2 1d fb df 70 b6 4a 1f 89 7f 8a 36 | 65 d9 5d ab 20 d3 63 ed af e0 87 10 74 1e a0 43 | 7b 70 5e 73 ac 01 0d 63 9a 8c 02 b7 e4 e7 a5 91 | 2c bc 46 89 02 95 57 32 bf df dc fe 3a 86 c1 ae | 2d f0 4b 56 70 d2 79 8d 0d 9e 51 ae 90 44 fa de | bd 38 80 4c 2d 5a d9 05 28 29 b4 0f 92 df 4e 42 | 53 ba 4e bc 90 57 a5 b8 75 f9 a2 78 49 d6 9c 73 | d6 46 6e 0c d4 81 52 b5 51 54 3b 29 ac 55 1b 50 | 3f cb d3 55 90 d0 49 7c 59 33 6f 2d cd 40 fd 14 | 6e 59 fa 45 0e ed 87 6f 8d e6 d8 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 30 99 3f e5 64 83 0b 9a 38 3f aa 2d | 2e 78 de 11 f5 d0 87 c6 7d 6f 37 91 5a 78 e4 70 | 33 10 35 24 3d b3 f5 69 ef 50 14 66 ae 80 17 91 | 30 4b 01 9d d3 4d d8 fc 7e fd b8 45 40 b3 c5 3a | 33 c2 4f f3 55 af dc b8 99 54 e8 36 48 9d 9d 00 | 89 a3 f8 dd ac 56 65 d9 08 47 a3 9f 1d 55 c0 5b | 29 8a 6e 74 af 1c 2b e7 6c bb a1 5e dd 44 96 8d | 6b a3 c7 7e b9 b3 0e cb 1a 29 d6 74 c7 8a 35 e7 | df 56 0e ba e0 52 6e 57 48 f4 08 ad 25 99 2e b7 | a7 8b 48 ef fe e2 c1 a0 6a 61 c3 fc 3a 11 f5 14 | ba eb 96 e4 c5 57 8b 27 38 99 10 1a 8e bc 44 0e | 9c 8a 37 e0 c8 67 f4 bf 69 71 af 64 88 25 0c a7 | a6 9a 01 92 66 e9 8e 5c 01 c6 2a 4f 2c 1c a0 92 | 4c 20 2c 3b 0a 67 20 53 06 c9 4f 00 5e 75 78 b5 | 99 34 f4 bd e7 cc 20 b1 48 5a 3e 74 bf 19 60 7e | ca dc 70 62 ce 29 62 2c e3 a0 bc 9d 78 de c2 00 | 8b bf 7a b9 b4 45 5c 57 6e 0c 4d e1 0c 18 92 b4 | d9 0e d2 61 4a c7 2d f5 e6 df 61 7b 42 ff 8d f7 | 9c ee f7 fe 49 0b 2a 50 20 05 ff c9 27 cb 05 d4 | 78 37 87 4e e6 3d d9 62 1c 6e 2a 24 d0 05 a1 38 | 8e 3d 5f 35 0c f9 32 69 69 7a b1 60 f4 e5 ad 9a | 63 96 c3 c5 77 64 9f b1 a8 63 50 19 c9 15 55 99 | 7f ca cc 44 78 e0 6e 04 74 34 f5 36 ee 5f 61 a5 | c5 5e aa 6d 64 c3 f6 ce c7 97 9d 44 29 da f3 cf | 39 cf 9d b1 e8 1a 74 35 a2 0f 05 f7 c4 30 a5 c5 | 3d 78 b1 fd f0 42 0a 87 35 fa 71 f8 59 5a a0 f5 | f9 e2 ce bc 9f 02 1d 69 b9 10 fa d4 1f e1 2d ee | b1 77 23 bb 7f 59 41 50 d3 47 00 95 08 5c bc 94 | cc 5b 1b 00 02 48 27 0c 8e f6 b1 07 6d 75 26 9d | 86 f5 0d b9 3b 4e 39 45 6b 6e 7e f0 a1 c9 82 2f | 90 66 2c d5 34 aa 4c 1d 7a f5 2b 0e fc 14 08 72 | 69 ad 79 4a ea 5b d6 9b b9 64 fb | sending 182 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 35 20 23 08 00 00 00 01 00 00 00 b6 00 00 00 9a | 00 05 00 05 70 8c e4 d1 e3 27 29 f6 82 03 ed c1 | 8f 7b 38 86 c7 04 0f 48 17 b8 3c df bd 3d 46 65 | 28 22 fe 99 92 2c a8 6a 5c bc 3b d8 59 8d 76 37 | 35 28 45 55 15 fb 90 81 08 ba 04 1a 67 13 4d 54 | a3 8b 8a 8a 55 2e a3 60 87 bc 2d 1b 12 3a 7e 8e | 80 78 32 73 0a 95 f8 2f d9 12 09 f4 31 24 7c f7 | 7b 66 34 39 b2 a2 ab 6f 21 09 9f 43 67 b1 ee e3 | 89 0f 8f 67 2f 43 d6 e3 12 6c 29 70 aa 9d 20 94 | 82 94 9c 9d f5 c0 c1 68 e6 da 14 9a a5 ca ef 03 | 23 ca 3f d3 d8 d8 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuOmit" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5e5fc0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 | #6 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48987.432383 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.04 milliseconds | #5 spent 6.95 milliseconds in resume sending helper answer | stop processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f20780054f0 | spent 0.00227 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f de dc 03 cf 4e 38 fc 95 4e ef 72 62 97 db 6a | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 8e 66 aa e0 37 5e ed 1e 69 e8 4e 89 17 9e 62 87 | e0 2d 4f 5f 5b be e5 0c 16 99 98 b8 28 cf aa 56 | 18 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f de dc 03 cf 4e 38 fc | responder cookie: | 95 4e ef 72 62 97 db 6a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #5 in PARENT_I2 (find_v2_ike_sa) | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #6 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #6 is idle | #6 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #6 in state PARENT_I2: sent v2I2, expected v2R2 | #6 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-ekuOmit" #6: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #5 ikev2.ike failed auth-failed "west-ekuOmit" #6: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #6 fd@25 .st_dev=9 .st_ino=1674899 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #5 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2084006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5e5fc0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5e5fc0 | inserting event EVENT_RETRANSMIT, timeout in 59.997613 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 "west-ekuOmit" #6: STATE_PARENT_I2: suppressing retransmits; will wait 59.997613 seconds for retry | #6 spent 0.0553 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.192 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.2 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuOmit" (in terminate_a_connection() at terminate.c:69) "west-ekuOmit": terminating SAs using this connection | connection 'west-ekuOmit' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #6 | suspend processing: connection "west-ekuOmit" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | #6 spent 0.0553 milliseconds in total | [RE]START processing: state #6 connection "west-ekuOmit" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuOmit" #6: deleting state (STATE_PARENT_I2) aged 0.071s and NOT sending notification | child state #6: PARENT_I2(open IKE SA) => delete | child state #6: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2084006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5e5fc0 | priority calculation of connection "west-ekuOmit" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-ekuOmit" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-ekuOmit | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted auth-failed | #5 spent 11 milliseconds in total | [RE]START processing: state #5 connection "west-ekuOmit" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuOmit" #5: deleting state (STATE_PARENT_I2) aged 0.077s and NOT sending notification | parent state #5: PARENT_I2(open IKE SA) => delete | state #5 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2084002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-ekuOmit | State DB: deleting IKEv2 state #5 in PARENT_I2 | parent state #5: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuOmit" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-ekuOmit' wasn't on the list | stop processing: connection "west-ekuOmit" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.279 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-bcOmit" (in initiate_a_connection() at initiate.c:186) | connection 'west-bcOmit' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #7 at 0x56366a5a3770 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-bcOmit" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-bcOmit" IKE SA #7 "west-bcOmit" "west-bcOmit" #7: initiating v2 parent SA | constructing local IKE proposals for west-bcOmit (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-bcOmit": constructed local IKE proposals for west-bcOmit (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 7 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5e5fc0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #7 spent 0.105 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 resuming | crypto helper 5 starting work-order 7 for state #7 | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 7 | RESET processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-bcOmit" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.169 milliseconds in whack | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000579 seconds | (#7) spent 0.583 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 7 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f207c006900 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 7 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #7 | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-bcOmit (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 0e 31 36 58 6f 47 91 52 64 bb 8c 92 b9 d1 f3 21 | ikev2 g^x d9 34 c0 f3 d7 8a 16 f2 6d 22 17 9f dd 10 dd 5d | ikev2 g^x 1c 5f 24 90 63 e2 93 e6 91 21 a6 2f 29 3e b1 64 | ikev2 g^x 08 e6 ab 3b 52 73 a1 a9 ad f0 72 d2 25 a3 f5 1d | ikev2 g^x 8e b2 ac 16 20 0b 03 52 9e 6a 50 1a b2 53 43 01 | ikev2 g^x d4 d9 45 f9 2c 26 0b 08 e4 35 1e da bd 80 56 3f | ikev2 g^x 09 0b 58 cc e0 f4 26 9d 9b fd 7d 11 eb ee 42 1e | ikev2 g^x 24 b4 b3 4a 95 85 1a 5b d8 e4 2b 72 92 48 a9 d4 | ikev2 g^x 55 2b 6a a1 df 9d 27 1a e6 83 4d 62 52 08 65 af | ikev2 g^x dd 28 ef 10 3e e4 11 90 ee 05 ee 30 5c 28 65 40 | ikev2 g^x be b7 80 b7 2f 90 1f 37 b8 88 03 91 da d0 10 b8 | ikev2 g^x cb e6 bb 32 14 9c 76 b5 04 37 c3 d3 03 32 32 c9 | ikev2 g^x ea 0e 0d 8f f8 73 de a1 35 78 72 5b ed 8a 42 ce | ikev2 g^x 93 c3 b3 e6 e0 df e2 50 22 72 32 1d 70 ff 44 30 | ikev2 g^x 85 29 27 9e 03 4d 89 78 4e d1 be 33 69 2d b6 10 | ikev2 g^x 27 43 67 fd 2f f3 98 ea 13 4c f5 2f a5 06 57 cf | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 32 b3 4d ae 5c 10 98 6e 6a 4e c6 41 2b b0 53 ef | IKEv2 nonce 1e f1 fe 7f f5 ff 6d 56 01 27 61 75 60 be 10 66 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 41 74 a9 7d 49 bc 07 8e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f3 2b d8 e5 87 88 27 c4 61 b4 3f c6 cd c0 87 28 | natd_hash: hash= b4 9d 7e cf | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f3 2b d8 e5 87 88 27 c4 61 b4 3f c6 cd c0 87 28 | Notify data b4 9d 7e cf | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 41 74 a9 7d 49 bc 07 8e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 5a 05 a5 1f a6 db cf e6 29 7f ae de 26 29 37 c9 | natd_hash: hash= 38 ba d6 f0 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5a 05 a5 1f a6 db cf e6 29 7f ae de 26 29 37 c9 | Notify data 38 ba d6 f0 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #7: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #7 to 4294967295 after switching state | Message ID: IKE #7 skipping update_recv as MD is fake | Message ID: sent #7 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-bcOmit" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 41 74 a9 7d 49 bc 07 8e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 0e 31 36 58 6f 47 91 52 | 64 bb 8c 92 b9 d1 f3 21 d9 34 c0 f3 d7 8a 16 f2 | 6d 22 17 9f dd 10 dd 5d 1c 5f 24 90 63 e2 93 e6 | 91 21 a6 2f 29 3e b1 64 08 e6 ab 3b 52 73 a1 a9 | ad f0 72 d2 25 a3 f5 1d 8e b2 ac 16 20 0b 03 52 | 9e 6a 50 1a b2 53 43 01 d4 d9 45 f9 2c 26 0b 08 | e4 35 1e da bd 80 56 3f 09 0b 58 cc e0 f4 26 9d | 9b fd 7d 11 eb ee 42 1e 24 b4 b3 4a 95 85 1a 5b | d8 e4 2b 72 92 48 a9 d4 55 2b 6a a1 df 9d 27 1a | e6 83 4d 62 52 08 65 af dd 28 ef 10 3e e4 11 90 | ee 05 ee 30 5c 28 65 40 be b7 80 b7 2f 90 1f 37 | b8 88 03 91 da d0 10 b8 cb e6 bb 32 14 9c 76 b5 | 04 37 c3 d3 03 32 32 c9 ea 0e 0d 8f f8 73 de a1 | 35 78 72 5b ed 8a 42 ce 93 c3 b3 e6 e0 df e2 50 | 22 72 32 1d 70 ff 44 30 85 29 27 9e 03 4d 89 78 | 4e d1 be 33 69 2d b6 10 27 43 67 fd 2f f3 98 ea | 13 4c f5 2f a5 06 57 cf 29 00 00 24 32 b3 4d ae | 5c 10 98 6e 6a 4e c6 41 2b b0 53 ef 1e f1 fe 7f | f5 ff 6d 56 01 27 61 75 60 be 10 66 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 f3 2b d8 e5 | 87 88 27 c4 61 b4 3f c6 cd c0 87 28 b4 9d 7e cf | 00 00 00 1c 00 00 40 05 5a 05 a5 1f a6 db cf e6 | 29 7f ae de 26 29 37 c9 38 ba d6 f0 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5e5fc0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-bcOmit" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5e5fc0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x56366a5a61d0 size 128 | #7 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48989.610923 | resume sending helper answer for #7 suppresed complete_v2_state_transition() and stole MD | #7 spent 0.804 milliseconds in resume sending helper answer | stop processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f207c006900 | spent 0.00213 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 fa a5 72 49 | 87 b7 93 a3 78 bf 24 f5 f7 d4 e1 72 06 29 44 0c | 21 09 11 57 57 76 18 aa 92 ef fe c3 aa 10 e0 fc | 87 14 b2 71 3c fc ce b7 d5 8c 5d 97 c8 05 cc 88 | fb 2f b5 13 8e f5 fc 0a ee 61 f7 a3 9a 42 59 3e | 9e 32 d9 5d d8 58 b2 7b 96 58 b5 21 91 83 0f 67 | e7 40 d4 40 bf 78 bf 14 21 f6 41 d0 cc b8 dd cf | 0c 1c b9 c2 35 0f 73 63 2f fc 2d f8 d4 8d 30 39 | 16 b7 b8 5e ed f0 1f 99 c2 4f c5 64 60 b8 02 fc | 74 8e 36 02 ac 54 b5 da 5c f6 f6 c1 1f 45 77 3c | 38 d6 9e b9 6f 3f 7e 94 7a e1 e0 b7 5b 1e 4e 47 | 3f 5f 70 0f eb 40 2e 18 64 45 3a 19 cc 09 a7 be | ff 1c 5c 8e d3 24 0e dd 22 c9 41 42 e6 79 f0 49 | 92 94 10 0e 50 1e 9e 18 3b fc 8e 1a 82 6a de 9d | 49 ce 1b f0 ce 78 3f 47 ca 93 3a ce c8 34 7b 8e | 5e 1b a2 31 fc 20 2b 13 6f e3 f2 02 23 fa 82 bc | f8 8a f4 f3 60 ed ba 7b ab 31 b9 b2 29 00 00 24 | cc de 32 c3 9e 7a 95 06 dd c5 62 db e4 40 7b 90 | bf 1f 54 3f 2b 20 e7 f0 0c d1 66 e2 58 b7 77 31 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | d4 e0 d2 67 43 99 0b be 61 ec a3 0c d7 ac 96 5e | 8e b1 31 a6 26 00 00 1c 00 00 40 05 30 30 d6 a0 | 0f ac 2a be d9 ec 5e d0 20 a0 42 0a 76 2b 4d 98 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #7 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #7 is idle | #7 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #7 IKE SPIi and SPI[ir] | #7 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-bcOmit (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 41 74 a9 7d 49 bc 07 8e | natd_hash: rcookie= 1f 55 d6 d7 cf 9a 53 1a | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 30 30 d6 a0 0f ac 2a be d9 ec 5e d0 20 a0 42 0a | natd_hash: hash= 76 2b 4d 98 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 41 74 a9 7d 49 bc 07 8e | natd_hash: rcookie= 1f 55 d6 d7 cf 9a 53 1a | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= d4 e0 d2 67 43 99 0b be 61 ec a3 0c d7 ac 96 5e | natd_hash: hash= 8e b1 31 a6 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 8 for state #7 | state #7 requesting EVENT_RETRANSMIT to be deleted | #7 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x56366a5a61d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5e5fc0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f207c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f207c006900 size 128 | #7 spent 0.155 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 0 resuming | crypto helper 0 starting work-order 8 for state #7 | [RE]START processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #7 and saving MD | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-bcOmit" #7 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.409 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.417 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 time elapsed 0.000923 seconds | (#7) spent 0.915 milliseconds in crypto helper computing work-order 8: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 8 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f20900043d0 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 8 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #7: calculating g^{xy}, sending I2 | creating state object #8 at 0x56366a608f40 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "west-bcOmit" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.45:500 from #7.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #7.#8; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f207c006900 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f207c002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f207c002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f207c006900 size 128 | parent state #7: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 197 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 c2 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2a 30 28 06 03 55 04 03 0c 21 77 65 73 | my identity 74 2d 62 63 4f 6d 69 74 2e 74 65 73 74 69 6e 67 | my identity 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 35 | my identity 30 33 06 09 2a 86 48 86 f7 0d 01 09 01 16 26 75 | my identity 73 65 72 2d 77 65 73 74 2d 62 63 4f 6d 69 74 40 | my identity 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | my identity 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 205 | Sending [CERT] of certificate: E=user-west-bcOmit@testing.libreswan.org,CN=west-bcOmit.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1234 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 ce 30 82 04 37 a0 03 02 01 02 02 01 0d | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 c2 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2a 30 28 06 03 55 04 03 0c 21 77 | CERT 65 73 74 2d 62 63 4f 6d 69 74 2e 74 65 73 74 69 | CERT 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | CERT 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 01 16 | CERT 26 75 73 65 72 2d 77 65 73 74 2d 62 63 4f 6d 69 | CERT 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f 00 30 | CERT 82 01 8a 02 82 01 81 00 bf 39 0f eb 4b 99 9a 56 | CERT 8f 63 b0 f6 c2 f5 ed fc 41 52 e1 19 3f 7a 33 a2 | CERT ba aa 6c 6b 50 03 d4 25 cf 30 69 df 40 7b 62 d8 | CERT ff 74 3c b1 a4 16 55 2d f6 f2 ef 2b 0b f1 29 3c | CERT 94 b4 ba 07 9f f2 9e 91 94 08 5f c3 c7 e5 97 90 | CERT 51 2b 49 51 8f 47 40 3e 27 bb 71 d7 5f 70 00 fa | CERT c2 38 e5 d9 67 ec 4f b5 d2 e0 ca 78 cd eb 4b f8 | CERT aa 79 f5 98 41 70 f5 80 d4 42 aa ef 91 03 ff 60 | CERT 57 b4 6a 0b bb e0 54 fb bb 83 92 04 96 77 f1 3b | CERT 9a f9 c8 6d 99 52 49 35 b6 f0 17 71 5e fe 46 87 | CERT ac d8 14 1d a3 e0 e2 80 96 ca 57 d6 37 94 e8 d4 | CERT a8 f6 19 e5 99 16 84 6b 91 91 1a fc 3f f4 14 1d | CERT 11 ee b0 7e 42 b5 95 71 9c c6 92 ce be 3c 0f b7 | CERT 8c f5 15 2f 31 ba 36 3f 91 88 58 76 8d f3 01 17 | CERT ea a3 77 27 c0 d5 5b ba 5b 6e f2 9a 5c b3 de 17 | CERT 99 d4 22 87 ba 36 2c f8 d9 14 d6 41 e5 74 64 43 | CERT e1 66 f8 5d c7 06 d9 1a c5 61 e2 74 f0 44 d1 2d | CERT dc 4e 67 1f 5d fb 0e d8 30 54 5b 9c f7 bc 85 96 | CERT 33 4e 75 c4 84 b7 82 f8 cb 7a 8f c5 ea a0 fb 4f | CERT db d3 11 5a d0 49 6c d1 4e 3c 2d b5 68 8e 15 23 | CERT 8b 4a 31 06 b8 5b 4d a0 50 0c 82 c0 19 17 63 a1 | CERT a4 cc 36 77 4f b5 47 56 ba c3 6b 7b 1f f9 26 14 | CERT 4a c4 96 90 22 9b 2b 3c 13 14 ec b9 0c 22 62 58 | CERT 59 1a da c3 19 cb ae d3 3d ca b3 2c 42 01 43 f9 | CERT 88 9d f6 f2 d9 11 a7 e9 02 03 01 00 01 a3 81 df | CERT 30 81 dc 30 2c 06 03 55 1d 11 04 25 30 23 82 21 | CERT 77 65 73 74 2d 62 63 4f 6d 69 74 2e 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 1d | CERT 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 | CERT 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 41 06 | CERT 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 | CERT 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a | CERT 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 | CERT 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 | CERT 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 | CERT 81 00 9b d0 e7 37 37 31 fa 37 21 d6 58 f8 88 34 | CERT 57 f6 5c 39 88 e4 b1 b3 d4 66 53 31 fe df 11 b4 | CERT 5f 4c 6f b3 eb 5f d0 8f 5e a7 3b 5b 78 a3 5a 47 | CERT ea 15 4e 08 dc 75 07 75 e6 7f cb 63 35 fe 85 14 | CERT 2c f2 a5 a6 2a af 05 ee 45 b4 0f d3 3c 12 9e 3e | CERT f3 b3 50 01 59 e8 98 24 87 09 f4 a3 53 87 df 28 | CERT 24 a6 86 6a 8b d5 2c d4 41 b8 55 e9 01 6b ff 2d | CERT 28 6e ef 45 22 ef ac 34 fa 42 0b 0f a2 80 62 02 | CERT 20 09 | emitting length of IKEv2 Certificate Payload: 1239 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-bcOmit.testing.libreswan.org, E=user-west-bcOmit@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAb85D | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAb85D | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAb85D | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAb85D | private key for cert west-bcOmit not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAb85D | #7 spent 5.55 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 7f 15 f5 09 4d b9 8e 11 c7 ed 96 72 ad 48 6d 32 | rsa signature f8 88 0d 1a d5 03 65 fe 4e 15 8e ef 32 8c 70 38 | rsa signature 54 46 73 94 57 ba 8e a6 ab 4f 96 d3 11 f0 2d af | rsa signature 12 57 7c 52 a4 9d 3e 76 a4 30 bc 1c 67 fe b5 18 | rsa signature 52 8d 8d bb 86 af 6b 6c 0d 8e 53 fb 7a 7a 9f 96 | rsa signature de bd ed ef 2e f7 03 47 98 79 f1 e2 14 d7 9b f1 | rsa signature 15 87 a4 10 7a 1b c5 04 9e 98 0c 25 be 5a 21 21 | rsa signature b4 09 05 8a ec 8c 08 ce d1 89 37 43 67 83 5e b9 | rsa signature 25 d1 db 7f 6e 7a c2 9e e5 06 4b 3d f6 c1 30 2e | rsa signature 06 cd 3a 36 06 ef 19 43 88 83 36 5d 4a 17 13 53 | rsa signature 5e 69 ce f8 ec f6 d1 7b e1 45 2f 0a a6 48 e5 6a | rsa signature a8 09 f0 e4 93 cb bc 5a f7 68 a5 fd 52 2a 28 4a | rsa signature 8c bb cc 40 d7 0e 75 7d d8 e9 be eb 84 9e 70 0c | rsa signature 12 24 93 8b e0 0d a9 51 b7 70 82 28 5e cd 38 90 | rsa signature f5 f2 c3 b1 e7 4a 75 b3 8e 1f ad a8 09 81 d2 d6 | rsa signature 55 86 bc ab d8 8f 06 a7 50 ac 62 63 a7 f2 b0 24 | rsa signature 5a ab 74 22 99 f8 da 55 51 0b 0f 3c 5c ec af fd | rsa signature 5b 37 f5 53 aa 0a 3c b6 1f 03 2c 67 9d 3d 7f 48 | rsa signature 39 f9 7d 64 c7 11 6d 65 bc 46 70 71 5c bb 74 7f | rsa signature 52 5e 48 11 65 48 21 72 18 bf b7 b8 70 2b 22 eb | rsa signature c1 ba a6 44 4e d3 ed be c2 27 ae 6f 32 cf 57 07 | rsa signature 23 78 99 b0 fa c9 24 e0 58 8b e7 82 51 21 7e 5f | rsa signature 97 5b 7b 6c 30 ff f7 d8 89 4d 76 60 88 07 bc 52 | rsa signature d3 3e 93 5a 35 fc d5 d0 ee 2e 6e 09 3d 8c 1f 70 | #7 spent 5.84 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #7 | netlink_get_spi: allocated 0xc66c933e for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-bcOmit (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-bcOmit": constructed local ESP/AH proposals for west-bcOmit (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi c6 6c 93 3e | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi c6 6c 93 3e | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi c6 6c 93 3e | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi c6 6c 93 3e | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2077 | emitting length of ISAKMP Message: 2105 | **parse ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2105 (0x839) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2077 (0x81d) | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 cd 09 00 00 00 30 81 c2 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2a 30 28 06 03 | cleartext fragment 55 04 03 0c 21 77 65 73 74 2d 62 63 4f 6d 69 74 | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 31 35 30 33 06 09 2a 86 48 86 | cleartext fragment f7 0d 01 09 01 16 26 75 73 65 72 2d 77 65 73 74 | cleartext fragment 2d 62 63 4f 6d 69 74 40 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 00 04 | cleartext fragment d7 04 30 82 04 ce 30 82 04 37 a0 03 02 01 02 02 | cleartext fragment 01 0d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 | cleartext fragment 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 | cleartext fragment 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 | cleartext fragment 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f | cleartext fragment 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 | cleartext fragment 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 | cleartext fragment 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d | cleartext fragment 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 | cleartext fragment 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 | cleartext fragment 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 | cleartext fragment 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 | cleartext fragment 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 | cleartext fragment 34 35 39 5a 30 81 c2 31 0b 30 09 06 03 55 04 06 | cleartext fragment 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 | cleartext fragment 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 | cleartext fragment 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 | cleartext fragment 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 | cleartext fragment 70 61 72 74 6d 65 6e 74 31 2a 30 28 06 03 55 04 | cleartext fragment 03 0c 21 77 65 73 74 2d 62 63 4f 6d 69 74 2e 74 | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | cleartext fragment 2e 6f 72 67 31 35 30 33 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 09 01 16 26 75 73 65 72 2d 77 65 73 74 2d 62 | cleartext fragment 63 4f 6d 69 74 40 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | cleartext fragment 01 8f 00 30 82 01 8a 02 82 01 81 00 bf 39 0f eb | cleartext fragment 4b 99 9a 56 8f 63 b0 f6 c2 f5 ed fc 41 52 e1 19 | cleartext fragment 3f 7a 33 a2 ba aa 6c 6b 50 03 d4 25 cf 30 69 df | cleartext fragment 40 7b 62 d8 ff 74 3c b1 a4 16 55 2d f6 f2 ef 2b | cleartext fragment 0b f1 29 3c 94 b4 ba 07 9f f2 9e 91 94 08 5f c3 | cleartext fragment c7 e5 97 90 51 2b 49 51 8f 47 40 3e 27 bb 71 d7 | cleartext fragment 5f 70 00 fa c2 38 e5 d9 67 ec 4f b5 d2 e0 ca 78 | cleartext fragment cd eb 4b f8 aa 79 f5 98 41 70 f5 80 d4 42 aa ef | cleartext fragment 91 03 ff 60 57 b4 6a 0b bb e0 54 fb bb 83 92 04 | cleartext fragment 96 77 f1 3b 9a f9 c8 6d 99 52 49 35 b6 f0 17 71 | cleartext fragment 5e fe 46 87 ac d8 14 1d a3 e0 e2 80 96 ca 57 d6 | cleartext fragment 37 94 e8 d4 a8 f6 19 e5 99 16 84 6b 91 91 1a fc | cleartext fragment 3f f4 14 1d 11 ee b0 7e 42 b5 95 71 9c c6 92 ce | cleartext fragment be 3c 0f b7 8c f5 15 2f 31 ba 36 3f 91 88 58 76 | cleartext fragment 8d f3 01 17 ea a3 77 27 c0 d5 5b ba 5b 6e f2 9a | cleartext fragment 5c b3 de 17 99 d4 22 87 ba 36 2c f8 d9 14 d6 41 | cleartext fragment e5 74 64 43 e1 66 f8 5d c7 06 d9 1a c5 61 e2 74 | cleartext fragment f0 44 d1 2d dc 4e 67 1f 5d fb 0e d8 30 54 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 5b 9c f7 bc 85 96 33 4e 75 c4 84 b7 82 f8 cb 7a | cleartext fragment 8f c5 ea a0 fb 4f db d3 11 5a d0 49 6c d1 4e 3c | cleartext fragment 2d b5 68 8e 15 23 8b 4a 31 06 b8 5b 4d a0 50 0c | cleartext fragment 82 c0 19 17 63 a1 a4 cc 36 77 4f b5 47 56 ba c3 | cleartext fragment 6b 7b 1f f9 26 14 4a c4 96 90 22 9b 2b 3c 13 14 | cleartext fragment ec b9 0c 22 62 58 59 1a da c3 19 cb ae d3 3d ca | cleartext fragment b3 2c 42 01 43 f9 88 9d f6 f2 d9 11 a7 e9 02 03 | cleartext fragment 01 00 01 a3 81 df 30 81 dc 30 2c 06 03 55 1d 11 | cleartext fragment 04 25 30 23 82 21 77 65 73 74 2d 62 63 4f 6d 69 | cleartext fragment 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 | cleartext fragment 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30 14 06 | cleartext fragment 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 | cleartext fragment 07 03 02 30 41 06 08 2b 06 01 05 05 07 01 01 04 | cleartext fragment 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 86 | cleartext fragment 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 | cleartext fragment 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f | cleartext fragment 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | cleartext fragment 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 | cleartext fragment 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 | cleartext fragment 01 0b 05 00 03 81 81 00 9b d0 e7 37 37 31 fa 37 | cleartext fragment 21 d6 58 f8 88 34 57 f6 5c 39 88 e4 b1 b3 d4 66 | cleartext fragment 53 31 fe df 11 b4 5f 4c 6f b3 eb 5f d0 8f 5e a7 | cleartext fragment 3b 5b 78 a3 5a 47 ea 15 4e 08 dc 75 07 75 e6 7f | cleartext fragment cb 63 35 fe 85 14 2c f2 a5 a6 2a af 05 ee 45 b4 | cleartext fragment 0f d3 3c 12 9e 3e f3 b3 50 01 59 e8 98 24 87 09 | cleartext fragment f4 a3 53 87 df 28 24 a6 86 6a 8b d5 2c d4 41 b8 | cleartext fragment 55 e9 01 6b ff 2d 28 6e ef 45 22 ef ac 34 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment fa 42 0b 0f a2 80 62 02 20 09 21 00 01 88 01 00 | cleartext fragment 00 00 7f 15 f5 09 4d b9 8e 11 c7 ed 96 72 ad 48 | cleartext fragment 6d 32 f8 88 0d 1a d5 03 65 fe 4e 15 8e ef 32 8c | cleartext fragment 70 38 54 46 73 94 57 ba 8e a6 ab 4f 96 d3 11 f0 | cleartext fragment 2d af 12 57 7c 52 a4 9d 3e 76 a4 30 bc 1c 67 fe | cleartext fragment b5 18 52 8d 8d bb 86 af 6b 6c 0d 8e 53 fb 7a 7a | cleartext fragment 9f 96 de bd ed ef 2e f7 03 47 98 79 f1 e2 14 d7 | cleartext fragment 9b f1 15 87 a4 10 7a 1b c5 04 9e 98 0c 25 be 5a | cleartext fragment 21 21 b4 09 05 8a ec 8c 08 ce d1 89 37 43 67 83 | cleartext fragment 5e b9 25 d1 db 7f 6e 7a c2 9e e5 06 4b 3d f6 c1 | cleartext fragment 30 2e 06 cd 3a 36 06 ef 19 43 88 83 36 5d 4a 17 | cleartext fragment 13 53 5e 69 ce f8 ec f6 d1 7b e1 45 2f 0a a6 48 | cleartext fragment e5 6a a8 09 f0 e4 93 cb bc 5a f7 68 a5 fd 52 2a | cleartext fragment 28 4a 8c bb cc 40 d7 0e 75 7d d8 e9 be eb 84 9e | cleartext fragment 70 0c 12 24 93 8b e0 0d a9 51 b7 70 82 28 5e cd | cleartext fragment 38 90 f5 f2 c3 b1 e7 4a 75 b3 8e 1f ad a8 09 81 | cleartext fragment d2 d6 55 86 bc ab d8 8f 06 a7 50 ac 62 63 a7 f2 | cleartext fragment b0 24 5a ab 74 22 99 f8 da 55 51 0b 0f 3c 5c ec | cleartext fragment af fd 5b 37 f5 53 aa 0a 3c b6 1f 03 2c 67 9d 3d | cleartext fragment 7f 48 39 f9 7d 64 c7 11 6d 65 bc 46 70 71 5c bb | cleartext fragment 74 7f 52 5e 48 11 65 48 21 72 18 bf b7 b8 70 2b | cleartext fragment 22 eb c1 ba a6 44 4e d3 ed be c2 27 ae 6f 32 cf | cleartext fragment 57 07 23 78 99 b0 fa c9 24 e0 58 8b e7 82 51 21 | cleartext fragment 7e 5f 97 5b 7b 6c 30 ff f7 d8 89 4d 76 60 88 07 | cleartext fragment bc 52 d3 3e 93 5a 35 fc d5 d0 ee 2e 6e 09 3d 8c | cleartext fragment 1f 70 2c 00 00 a4 02 00 00 20 01 03 04 02 c6 6c | cleartext fragment 93 3e 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 c6 6c | cleartext fragment 93 3e 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 136 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment c6 6c 93 3e 03 00 00 0c 01 00 00 0c 80 0e 01 00 | cleartext fragment 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | cleartext fragment 00 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 | cleartext fragment c6 6c 93 3e 03 00 00 0c 01 00 00 0c 80 0e 00 80 | cleartext fragment 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | cleartext fragment 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 | cleartext fragment 07 00 00 10 00 00 ff ff c0 01 02 2d c0 01 02 2d | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | cleartext fragment c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 169 | emitting length of ISAKMP Message: 197 | suspend processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #8: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #8 to 0 after switching state | Message ID: recv #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #7.#8 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-bcOmit" #8: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 9b fe 78 eb 62 8b 69 c0 35 92 22 b5 | 1c 50 31 65 bb 82 cf 22 43 02 9c 9f 93 a0 1e 36 | a0 69 80 14 12 83 e9 e6 78 f4 b4 60 49 7c cf e8 | 19 b5 d2 86 e3 d4 31 27 97 d4 a6 87 6b 8c da 25 | 28 1b 39 75 98 58 3f ae 58 3d 16 7d 48 75 3a 5e | ce 1d 71 8e ad 42 85 a6 86 ff 9a 07 70 f0 7e e4 | 17 ad 98 d3 b6 f5 92 32 30 dd ce f0 b6 22 a5 ac | c9 32 6b 96 f9 2e 88 c1 5b 55 1c 3d 41 b7 55 19 | 56 35 17 5a 59 45 8f 13 be 91 9c 9d 86 29 6b 64 | 01 e2 4c 2b e4 6e 53 ba af 9c 77 30 c7 29 26 b9 | 74 69 3e 2b b2 56 5f 58 eb a7 cd 1e 60 72 bd 70 | 56 63 bf dd 6d d1 ef 03 a4 d4 4a a6 d3 f1 14 13 | ec e8 f7 ed 87 53 e8 b2 78 3c dd e3 22 0a 16 73 | fa c5 35 92 86 05 cd e5 21 12 df e0 07 a9 58 7b | 26 0d bb 1d 5a 8d 76 f4 d3 91 34 ef d2 86 bf 58 | 9a b7 90 ba f8 c8 83 3d aa ed e7 da a5 54 23 98 | 9d ee d1 26 8a 25 5e 68 60 2d c5 fc 48 0e 2e 7a | d3 81 d8 5e 58 95 39 76 72 a5 a6 af e5 f1 3e b4 | a8 82 72 4c e0 f2 f7 7d 4e f8 fd 4b d2 5e d8 d9 | 09 4b e8 8a a6 cb 16 c4 dd 95 e9 13 ee 99 c7 f0 | 5c b7 81 80 3c 8f 90 85 d1 95 96 af 34 30 29 b6 | 5f ad 88 af 5a ff 1d 4c 0b 32 ed 64 c2 97 de 47 | b0 ef 6b b6 d2 5f 40 4e 9b 09 f7 2d 5c db a7 f5 | f9 a8 d5 ce 95 ab 25 2b d2 2c a6 fb fb 41 26 8b | 80 fa 6d a9 4d 23 b3 ff bd 77 97 63 83 d9 f0 5f | a9 a8 54 1b 78 fc d9 8b cd 48 73 3c 56 af a8 1a | 8b 37 67 3d a7 8c 04 1e 9b d2 02 8e e8 c2 d6 9b | 66 4d be b7 f1 cd 3e ed 99 be b8 47 91 83 46 d6 | 9a ec fb ec e4 c0 66 50 4a cd 65 d6 11 55 81 bc | 4f 33 0f fd 82 74 6e cd 93 ab 0e c2 72 74 21 c6 | 04 22 e5 90 a9 70 8c a3 f3 28 51 2a da 39 f2 53 | 3a dc 3a b3 1a 82 15 7d 2b 48 99 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 65 e8 d4 17 09 63 45 4e 39 9a fc e7 | c1 32 72 f6 83 e9 40 f7 06 95 c7 d4 5a 7e 01 3d | de e6 11 71 f4 99 a3 93 78 cb d5 be f2 b0 da e1 | 8c 19 23 5f 35 c2 e6 3d c4 6b 20 31 88 29 02 25 | 86 3e a5 65 e7 99 9a ba 0f 53 45 51 d1 99 06 60 | 83 b4 6d 99 75 05 c4 1b d6 74 40 ce 10 5e 49 e2 | 7b 3c 57 70 c3 3f 79 be 96 d8 d1 3a 3a 5d 63 36 | 4c c9 8c 79 81 2c a4 8b 02 93 09 33 fe 70 11 98 | 7a f2 03 72 52 93 e1 0f 5a fd 26 f8 3e f0 2d 27 | 14 94 2e de 25 86 49 1f 98 86 c8 1d 1f 9f 6b 0f | 22 f4 3f a9 9b f3 ce 48 2f ac 96 e4 d5 df ff 5e | d1 c5 78 15 a8 40 5e 4b 0e 73 2b 3a 70 4f b5 7f | ee b0 5e b9 bc 8d ef 6e 84 ac 6a a8 f9 cc 67 de | d6 ce eb b1 f3 35 11 d3 79 fb 8f 47 71 e9 63 45 | 58 39 07 36 fe 93 30 8a b2 5c 69 c8 96 fe 2b 9f | 37 9e c4 b6 03 d1 6f 17 c6 7d 8f 1e 15 2c 87 bf | bc 04 7b 95 06 1a 88 09 43 d6 81 71 09 42 08 74 | f5 05 79 90 20 8b ea ab 5e 69 de 6f d7 5c 10 4a | 0f 31 0d e5 cc 4c ab 69 88 69 05 c7 a3 46 4b 45 | be 47 c6 f6 61 0e 94 18 77 3c 7e 25 04 9e 83 7e | 7d 18 86 86 a9 ba a5 61 7a 92 f1 09 05 75 48 bb | 52 66 cd ee 1d 04 cc a1 15 90 03 8c 63 bc a6 c5 | ee ff e6 3d fa f2 37 4d c2 44 83 56 d1 3c fc 23 | 61 85 d3 11 37 27 42 ec db 7a 73 67 74 d6 d0 ed | 93 78 40 24 d2 c9 73 91 1e 59 0a 49 e8 46 1a 83 | 95 ca 44 aa 89 cc 54 fb e1 ae 1c 09 98 05 86 71 | a4 a1 eb 4e 89 5b c2 fb 5a b7 d2 d4 9a 89 0d e7 | a8 e8 de 5a 16 41 96 af 65 e7 49 76 7e 31 be 53 | 25 d9 8e 89 2e 17 72 f8 78 d4 9f ca dc 96 77 c6 | f2 a7 41 88 1e 59 b3 5d 4a 2b 9d 9b a6 0b 13 15 | 83 8b 26 e4 6b de fc 6c e8 8a f5 84 9d 00 19 ac | 4f eb 64 cb d6 7d 9f 03 7a 4c 5d | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 f3 97 83 07 38 78 b0 03 1c 43 ad 84 | b2 9f 33 a8 a5 31 d1 70 7c dd 30 05 37 46 c0 9a | 7e dc d1 a4 60 9b db 7d 8d 4b dd 00 52 f4 4b 36 | d3 08 07 ac 6a 89 9d 17 39 60 f4 90 c9 cd 65 90 | 90 4d 77 bc 4d 76 2a 31 a6 66 2d ba ff ba 58 d2 | c2 ad 65 7f bc d1 36 32 b7 1a 44 c4 04 86 f6 af | b5 5f 96 b2 b7 c8 67 db ff ad 1c 8d 29 31 59 b1 | e0 9e f0 78 5f 2c 57 e9 dc 11 19 3a 1a bd 16 99 | da 70 4d da 68 8b a4 7a cc 9b 92 b2 b5 59 73 e5 | f2 59 b7 00 95 83 e1 21 1d 07 1b 97 97 2b ce 1a | aa 83 24 ae 93 77 21 a0 16 1d 2e a2 2e a3 4e 3d | ee c2 2d 08 2b e2 83 66 7e d7 aa 13 0f 0b 2a 0b | 9a 79 21 fc c4 e9 9c 6a 55 2d e7 27 88 d8 db d3 | bc 10 a8 74 58 86 65 f6 e0 a2 16 04 b4 d3 f8 3b | da 08 54 ab 17 40 76 9e a5 a3 81 92 17 12 77 93 | d2 c2 ba bb 62 a8 aa 98 0d 28 62 59 8d f1 fd c7 | e3 cf e5 03 10 50 51 c3 65 03 5a 92 32 83 b0 6f | 54 fc 52 70 d7 c7 2f a7 ba b0 2c 94 91 c4 89 93 | ee 77 3a 0a c7 6a b4 90 5b db cd 63 e6 0b 1b 87 | d9 a3 e8 a6 e4 c9 58 6a 31 cc 0d e4 d3 af e0 35 | f8 c8 d4 48 72 19 ec 5b 9e 8a 9f da 2f 57 74 64 | 5d 25 c1 a8 43 3a 63 47 09 f7 c9 8e 8a cc 1d 0d | 4e 5b 69 0b 8d 33 7e e1 9d 3d ee d2 48 aa de 7b | ea 0f 91 f0 9b 30 bd 82 a0 69 0a 07 f9 0e 23 cd | 55 d6 3c 6b 67 f4 68 ac fd 68 94 d2 78 cc e3 78 | 20 f0 fb 25 99 f5 6c ed 27 2d e2 30 af cb 86 df | 8e e8 98 09 77 bc 6a 85 43 9d a0 e2 de 95 cf 9b | 12 46 98 46 2f 69 72 38 42 65 14 32 2e c1 d7 90 | 9c d1 d2 19 84 3d 8f 2d 3e 83 d9 26 67 89 b6 e1 | 11 37 69 28 84 b6 ed fb 69 f0 56 9b df 1c b9 0b | 9e 06 dd b4 1c f4 1f 29 9a 2f 2a d8 f8 4e 1c 04 | fb 9e 43 42 41 a8 27 ce cd cd ba | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 79 7e 90 8a 32 b7 fb a6 16 0f ea 1f | c8 72 92 be f9 cd 26 9b 00 35 42 c7 f2 06 2d 9a | 68 1d 06 9e 48 26 ef 7f 45 8e d8 d7 e8 20 c1 2e | bc b2 8a 90 b9 cb ed d9 31 04 63 96 e3 cd ae f3 | d6 5f 8f 67 02 b9 99 93 3f bb 06 6c ba 24 5e db | 1d d8 5c 52 68 3b 57 3c 38 19 e6 8a 31 96 c9 d9 | 22 5b d0 ee 09 e0 7a 2d 46 99 64 cf b3 ed 56 bb | 3f 09 4d b8 ce 9e 4c 1c f0 c2 c6 2e e2 5e 97 dd | e2 15 49 6d a2 dd 35 67 68 00 e2 bf 5f f5 02 b9 | 37 5e 6c aa 7a 4e 0e b2 e7 47 76 db 0f d0 c4 d0 | 43 01 63 a4 32 45 47 cc d5 44 ec e7 77 b1 bd cb | 49 0d d8 37 f8 b4 5c 47 0f 1f ca f3 b8 d7 01 f7 | af 53 6b d9 0d 31 e2 b5 63 ed b2 25 7f a1 32 ed | 97 05 12 7d 2e 17 22 98 9e 0b 6c 3e 82 78 9e 01 | 7e cb e6 76 0e 6c 3e f4 9a 76 48 40 ff ce 60 d3 | 6a f5 6b 85 24 10 a1 9c 8d f0 a6 af ea f6 a2 85 | 24 12 97 ef 0c 3c a0 b2 45 4e 6f c4 3a fe 52 8c | 8d de 03 2e c6 17 e0 23 60 5b 9c 00 12 19 7c 68 | 0e f0 e7 03 30 31 09 19 a4 d0 e9 32 d9 93 6e 6e | ed 6c c9 cf 6c d1 90 9e 68 ee 19 e3 e3 28 ae 26 | 5d 05 be af 8d be 1f 4b 54 cc 5e b6 64 17 a1 1c | 25 dc fa 81 9b 85 04 ee 87 5b c5 a3 c3 41 be 42 | ad 30 7a be b5 7b f2 ba 05 06 2f b7 e1 c6 3b 5c | 5a af a7 6e c0 2c 29 35 92 45 3b 0c 51 39 23 22 | d5 f4 ca 1f 7c 99 7c 28 7c 0d 58 98 ea fa f2 2c | 47 fa ed e5 96 59 3f ba ce 33 56 dc 75 7e 00 33 | 4e 91 d6 f7 e7 39 3b a9 c2 f7 8c 7f 53 d0 f1 f4 | 4e bc ee 98 07 18 43 20 aa 23 31 03 09 54 90 87 | c5 6a 77 eb 59 1a c8 e5 de 62 b0 90 17 67 08 59 | 2b f9 0d 8a 85 8d 00 64 bf 4b c4 85 17 5c dd 80 | 06 09 b0 a1 f5 c1 6b f7 38 cc de c6 73 7c 62 c7 | 47 6d ce 18 43 70 a9 63 75 7f 79 | sending 197 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 35 20 23 08 00 00 00 01 00 00 00 c5 00 00 00 a9 | 00 05 00 05 88 53 07 89 74 f0 5c 1e 4a 8e 18 40 | 73 55 87 e3 94 53 b4 00 c4 de 15 37 62 ae 17 22 | b6 e3 af 1e d2 57 7c 0a 8e 1e ec aa 7d 1f 86 9d | bb cb d2 2e 05 d1 d3 4d 2f ef 47 06 0f ba ed 29 | 8c 55 51 c3 9e d7 56 0a 87 8c eb 67 59 73 69 d6 | 34 a2 25 07 90 bd 1d 0a 7a 38 c0 57 8f 46 d9 76 | b0 b7 71 5d c5 a1 50 36 7f 33 bc b4 93 0c f8 5c | 7a bf 97 67 93 12 5a ec e8 80 77 30 cf dc 01 17 | 27 5b c1 ea 19 98 17 87 be 6c bf b9 67 94 c6 9a | 3f d6 13 90 1f 24 2c c7 15 8f 31 1b 0d 19 56 6c | 72 d3 e2 62 54 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-bcOmit" #8: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5f8950 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 | #8 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48989.621408 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 1.1 milliseconds | #7 spent 7.17 milliseconds in resume sending helper answer | stop processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f20900043d0 | spent 0.00226 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 41 74 a9 7d 49 bc 07 8e 1f 55 d6 d7 cf 9a 53 1a | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 59 6f a3 ba 52 73 f6 d4 bc 81 d1 de 11 53 1a 2b | a2 03 91 ab 62 97 fd a2 ef e4 f4 91 fa 16 5f f2 | 9c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 41 74 a9 7d 49 bc 07 8e | responder cookie: | 1f 55 d6 d7 cf 9a 53 1a | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #7 in PARENT_I2 (find_v2_ike_sa) | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #8 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #8 is idle | #8 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #8 in state PARENT_I2: sent v2I2, expected v2R2 | #8 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-bcOmit" #8: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #7 ikev2.ike failed auth-failed "west-bcOmit" #8: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #8 fd@25 .st_dev=9 .st_ino=1677963 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #7 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2084006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5f8950 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5f8950 | inserting event EVENT_RETRANSMIT, timeout in 59.996871 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 "west-bcOmit" #8: STATE_PARENT_I2: suppressing retransmits; will wait 59.996871 seconds for retry | #8 spent 0.0506 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.202 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.21 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-bcOmit" (in terminate_a_connection() at terminate.c:69) "west-bcOmit": terminating SAs using this connection | connection 'west-bcOmit' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5453f0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #8 | suspend processing: connection "west-bcOmit" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #8 ikev2.child deleted other | #8 spent 0.0506 milliseconds in total | [RE]START processing: state #8 connection "west-bcOmit" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-bcOmit" #8: deleting state (STATE_PARENT_I2) aged 0.071s and NOT sending notification | child state #8: PARENT_I2(open IKE SA) => delete | child state #8: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #8 requesting EVENT_RETRANSMIT to be deleted | #8 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2084006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5f8950 | priority calculation of connection "west-bcOmit" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-bcOmit" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-bcOmit | State DB: deleting IKEv2 state #8 in CHILDSA_DEL | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #7 | start processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #7 ikev2.ike deleted auth-failed | #7 spent 10.2 milliseconds in total | [RE]START processing: state #7 connection "west-bcOmit" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-bcOmit" #7: deleting state (STATE_PARENT_I2) aged 0.076s and NOT sending notification | parent state #7: PARENT_I2(open IKE SA) => delete | state #7 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f207c006900 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f207c002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-bcOmit | State DB: deleting IKEv2 state #7 in PARENT_I2 | parent state #7: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #7 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-bcOmit" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-bcOmit' wasn't on the list | stop processing: connection "west-bcOmit" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.235 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical-eku-ipsecIKE" (in initiate_a_connection() at initiate.c:186) | connection 'west-ekuCritical-eku-ipsecIKE' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #9 at 0x56366a5a3770 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-ekuCritical-eku-ipsecIKE" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-ekuCritical-eku-ipsecIKE" IKE SA #9 "west-ekuCritical-eku-ipsecIKE" "west-ekuCritical-eku-ipsecIKE" #9: initiating v2 parent SA | constructing local IKE proposals for west-ekuCritical-eku-ipsecIKE (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-ekuCritical-eku-ipsecIKE": constructed local IKE proposals for west-ekuCritical-eku-ipsecIKE (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 9 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5f8950 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 | #9 spent 0.133 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 1 resuming | RESET processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-ekuCritical-eku-ipsecIKE" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 1 starting work-order 9 for state #9 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 9 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.213 milliseconds in whack | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 9 time elapsed 0.001006 seconds | (#9) spent 1.01 milliseconds in crypto helper computing work-order 9: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 9 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f2088004f50 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 9 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #9 | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-ekuCritical-eku-ipsecIKE (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 05 7b 11 5b 6e 7b 88 ee 5c 8c ef f8 e9 51 b0 23 | ikev2 g^x 84 1c 48 53 8c 19 76 ea 05 c0 62 70 53 16 59 c1 | ikev2 g^x 16 47 8d bf 15 35 4b 64 87 0e a2 66 8f 12 44 39 | ikev2 g^x f2 e8 87 6b aa e4 ad 77 01 80 ed 04 01 46 c3 90 | ikev2 g^x aa 01 08 34 b2 4c 88 c7 b2 99 91 fd f5 ef 78 bc | ikev2 g^x 57 c5 92 88 30 19 d6 18 5d 19 e1 ea e0 c3 03 2d | ikev2 g^x d4 d1 3d 79 cc e5 b4 d0 52 5f de 05 1a 02 8c fc | ikev2 g^x bc e9 e5 b2 f4 32 6c f3 3d 26 8b 3d c3 d1 9d a2 | ikev2 g^x cf 4a 9d db 16 45 6e f6 30 06 89 3d 7c 9c a1 90 | ikev2 g^x a1 f6 d7 d8 c0 d8 5e ac de 5f c8 f4 88 86 ce 44 | ikev2 g^x 8f c4 44 8a 92 66 c6 f9 65 fa f3 cf 0d cb 38 db | ikev2 g^x 0f 6b 1a db 38 3d 19 2d 60 63 c3 55 d5 ef 18 08 | ikev2 g^x bd 62 36 be 82 ca 0c 90 3a a2 c9 b6 52 43 f3 a4 | ikev2 g^x 45 2d aa 1d 56 84 36 ea d3 eb c6 85 14 53 30 94 | ikev2 g^x b0 7a d8 b5 69 68 10 40 69 e1 f7 06 7e 9e c2 a8 | ikev2 g^x ae 64 b6 b8 35 75 b5 71 95 20 c3 f3 1a a7 6e 2c | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 04 a0 d3 25 ad 53 0c ba 0e 9d b2 f2 29 e9 39 4a | IKEv2 nonce 11 7d 0b e3 dc 99 06 b8 77 de b6 0e 4b d3 f5 ad | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 92 07 64 1f f2 5e b2 51 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= ee 85 24 19 bd 88 6b 5b 4f 2d 91 c3 1f 20 b7 d5 | natd_hash: hash= 3e 22 96 bf | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ee 85 24 19 bd 88 6b 5b 4f 2d 91 c3 1f 20 b7 d5 | Notify data 3e 22 96 bf | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 92 07 64 1f f2 5e b2 51 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= ea a0 0e 78 06 a2 2e f5 eb ba db 62 be 47 45 40 | natd_hash: hash= 44 4f b7 6d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ea a0 0e 78 06 a2 2e f5 eb ba db 62 be 47 45 40 | Notify data 44 4f b7 6d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #9: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #9 to 4294967295 after switching state | Message ID: IKE #9 skipping update_recv as MD is fake | Message ID: sent #9 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-ekuCritical-eku-ipsecIKE" #9: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 92 07 64 1f f2 5e b2 51 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 05 7b 11 5b 6e 7b 88 ee | 5c 8c ef f8 e9 51 b0 23 84 1c 48 53 8c 19 76 ea | 05 c0 62 70 53 16 59 c1 16 47 8d bf 15 35 4b 64 | 87 0e a2 66 8f 12 44 39 f2 e8 87 6b aa e4 ad 77 | 01 80 ed 04 01 46 c3 90 aa 01 08 34 b2 4c 88 c7 | b2 99 91 fd f5 ef 78 bc 57 c5 92 88 30 19 d6 18 | 5d 19 e1 ea e0 c3 03 2d d4 d1 3d 79 cc e5 b4 d0 | 52 5f de 05 1a 02 8c fc bc e9 e5 b2 f4 32 6c f3 | 3d 26 8b 3d c3 d1 9d a2 cf 4a 9d db 16 45 6e f6 | 30 06 89 3d 7c 9c a1 90 a1 f6 d7 d8 c0 d8 5e ac | de 5f c8 f4 88 86 ce 44 8f c4 44 8a 92 66 c6 f9 | 65 fa f3 cf 0d cb 38 db 0f 6b 1a db 38 3d 19 2d | 60 63 c3 55 d5 ef 18 08 bd 62 36 be 82 ca 0c 90 | 3a a2 c9 b6 52 43 f3 a4 45 2d aa 1d 56 84 36 ea | d3 eb c6 85 14 53 30 94 b0 7a d8 b5 69 68 10 40 | 69 e1 f7 06 7e 9e c2 a8 ae 64 b6 b8 35 75 b5 71 | 95 20 c3 f3 1a a7 6e 2c 29 00 00 24 04 a0 d3 25 | ad 53 0c ba 0e 9d b2 f2 29 e9 39 4a 11 7d 0b e3 | dc 99 06 b8 77 de b6 0e 4b d3 f5 ad 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 ee 85 24 19 | bd 88 6b 5b 4f 2d 91 c3 1f 20 b7 d5 3e 22 96 bf | 00 00 00 1c 00 00 40 05 ea a0 0e 78 06 a2 2e f5 | eb ba db 62 be 47 45 40 44 4f b7 6d | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2084006900 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5f8950 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuCritical-eku-ipsecIKE" #9: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5f8950 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2084006900 size 128 | #9 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48991.803988 | resume sending helper answer for #9 suppresed complete_v2_state_transition() and stole MD | #9 spent 0.838 milliseconds in resume sending helper answer | stop processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2088004f50 | spent 0.00215 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 c6 67 92 45 | a3 2d 14 a8 35 23 8a f0 b6 44 8e 42 cf da 8d aa | 0a eb 41 47 d1 3f 8c 4d 78 b9 99 de 57 68 75 c7 | f3 de bd 51 80 e3 c9 57 0c e2 a9 60 6f 2f da 8e | 6d bb 4e 91 52 2a ff 5b f7 d8 f7 b7 5f 8b 79 97 | 8e 0e 24 f0 0a 30 99 f9 ad 4a a3 49 7a ce d8 f2 | c8 39 bf eb a6 d1 a2 81 46 fe 89 64 43 a1 89 79 | 27 ed c1 ea 84 1f 1a 3e 8e 70 05 2d 1c 1c 70 06 | 46 69 2b d0 9c 3a e4 d9 32 d0 b7 33 80 6e 0d f6 | bb 1f 8b ba a0 5d 25 47 87 b3 e6 6e 42 2c 2d ae | 08 0a 9e 6c c6 3a a7 da f4 aa 75 26 04 82 f8 83 | e4 47 bf 8c 7b 99 40 9a 73 16 16 da ef 17 08 54 | ba da 3c b8 68 14 96 f0 21 c7 74 71 d2 84 8c 73 | 8f d3 fe ae 59 ab f7 ae e6 29 43 93 80 d9 0f b6 | 28 29 0e 80 fe f0 3f 8e 07 fc 30 20 3f a0 28 3a | 47 1b e2 22 57 e0 39 46 5c 10 e0 63 1f a4 8e 6e | d9 00 d9 77 db 8d 08 d7 76 2f a7 ba 29 00 00 24 | 15 4b 5d 40 e7 0e f4 50 49 39 6b 72 03 84 2d 33 | 0d 85 33 8f 23 e1 7a a2 29 7b 3b 9b 2b 03 56 82 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 1c 66 82 fa 87 d0 8c a4 0b c8 54 47 56 00 f7 67 | ff f1 7d 5a 26 00 00 1c 00 00 40 05 89 ff 8e f4 | a8 9a df 02 49 4b ed a7 45 e4 e9 13 c8 0f 2a 59 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #9 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #9 is idle | #9 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #9 IKE SPIi and SPI[ir] | #9 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-ekuCritical-eku-ipsecIKE (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 92 07 64 1f f2 5e b2 51 | natd_hash: rcookie= 47 b8 eb fe 60 ea aa 1d | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 89 ff 8e f4 a8 9a df 02 49 4b ed a7 45 e4 e9 13 | natd_hash: hash= c8 0f 2a 59 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 92 07 64 1f f2 5e b2 51 | natd_hash: rcookie= 47 b8 eb fe 60 ea aa 1d | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 1c 66 82 fa 87 d0 8c a4 0b c8 54 47 56 00 f7 67 | natd_hash: hash= ff f1 7d 5a | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 10 for state #9 | state #9 requesting EVENT_RETRANSMIT to be deleted | #9 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2084006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5f8950 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2088000c20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2088004f50 size 128 | #9 spent 0.167 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 4 resuming | crypto helper 4 starting work-order 10 for state #9 | #9 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 | [RE]START processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-ekuCritical-eku-ipsecIKE" #9 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.351 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.358 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 time elapsed 0.001379 seconds | (#9) spent 1.38 milliseconds in crypto helper computing work-order 10: ikev2_inR1outI2 KE (pcr) | crypto helper 4 sending results from work-order 10 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f208c004470 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 10 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #9: calculating g^{xy}, sending I2 | creating state object #10 at 0x56366a5beee0 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "west-ekuCritical-eku-ipsecIKE" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.45:500 from #9.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #9.#10; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2088004f50 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2088000c20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2088000c20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f2088004f50 size 128 | parent state #9: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 233 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 e6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 3c 30 3a 06 03 55 04 03 0c 33 77 65 73 | my identity 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d 65 6b | my identity 75 2d 69 70 73 65 63 49 4b 45 2e 74 65 73 74 69 | my identity 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | my identity 31 47 30 45 06 09 2a 86 48 86 f7 0d 01 09 01 16 | my identity 38 75 73 65 72 2d 77 65 73 74 2d 65 6b 75 43 72 | my identity 69 74 69 63 61 6c 2d 65 6b 75 2d 69 70 73 65 63 | my identity 49 4b 45 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | my identity 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 241 | Sending [CERT] of certificate: E=user-west-ekuCritical-eku-ipsecIKE@testing.libreswan.org,CN=west-ekuCritical-eku-ipsecIKE.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1306 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 05 16 30 82 04 7f a0 03 02 01 02 02 01 27 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 e6 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 3c 30 3a 06 03 55 04 03 0c 33 77 | CERT 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d | CERT 65 6b 75 2d 69 70 73 65 63 49 4b 45 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 47 30 45 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 38 75 73 65 72 2d 77 65 73 74 2d 65 6b 75 | CERT 43 72 69 74 69 63 61 6c 2d 65 6b 75 2d 69 70 73 | CERT 65 63 49 4b 45 40 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c1 f2 8b a8 | CERT 14 b1 f5 6a 8a 44 9d dd af 61 68 33 c0 64 25 d3 | CERT 84 63 5f 7e e7 9f cf 96 2b 99 16 1f 96 a0 97 46 | CERT 6a 25 59 f5 f6 32 cc 5d fc 78 26 80 d5 66 9a ec | CERT 72 ad 3e 27 57 b8 1b 12 7b a0 2f 5f 15 be 94 b6 | CERT 20 a0 28 33 61 ea 55 78 8f fb 1f a2 5c 47 f4 7b | CERT 00 29 50 13 69 ce fc e9 32 77 1f 66 0e ec a5 9e | CERT 3b ae 4e 6a aa a1 e8 e3 bd 87 5e cd d4 cc 5e 7c | CERT 6b 2f 34 a6 21 da 92 fe a9 4d 8f 83 c6 a3 69 50 | CERT 6f 2a 70 24 34 46 c1 97 79 64 4f 0d 83 7f 92 53 | CERT 46 cc f1 32 35 78 be e8 47 96 1f 4c 0a 38 eb d9 | CERT 6b c3 8e 29 22 0e d8 72 75 c3 e0 1b 45 c2 73 eb | CERT 90 86 85 3d bd 09 d8 e9 b9 28 f3 68 53 92 dc 79 | CERT f6 36 4c 1a d0 4a 8a 2e 2b 2b 76 0b f5 a9 3b 7d | CERT a5 c5 93 8b 22 54 96 b2 bc 5b 6d 0c 79 3a 64 13 | CERT fc cd 62 bb 32 b7 fa 52 ff 46 c9 0e 58 ee a4 f1 | CERT 54 fe d8 c7 a8 e7 41 7e e4 4d 64 6f b4 ed 27 97 | CERT 72 00 d1 94 e6 ad cd f3 94 05 0e 46 2f 0d a5 ec | CERT d0 c5 6c 59 4f dc b5 4c 5b 2e b9 14 54 56 46 bb | CERT 5e 61 a4 63 dc df 48 56 32 fa 8c 60 10 33 2e 45 | CERT 4d 29 73 8a a7 2f 26 cb 18 fa db 45 89 ee 56 b4 | CERT 3c 1f 1a b1 e5 d2 e4 40 f7 91 a2 54 37 3d 8d ef | CERT ff 78 89 52 b1 bf a3 ee 96 e7 28 34 b6 ef a8 f0 | CERT 67 20 4d 4f c1 ae 71 31 df 94 cd 75 7c cf 16 ab | CERT 88 17 b4 63 8d bc 12 b1 56 da ce 3d 02 03 01 00 | CERT 01 a3 82 01 02 30 81 ff 30 09 06 03 55 1d 13 04 | CERT 02 30 00 30 3e 06 03 55 1d 11 04 37 30 35 82 33 | CERT 77 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c | CERT 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 2e 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 | CERT 02 07 80 30 20 06 03 55 1d 25 01 01 ff 04 16 30 | CERT 14 06 08 2b 06 01 05 05 07 03 11 06 08 2b 06 01 | CERT 05 05 07 03 11 30 41 06 08 2b 06 01 05 05 07 01 | CERT 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 | CERT 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 | CERT 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a | CERT 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f | CERT 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 | CERT 0d 01 01 0b 05 00 03 81 81 00 05 42 51 ba ca 14 | CERT a6 0f 08 a4 71 ec 04 46 53 52 db 31 70 fb 8d e4 | CERT a8 9c 7f ea d5 cd 57 05 db b4 dc c2 a3 10 51 8c | CERT e0 24 3e 4b 13 53 b3 98 11 6d fe be a6 ca 83 1d | CERT 45 58 6f 64 0b 14 b0 e5 36 e5 25 54 29 89 26 a5 | CERT 20 b5 03 03 d0 d7 9a aa 92 70 6d 46 81 a3 d4 19 | CERT 2c d5 cc a5 0d a5 51 4d 9d e0 d2 13 f1 f4 00 ad | CERT 25 11 15 5f 12 49 63 0f 58 69 47 6c 92 15 92 13 | CERT ee ab 7c 75 2f ad 03 c8 43 4b | emitting length of IKEv2 Certificate Payload: 1311 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-ipsecIKE.testing.libreswan.org, E=user-west-ekuCritical-eku-ipsecIKE@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAcHyi | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAcHyi | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAcHyi | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAcHyi | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAcHyi | private key for cert west-ekuCritical-eku-ipsecIKE not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAcHyi | #9 spent 5.68 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 1f 55 ed b4 75 1c b4 b5 ab df 80 6f cf d4 0b 59 | rsa signature 35 40 44 d0 f7 9a f9 56 17 d7 1e 83 12 30 1a 2c | rsa signature e0 4d 28 0e 82 03 11 77 52 e2 41 23 08 ba 87 80 | rsa signature 88 de de de 35 2c b2 eb 17 b5 0e 0e 8e f2 78 7f | rsa signature bc f2 a4 d9 f8 65 fa 1d 76 42 9a 4a f9 c5 06 02 | rsa signature 75 6f 81 93 4f f7 48 7b 79 04 9a e4 e4 de 13 fa | rsa signature 3c f7 8b b9 c7 20 e3 9d ca c5 25 35 2e 61 73 78 | rsa signature 38 21 16 52 86 51 3c 23 4f 22 9d a6 51 33 3a d8 | rsa signature 37 20 e9 0e a8 5a 30 20 d4 35 38 9a 83 8b f0 9b | rsa signature 60 b5 45 0b 5f 3e 62 80 ce f8 38 1b c2 d5 f0 c9 | rsa signature 2c 7e 96 3d 40 78 70 ef 9c c3 57 11 fd dc 41 4f | rsa signature f5 09 ea 2e 21 db 16 eb 7d 6b 9c ad 42 7a 2e 48 | rsa signature 95 17 b7 38 01 a4 67 fb 11 8c 7c 19 53 81 f3 7d | rsa signature 6a ea 01 36 3c 6c 6c ea 0e 34 23 8e e9 48 cb 5b | rsa signature 28 ed d8 b3 29 9f ec cc d4 25 70 6a f1 ad 72 8d | rsa signature ff ee 5d b8 3a e8 21 b6 41 ca 82 e6 ba 4d 0e 81 | rsa signature bc 3c 92 f0 20 ff be 1d 3e 01 f3 fc 35 49 71 47 | rsa signature 0a de e7 24 58 33 b3 89 a1 61 54 b8 b8 3b 81 aa | rsa signature 7e 4d 15 a4 cf 59 cc 72 e5 88 41 5f 20 31 de d6 | rsa signature 8e b1 ca 67 9c e2 9e 62 71 ad 91 3e bf e4 b4 69 | rsa signature cb 86 fa 1a d6 46 cb 83 de 23 c5 8e 8a 15 d7 ea | rsa signature 94 e0 1e 4a 66 31 8d 67 d4 83 45 91 b2 1f f1 59 | rsa signature d8 0e 77 5c 5f cc a4 fd e9 2f f2 96 81 da fd 58 | rsa signature 0d 5c 06 a5 d5 5e 62 c4 36 50 c7 2d cf ff fe 02 | #9 spent 5.99 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #9 | netlink_get_spi: allocated 0x989f48f7 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-ekuCritical-eku-ipsecIKE (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-ekuCritical-eku-ipsecIKE": constructed local ESP/AH proposals for west-ekuCritical-eku-ipsecIKE (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 98 9f 48 f7 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 98 9f 48 f7 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 98 9f 48 f7 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 98 9f 48 f7 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2185 | emitting length of ISAKMP Message: 2213 | **parse ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2213 (0x8a5) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2185 (0x889) | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 f1 09 00 00 00 30 81 e6 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 3c 30 3a 06 03 | cleartext fragment 55 04 03 0c 33 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2d 65 6b 75 2d 69 70 73 65 63 49 | cleartext fragment 4b 45 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | cleartext fragment 73 77 61 6e 2e 6f 72 67 31 47 30 45 06 09 2a 86 | cleartext fragment 48 86 f7 0d 01 09 01 16 38 75 73 65 72 2d 77 65 | cleartext fragment 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d 65 | cleartext fragment 6b 75 2d 69 70 73 65 63 49 4b 45 40 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 27 00 05 1f 04 30 82 05 16 30 82 04 7f a0 03 | cleartext fragment 02 01 02 02 01 27 30 0d 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 | cleartext fragment 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 39 31 34 31 39 34 34 35 39 5a 30 81 e6 31 0b 30 | cleartext fragment 09 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 | cleartext fragment 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 3c 30 3a | cleartext fragment 06 03 55 04 03 0c 33 77 65 73 74 2d 65 6b 75 43 | cleartext fragment 72 69 74 69 63 61 6c 2d 65 6b 75 2d 69 70 73 65 | cleartext fragment 63 49 4b 45 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 31 47 30 45 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 38 75 73 65 72 2d | cleartext fragment 77 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c | cleartext fragment 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 40 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 | cleartext fragment 82 01 81 00 c1 f2 8b a8 14 b1 f5 6a 8a 44 9d dd | cleartext fragment af 61 68 33 c0 64 25 d3 84 63 5f 7e e7 9f cf 96 | cleartext fragment 2b 99 16 1f 96 a0 97 46 6a 25 59 f5 f6 32 cc 5d | cleartext fragment fc 78 26 80 d5 66 9a ec 72 ad 3e 27 57 b8 1b 12 | cleartext fragment 7b a0 2f 5f 15 be 94 b6 20 a0 28 33 61 ea 55 78 | cleartext fragment 8f fb 1f a2 5c 47 f4 7b 00 29 50 13 69 ce fc e9 | cleartext fragment 32 77 1f 66 0e ec a5 9e 3b ae 4e 6a aa a1 e8 e3 | cleartext fragment bd 87 5e cd d4 cc 5e 7c 6b 2f 34 a6 21 da 92 fe | cleartext fragment a9 4d 8f 83 c6 a3 69 50 6f 2a 70 24 34 46 c1 97 | cleartext fragment 79 64 4f 0d 83 7f 92 53 46 cc f1 32 35 78 be e8 | cleartext fragment 47 96 1f 4c 0a 38 eb d9 6b c3 8e 29 22 0e d8 72 | cleartext fragment 75 c3 e0 1b 45 c2 73 eb 90 86 85 3d bd 09 d8 e9 | cleartext fragment b9 28 f3 68 53 92 dc 79 f6 36 4c 1a d0 4a | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 8a 2e 2b 2b 76 0b f5 a9 3b 7d a5 c5 93 8b 22 54 | cleartext fragment 96 b2 bc 5b 6d 0c 79 3a 64 13 fc cd 62 bb 32 b7 | cleartext fragment fa 52 ff 46 c9 0e 58 ee a4 f1 54 fe d8 c7 a8 e7 | cleartext fragment 41 7e e4 4d 64 6f b4 ed 27 97 72 00 d1 94 e6 ad | cleartext fragment cd f3 94 05 0e 46 2f 0d a5 ec d0 c5 6c 59 4f dc | cleartext fragment b5 4c 5b 2e b9 14 54 56 46 bb 5e 61 a4 63 dc df | cleartext fragment 48 56 32 fa 8c 60 10 33 2e 45 4d 29 73 8a a7 2f | cleartext fragment 26 cb 18 fa db 45 89 ee 56 b4 3c 1f 1a b1 e5 d2 | cleartext fragment e4 40 f7 91 a2 54 37 3d 8d ef ff 78 89 52 b1 bf | cleartext fragment a3 ee 96 e7 28 34 b6 ef a8 f0 67 20 4d 4f c1 ae | cleartext fragment 71 31 df 94 cd 75 7c cf 16 ab 88 17 b4 63 8d bc | cleartext fragment 12 b1 56 da ce 3d 02 03 01 00 01 a3 82 01 02 30 | cleartext fragment 81 ff 30 09 06 03 55 1d 13 04 02 30 00 30 3e 06 | cleartext fragment 03 55 1d 11 04 37 30 35 82 33 77 65 73 74 2d 65 | cleartext fragment 6b 75 43 72 69 74 69 63 61 6c 2d 65 6b 75 2d 69 | cleartext fragment 70 73 65 63 49 4b 45 2e 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 0e 06 | cleartext fragment 03 55 1d 0f 01 01 ff 04 04 03 02 07 80 30 20 06 | cleartext fragment 03 55 1d 25 01 01 ff 04 16 30 14 06 08 2b 06 01 | cleartext fragment 05 05 07 03 11 06 08 2b 06 01 05 05 07 03 11 30 | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 | cleartext fragment 03 81 81 00 05 42 51 ba ca 14 a6 0f 08 a4 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 71 ec 04 46 53 52 db 31 70 fb 8d e4 a8 9c 7f ea | cleartext fragment d5 cd 57 05 db b4 dc c2 a3 10 51 8c e0 24 3e 4b | cleartext fragment 13 53 b3 98 11 6d fe be a6 ca 83 1d 45 58 6f 64 | cleartext fragment 0b 14 b0 e5 36 e5 25 54 29 89 26 a5 20 b5 03 03 | cleartext fragment d0 d7 9a aa 92 70 6d 46 81 a3 d4 19 2c d5 cc a5 | cleartext fragment 0d a5 51 4d 9d e0 d2 13 f1 f4 00 ad 25 11 15 5f | cleartext fragment 12 49 63 0f 58 69 47 6c 92 15 92 13 ee ab 7c 75 | cleartext fragment 2f ad 03 c8 43 4b 21 00 01 88 01 00 00 00 1f 55 | cleartext fragment ed b4 75 1c b4 b5 ab df 80 6f cf d4 0b 59 35 40 | cleartext fragment 44 d0 f7 9a f9 56 17 d7 1e 83 12 30 1a 2c e0 4d | cleartext fragment 28 0e 82 03 11 77 52 e2 41 23 08 ba 87 80 88 de | cleartext fragment de de 35 2c b2 eb 17 b5 0e 0e 8e f2 78 7f bc f2 | cleartext fragment a4 d9 f8 65 fa 1d 76 42 9a 4a f9 c5 06 02 75 6f | cleartext fragment 81 93 4f f7 48 7b 79 04 9a e4 e4 de 13 fa 3c f7 | cleartext fragment 8b b9 c7 20 e3 9d ca c5 25 35 2e 61 73 78 38 21 | cleartext fragment 16 52 86 51 3c 23 4f 22 9d a6 51 33 3a d8 37 20 | cleartext fragment e9 0e a8 5a 30 20 d4 35 38 9a 83 8b f0 9b 60 b5 | cleartext fragment 45 0b 5f 3e 62 80 ce f8 38 1b c2 d5 f0 c9 2c 7e | cleartext fragment 96 3d 40 78 70 ef 9c c3 57 11 fd dc 41 4f f5 09 | cleartext fragment ea 2e 21 db 16 eb 7d 6b 9c ad 42 7a 2e 48 95 17 | cleartext fragment b7 38 01 a4 67 fb 11 8c 7c 19 53 81 f3 7d 6a ea | cleartext fragment 01 36 3c 6c 6c ea 0e 34 23 8e e9 48 cb 5b 28 ed | cleartext fragment d8 b3 29 9f ec cc d4 25 70 6a f1 ad 72 8d ff ee | cleartext fragment 5d b8 3a e8 21 b6 41 ca 82 e6 ba 4d 0e 81 bc 3c | cleartext fragment 92 f0 20 ff be 1d 3e 01 f3 fc 35 49 71 47 0a de | cleartext fragment e7 24 58 33 b3 89 a1 61 54 b8 b8 3b 81 aa 7e 4d | cleartext fragment 15 a4 cf 59 cc 72 e5 88 41 5f 20 31 de d6 8e b1 | cleartext fragment ca 67 9c e2 9e 62 71 ad 91 3e bf e4 b4 69 cb 86 | cleartext fragment fa 1a d6 46 cb 83 de 23 c5 8e 8a 15 d7 ea 94 e0 | cleartext fragment 1e 4a 66 31 8d 67 d4 83 45 91 b2 1f f1 59 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 244 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment d8 0e 77 5c 5f cc a4 fd e9 2f f2 96 81 da fd 58 | cleartext fragment 0d 5c 06 a5 d5 5e 62 c4 36 50 c7 2d cf ff fe 02 | cleartext fragment 2c 00 00 a4 02 00 00 20 01 03 04 02 98 9f 48 f7 | cleartext fragment 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 | cleartext fragment 05 00 00 00 02 00 00 20 02 03 04 02 98 9f 48 f7 | cleartext fragment 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 00 08 | cleartext fragment 05 00 00 00 02 00 00 30 03 03 04 04 98 9f 48 f7 | cleartext fragment 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | cleartext fragment 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 | cleartext fragment 05 00 00 00 00 00 00 30 04 03 04 04 98 9f 48 f7 | cleartext fragment 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 | cleartext fragment 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 | cleartext fragment 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | cleartext fragment 00 00 ff ff c0 01 02 2d c0 01 02 2d 00 00 00 18 | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 01 02 17 | cleartext fragment c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 277 | emitting length of ISAKMP Message: 305 | suspend processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #10: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #10 to 0 after switching state | Message ID: recv #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #9.#10 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-ekuCritical-eku-ipsecIKE" #10: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 51 69 04 dc c1 33 84 62 8f 3c da 14 | b8 cc 3c 7e 44 e6 8e e6 85 ab 59 bb f0 7f 22 a5 | 0d fe 06 e2 70 8d 58 e5 8a da c0 51 3b 0c 9e d8 | 50 46 cb ff 39 62 2a 1e fd 18 16 ab 1b 88 5c 5b | 6d 93 af 45 8b 93 d3 c5 dc db 2c 7a 58 2c 4c 83 | db 07 42 71 b8 be 93 6f 6f 42 0c 10 73 28 c0 2e | 4c 5d 63 dc b6 b9 fe 3f 38 33 af eb 88 66 59 70 | 79 51 57 77 5d 90 c9 fa 67 0f 22 75 de 5d f9 e2 | 7d ef bd 37 36 3a dd 5c 00 78 bf 9b 47 5f 0b 39 | e3 9a 6e 5d cf 54 72 49 8f e8 b6 c8 d2 d5 75 ef | c8 12 b0 6e fb 54 95 3b d9 d6 92 48 0d 5f 95 74 | 9b 94 a5 f8 48 20 fb 2f 50 ec 55 3e fd 48 e9 a0 | 8d 2e cf dc 4e da 99 c6 5b b7 20 c0 cf b9 39 f6 | 17 81 2a 65 f6 97 fa 6e fb 5c 5b b0 dc f2 d8 23 | 0b 05 bd 33 69 6c fb 55 0d c9 8b 20 46 de e1 87 | 2f 8c c6 8b 90 5c a7 c2 bf 00 a1 59 df 1a c1 4d | dc 01 c6 e2 4b 98 99 d8 ca 09 d8 81 fc 80 ba d6 | ca 79 74 de f9 77 04 ed 37 93 18 7d 16 07 d5 10 | 4e 9d ab a4 ef 97 23 b0 f9 45 0c 2d 89 42 55 d6 | 95 1c a8 62 5d af 9d 6e a3 55 e7 c6 d1 20 43 b6 | ef 60 1a 13 8d 0b b6 40 56 88 16 6b 4a 6a 1c 18 | e4 d6 25 a5 bb be ec 6f 00 1c a2 ad d5 a1 02 ab | da 56 69 d7 fb e1 c9 bc ea a0 d1 1f a4 ea 6e 4d | 78 96 bc e4 8a a4 ea 78 64 80 69 17 93 5b 84 09 | 3d fc 0d ab eb 88 a5 f4 ea 59 c7 cc 24 c1 a2 a7 | 61 01 a5 8d 70 df 07 81 8d d7 14 30 7b 3b d2 6b | 96 d3 08 a2 e5 44 a6 48 3f 69 fe eb 54 04 b8 8d | 3f 4d 0d fb 2d 7b 37 40 3b a9 7a fc 42 fa 27 b5 | 87 3a 1e f1 54 37 dc 05 97 5d a4 80 8e d1 9c 99 | 6f 64 ae 5a b2 62 e1 a7 be 78 c7 6c 26 93 14 9a | 23 6e 16 88 4e a1 99 ab 12 1b c2 64 6d a6 04 d9 | 21 48 03 ab 4f 94 93 67 a1 fb 4a | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 4b 1f 09 4f b8 89 55 84 11 f2 a6 0b | 84 b8 72 7d 62 2a 6e 89 6c 00 cb 46 d4 ca fe 93 | e0 77 1a 5f 3c 58 fb 61 00 77 3f 8e f8 75 b5 1f | 04 62 dc 46 34 08 ce 11 49 7c d9 66 50 e2 bf 3e | 90 90 a8 6d ef c2 98 8b cb 48 6e 89 a8 81 19 dc | 4d 1c 06 56 b0 6e f6 d9 f6 a7 95 34 36 08 30 ce | bb 01 05 f5 76 4a 22 93 47 92 d7 e0 25 30 81 69 | 84 bf ee 7b 5b 92 7e 58 36 ea d1 88 c9 3b 58 21 | be cf de c8 e4 22 be e2 32 84 89 4a 1b 64 7b 36 | 85 6c fa 0c b9 35 f6 21 6c aa a8 b9 97 78 8d eb | 7a c6 e0 ec 5e 94 66 3b e7 60 af 4d 38 83 cb 94 | 5f cd 3f c8 f4 0b b6 a2 1b 89 60 cb 55 c8 fc 7e | e6 ad 5e ea e2 85 6b ab 47 94 85 77 2c 5e 02 14 | 0c 40 50 bb fc b9 66 dc 82 a9 f8 d7 3e 47 33 ce | 6e f9 42 7b 94 a9 c9 9a 91 76 a8 fb 9f 13 9c c8 | 75 02 11 1a 21 95 01 b7 73 34 cc 11 6e e0 d9 fc | a5 7f c2 e2 20 11 14 ea 78 b7 30 a9 b2 ad 95 70 | 11 0d 54 86 0f 41 ee 43 94 ea 61 93 6f 67 2c d9 | dc be 31 bb 11 d6 39 cd 70 7b 6a 8b 2d 91 d2 4a | a4 41 5c 03 32 72 1c fb bd c3 78 e2 07 a2 94 5c | 7a b6 53 ec a7 39 27 05 ad 27 0d c5 f1 7d f0 b4 | 47 c7 b9 0e 7f 51 cc 55 c3 2c 33 81 03 97 f3 7c | 03 70 09 30 ae 22 26 bf ce 04 62 82 0f 79 d6 1c | f0 62 78 21 d6 bc 5c 2f 61 00 99 95 4d 2b 06 18 | 92 63 52 6c 8b a7 1d 3e ce a8 38 d9 cb b0 aa 15 | 4e 44 ee 8d 75 83 72 82 ea d0 84 e7 92 90 f8 de | a6 77 65 ca cc 10 37 fb 5b 42 58 45 da 47 64 40 | 85 00 ca b1 f7 83 94 45 a4 c5 4c 79 1b 8c 38 b5 | 80 57 a0 38 0c 3c 6b 7c 48 c3 8b d7 5f 48 88 d4 | 80 3c b7 28 47 b9 3f 72 f2 9c f3 66 c7 21 bf de | a4 0d 71 e7 0e 14 1d c8 b2 d3 32 f3 64 79 97 ca | c9 e5 f5 79 16 c5 5d 2a 12 29 9f | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 a0 73 25 51 37 9a e4 86 8c 84 c5 04 | 16 be 23 2f 26 2d 1d f8 f1 81 85 0e 25 a8 6b 70 | 2b 7d e4 3a a2 e1 3c bb 46 46 67 34 12 f0 57 2d | 59 9c 85 52 f3 98 7d ba 4c fe 4b 35 e0 91 ce f1 | 7b 19 7f 36 83 19 9b 64 63 54 c1 66 2d 17 2d 18 | 12 d6 dc 75 7e ee 4c 1b e7 a2 3e a3 97 41 e8 8b | ed 7a 0c 21 9c 64 ea e5 12 85 46 f6 ee fd 53 87 | 45 db bb cb 43 70 b3 77 b3 69 e9 21 dd 36 41 f0 | 6f 04 6b d7 00 61 d4 73 86 37 76 e9 60 0e 4b e5 | e2 ed c5 65 28 d4 71 87 79 13 95 ab 09 26 8f b7 | 5c 69 90 af 1d ce 23 28 cc 48 ce 72 45 57 d6 cc | 68 35 ef 58 dc 09 c6 74 f1 33 11 dc c7 84 13 bd | 6e 52 06 9d ab 98 62 2d 55 cb 7d 27 25 95 59 02 | 21 7a 71 8f 04 0e c2 a2 e0 70 7e 92 f2 43 d6 0e | 05 b7 44 72 e3 bb 1d 44 83 e7 d4 f5 a6 de 83 9d | fc e6 ec 58 7e 32 35 f8 05 37 91 62 1f 55 61 6c | 8b cb 39 39 bc 0c f7 29 1b 3d 80 9f f9 fd 78 0c | 53 3d 75 6c f5 be 87 88 93 cc 58 95 3a 04 00 4e | e3 01 df 25 64 ea 42 e1 f4 f0 0c f0 c5 96 90 e4 | 78 47 23 fe 5d e1 89 b8 68 4c fe 90 83 df 18 8c | 5f ab d6 61 d4 f9 e9 d3 71 56 75 ea 10 9e 17 6b | fd 9b 83 3c 52 e5 80 c6 46 5a 32 bb f6 22 e5 8e | 09 93 0d 77 d2 9b 91 33 9b d9 59 5e 6a a6 cc 67 | 05 7d 1d e2 73 d1 9f fd c2 4c 99 e9 92 1d a2 af | c6 86 1d 14 cf 02 43 c2 85 f7 75 59 35 01 75 40 | 12 9c 6d d7 da eb 06 47 9c ad f9 f2 fb a6 79 47 | 5d a5 54 ce a0 6b d3 95 7e 31 1f 85 c0 9b e0 b4 | 64 4f 80 eb 8b 3e c0 68 51 00 d5 bc c7 dd 53 c7 | 38 13 19 32 fb c0 58 33 bd 5c ef 69 91 3e a9 b6 | 11 c1 40 5d 1a d4 d4 38 d7 4f 6d c8 cc e1 97 69 | 9d 68 ee d3 bd b4 68 ec 27 30 4e cd 0d 52 a2 51 | b6 63 67 6a 57 c8 de 49 e2 b6 69 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 1d 25 63 36 ed 3a 65 04 be 5c df ec | fc 16 07 05 b0 fa 74 8b c8 b3 b5 4e 23 e6 a5 b4 | 74 4e 8f 2f f9 cf 27 58 2f d3 0d c2 c3 4f 2c 3e | cd c1 3a 38 67 06 4f b7 5d cb 9a 71 09 eb 88 f8 | bc 32 9b e7 3b b0 76 44 e4 b8 04 cd 90 1e ca 13 | 2c 87 99 4e 17 f5 f3 1d 15 59 69 0d 0f 82 80 e9 | 61 95 87 ad 60 57 0b 8e 9f fd f8 7f 52 02 48 cb | 80 4e 2b fd e7 cd 53 ac b5 97 ea e4 69 50 e2 f4 | 2f 72 59 b0 a5 d5 82 ab b4 80 6a 6f 03 fa 24 84 | 76 bc 6c 26 0b 6f 6b 01 a9 a1 17 8e d8 5e 0d ef | 34 34 fc cc c9 18 0b 1a 62 cc 5e 53 9d e9 54 fa | 0c f2 0a 49 46 ae b8 0f 98 3b dc d4 bf c0 92 63 | 0e c7 53 43 9f 93 d1 5b 9c 8d dc bc 0b fd 1d 43 | a9 ba 82 e0 9a a6 f1 a6 47 23 f0 07 d6 8c 64 d6 | 2a f2 7d 25 65 3e b3 84 f6 06 5f 33 af 57 ed 71 | 1e 8f 16 8e 1c ea 01 f5 5c 23 47 8f 57 d7 0c 79 | f2 4f 62 4e ed 18 33 85 ae 3f e7 19 d7 c8 d6 8c | 2c 1a 33 74 19 c4 98 41 19 61 81 ee 04 25 20 50 | 15 e6 a7 88 65 2e 58 a8 ba c2 ff 8a 23 bd 76 51 | 2b f3 66 a4 b7 f6 02 be 30 79 22 95 b1 86 c1 5a | 68 a9 d6 d2 d3 7d 63 19 34 24 62 bf ce eb 23 a6 | 4e 22 7e 99 dd 4e 50 7f 80 0d 91 e8 94 9b 7d 09 | a6 50 7c 52 51 a9 a7 2a a2 64 a4 36 46 ed e5 11 | e6 f6 30 17 4d f6 95 19 6e fd f9 1e e5 e6 51 b1 | 0f 0a ac c0 44 34 f1 c1 35 db 65 bd ff f3 c0 80 | e7 3a 4c 84 1e 0b 02 77 8d 91 09 56 65 7a ec 79 | 19 58 3e dd 7e bd b7 bf 6b d9 d5 2a d6 64 7d d0 | 0e 2a b6 8b af 9c 3f 20 74 00 72 16 88 36 52 e0 | 51 73 e8 35 c9 43 87 da 01 97 08 74 7c 59 e2 57 | f3 21 84 e0 b6 fc b9 fa 42 3e 4a e0 3e 57 76 b0 | 3b 1b 0d c9 2c e3 1e a5 d2 62 71 99 0b a6 42 a3 | 81 7f a6 77 90 d0 a8 83 5c 2a a2 | sending 305 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 35 20 23 08 00 00 00 01 00 00 01 31 00 00 01 15 | 00 05 00 05 fe 0a d6 d8 36 12 65 0c a5 14 b3 7f | 67 99 42 02 41 b9 dc 1b 9a bb fb 08 9e 7a 3f 21 | 79 60 e8 c9 39 eb a9 a5 a6 60 a9 7d 45 53 57 86 | aa 38 fd 8e 1d 7d b7 63 73 43 07 62 1b d8 7c 82 | f1 8a 15 5e 87 80 f5 2b a0 34 09 3c 5f ab e9 f3 | ab 1a 40 a7 90 58 17 65 06 47 bd 8b 62 55 09 e7 | d8 c4 a7 c6 e3 ca 1d 74 2e 59 7c 04 ce fc 64 22 | 9b c8 81 84 e7 43 35 ce 38 1c 8c e8 5b a3 94 71 | 04 5f 3b 36 06 5a b4 67 e2 cb 41 01 01 50 b7 61 | 14 87 b1 f7 1c 43 99 e4 d5 8d c6 cd 42 8d 76 26 | 2f b8 03 ba 4c 9d 62 d0 b8 99 bc ea 88 b4 30 18 | 6a 32 20 0c c6 3f ca e4 19 8b ad 87 50 a1 97 f6 | be ac 1b 0b 35 4c 63 84 17 be 58 4c bd b8 b4 90 | 44 58 d7 f9 f9 fb 12 48 69 16 00 44 6f 60 35 99 | 59 04 1a ee 9e 18 12 44 fc 0d 51 3f 88 67 6d a4 | b7 12 10 2a 79 e3 28 75 85 27 c7 c6 72 8c 14 20 | 32 f7 72 16 60 ad d2 23 b3 c4 9d 54 a8 de 26 d5 | f4 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuCritical-eku-ipsecIKE" #10: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5a4860 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f20900043d0 size 128 | #10 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48991.815446 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 1.48 milliseconds | #9 spent 7.72 milliseconds in resume sending helper answer | stop processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f208c004470 | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 92 07 64 1f f2 5e b2 51 47 b8 eb fe 60 ea aa 1d | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 5b 54 e8 e9 79 91 53 8b a0 9b 73 da 09 96 cf 97 | f5 85 99 2e 71 69 10 4d 61 91 f4 70 c2 ad 37 47 | f3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 92 07 64 1f f2 5e b2 51 | responder cookie: | 47 b8 eb fe 60 ea aa 1d | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #9 in PARENT_I2 (find_v2_ike_sa) | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #10 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #10 is idle | #10 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #10 in state PARENT_I2: sent v2I2, expected v2R2 | #10 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-ekuCritical-eku-ipsecIKE" #10: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #9 ikev2.ike failed auth-failed "west-ekuCritical-eku-ipsecIKE" #10: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #10 fd@25 .st_dev=9 .st_ino=1681250 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #9 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f20900043d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5a4860 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5a4860 | inserting event EVENT_RETRANSMIT, timeout in 59.996219 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f20900043d0 size 128 "west-ekuCritical-eku-ipsecIKE" #10: STATE_PARENT_I2: suppressing retransmits; will wait 59.996219 seconds for retry | #10 spent 0.0696 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.207 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.215 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical-eku-ipsecIKE" (in terminate_a_connection() at terminate.c:69) "west-ekuCritical-eku-ipsecIKE": terminating SAs using this connection | connection 'west-ekuCritical-eku-ipsecIKE' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5453f0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | suspend processing: connection "west-ekuCritical-eku-ipsecIKE" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #10 ikev2.child deleted other | #10 spent 0.0696 milliseconds in total | [RE]START processing: state #10 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuCritical-eku-ipsecIKE" #10: deleting state (STATE_PARENT_I2) aged 0.074s and NOT sending notification | child state #10: PARENT_I2(open IKE SA) => delete | child state #10: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #10 requesting EVENT_RETRANSMIT to be deleted | #10 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f20900043d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5a4860 | priority calculation of connection "west-ekuCritical-eku-ipsecIKE" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-ekuCritical-eku-ipsecIKE" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-ekuCritical-eku-ipsecIKE | State DB: deleting IKEv2 state #10 in CHILDSA_DEL | child state #10: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #9 | start processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #9 ikev2.ike deleted auth-failed | #9 spent 11.6 milliseconds in total | [RE]START processing: state #9 connection "west-ekuCritical-eku-ipsecIKE" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuCritical-eku-ipsecIKE" #9: deleting state (STATE_PARENT_I2) aged 0.080s and NOT sending notification | parent state #9: PARENT_I2(open IKE SA) => delete | state #9 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2088004f50 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2088000c20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-ekuCritical-eku-ipsecIKE | State DB: deleting IKEv2 state #9 in PARENT_I2 | parent state #9: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #9 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical-eku-ipsecIKE" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-ekuCritical-eku-ipsecIKE' wasn't on the list | stop processing: connection "west-ekuCritical-eku-ipsecIKE" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.288 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-serverAuth" (in initiate_a_connection() at initiate.c:186) | connection 'west-eku-serverAuth' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #11 at 0x56366a5a3770 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-eku-serverAuth" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-eku-serverAuth" IKE SA #11 "west-eku-serverAuth" "west-eku-serverAuth" #11: initiating v2 parent SA | constructing local IKE proposals for west-eku-serverAuth (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-eku-serverAuth": constructed local IKE proposals for west-eku-serverAuth (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 11 for state #11 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5a4860 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f20900043d0 size 128 | #11 spent 0.18 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-eku-serverAuth" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.251 milliseconds in whack | crypto helper 2 resuming | crypto helper 2 starting work-order 11 for state #11 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 11 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 11 time elapsed 0.000998 seconds | (#11) spent 0.993 milliseconds in crypto helper computing work-order 11: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 11 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x7f2080004f50 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #11 | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 11 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #11 | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-eku-serverAuth (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 90 a4 d0 d8 8c ab 26 a3 43 7c 85 0f 83 1f 02 0d | ikev2 g^x aa 8c 3d 9d 18 7c 9d 39 8c 38 a3 3e c4 12 ad 9d | ikev2 g^x ff d0 3b e6 c1 4b 81 42 f5 39 24 ef 2e 3a 3f 6a | ikev2 g^x 3e d4 bd b5 93 c2 ef fa 8f 78 1b ce 31 e8 d1 89 | ikev2 g^x 89 2e ea 46 a9 54 84 6a a5 3f 3e 47 73 8c 20 f5 | ikev2 g^x cd dd 01 6e 87 db 70 50 bc a1 73 74 19 94 d9 2e | ikev2 g^x 72 d9 63 c8 0d a9 10 7a 7b da c1 ff a2 8b 30 88 | ikev2 g^x 34 7f 4f a8 fe 92 07 28 1c 84 46 97 76 1c 7d 75 | ikev2 g^x 81 01 1a b7 25 b4 68 c2 5f a6 c4 c8 a7 dc c1 a4 | ikev2 g^x 7c b4 d3 54 72 76 49 87 e9 23 93 08 61 89 9c 60 | ikev2 g^x 8c c5 6d 1e 96 90 d3 2d 8d 66 21 47 96 e0 b4 40 | ikev2 g^x 82 21 ae a0 f7 37 ea 79 2b d1 7a 13 3b 27 d7 d1 | ikev2 g^x 20 57 82 35 fc 62 02 b5 df 30 b5 c3 ec 84 b2 18 | ikev2 g^x 71 ca f5 66 47 a3 b7 08 68 63 0b 81 54 ef 2f 72 | ikev2 g^x b9 61 69 6b 06 e6 45 a0 e1 95 7a d5 1e b9 81 6e | ikev2 g^x 9f b0 af a8 a1 93 68 fd ac 76 d8 c1 bc 38 09 ce | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 88 39 53 f3 23 51 41 49 0d 0d c6 3e 61 f2 99 a9 | IKEv2 nonce a3 a6 08 5a c4 a2 e6 3c 90 89 ea d9 60 8b a6 d8 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 5c a4 c6 3e d4 88 dc 64 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= bd ca 54 9f 7e a0 1c dc 5e f4 05 79 79 e0 28 47 | natd_hash: hash= bb 2b 07 6b | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data bd ca 54 9f 7e a0 1c dc 5e f4 05 79 79 e0 28 47 | Notify data bb 2b 07 6b | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 5c a4 c6 3e d4 88 dc 64 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 36 73 cd bd f2 2d f1 14 96 b0 87 b7 fe 74 99 3d | natd_hash: hash= a3 af ff 06 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 36 73 cd bd f2 2d f1 14 96 b0 87 b7 fe 74 99 3d | Notify data a3 af ff 06 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #11: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #11 to 4294967295 after switching state | Message ID: IKE #11 skipping update_recv as MD is fake | Message ID: sent #11 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-eku-serverAuth" #11: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 5c a4 c6 3e d4 88 dc 64 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 90 a4 d0 d8 8c ab 26 a3 | 43 7c 85 0f 83 1f 02 0d aa 8c 3d 9d 18 7c 9d 39 | 8c 38 a3 3e c4 12 ad 9d ff d0 3b e6 c1 4b 81 42 | f5 39 24 ef 2e 3a 3f 6a 3e d4 bd b5 93 c2 ef fa | 8f 78 1b ce 31 e8 d1 89 89 2e ea 46 a9 54 84 6a | a5 3f 3e 47 73 8c 20 f5 cd dd 01 6e 87 db 70 50 | bc a1 73 74 19 94 d9 2e 72 d9 63 c8 0d a9 10 7a | 7b da c1 ff a2 8b 30 88 34 7f 4f a8 fe 92 07 28 | 1c 84 46 97 76 1c 7d 75 81 01 1a b7 25 b4 68 c2 | 5f a6 c4 c8 a7 dc c1 a4 7c b4 d3 54 72 76 49 87 | e9 23 93 08 61 89 9c 60 8c c5 6d 1e 96 90 d3 2d | 8d 66 21 47 96 e0 b4 40 82 21 ae a0 f7 37 ea 79 | 2b d1 7a 13 3b 27 d7 d1 20 57 82 35 fc 62 02 b5 | df 30 b5 c3 ec 84 b2 18 71 ca f5 66 47 a3 b7 08 | 68 63 0b 81 54 ef 2f 72 b9 61 69 6b 06 e6 45 a0 | e1 95 7a d5 1e b9 81 6e 9f b0 af a8 a1 93 68 fd | ac 76 d8 c1 bc 38 09 ce 29 00 00 24 88 39 53 f3 | 23 51 41 49 0d 0d c6 3e 61 f2 99 a9 a3 a6 08 5a | c4 a2 e6 3c 90 89 ea d9 60 8b a6 d8 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 bd ca 54 9f | 7e a0 1c dc 5e f4 05 79 79 e0 28 47 bb 2b 07 6b | 00 00 00 1c 00 00 40 05 36 73 cd bd f2 2d f1 14 | 96 b0 87 b7 fe 74 99 3d a3 af ff 06 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f20900043d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5a4860 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-eku-serverAuth" #11: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5a4860 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f20900043d0 size 128 | #11 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48993.999806 | resume sending helper answer for #11 suppresed complete_v2_state_transition() and stole MD | #11 spent 1.19 milliseconds in resume sending helper answer | stop processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2080004f50 | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 67 db e7 d1 | 69 2b 8a 63 98 19 28 85 a2 a0 92 b0 37 2a 2a 31 | 82 f0 73 05 f6 23 a7 11 32 ef 28 2b 88 b5 29 8f | 6c fa ef e7 4f 10 f8 73 d0 36 db d9 18 08 bf 59 | 0b bc 02 d6 a8 88 25 da e0 fd 24 05 93 e6 af e9 | 71 a4 67 0a 30 5b a2 04 1e ac 22 07 d2 ef b8 08 | b1 89 2f 75 89 9a 97 37 ba c1 34 14 d3 96 b1 ea | bb 2f 6a 26 17 17 b8 0c 9c 15 6a 81 9b 2a 04 f6 | 4d e4 af 96 8a f7 24 c1 e2 bf e2 1d 78 df 38 2d | fa e6 26 9d c2 a7 02 5b 6d 39 a5 a9 7f 7a 87 b8 | a2 43 83 e9 df 06 01 e9 67 39 06 2f a1 39 3e 9f | 50 e8 d8 1d 5d ff 7c f7 cb 44 ce b9 c7 77 b3 06 | 29 7e 72 72 a7 fb e4 72 2e ff a0 85 5b 5d 31 f2 | 0b f5 b8 e5 fa 39 7a a5 43 74 bc c8 c1 77 b8 31 | 5c 12 d7 e7 53 99 c1 e5 2d 9a c4 59 b4 17 8d fa | fc 70 6d 5b e3 9d d3 d1 bd e5 a1 5a 47 dd 92 69 | 11 f1 06 3e dd 29 cd e4 53 72 c7 30 29 00 00 24 | ef 2e c6 74 0a ec a8 93 3f cd 0d 80 7f ac a2 46 | 9b 3f aa 9a 8e 20 bd f2 ca 0b 5c 30 dd fb 50 19 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 63 f8 c7 93 f9 62 cb d7 d7 6b ea df c3 fd 0d 24 | b9 d4 05 83 26 00 00 1c 00 00 40 05 51 41 ca cb | 92 16 db 50 3a 94 84 75 df 0e f8 97 db 25 eb 09 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #11 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #11 is idle | #11 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #11 IKE SPIi and SPI[ir] | #11 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-eku-serverAuth (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 5c a4 c6 3e d4 88 dc 64 | natd_hash: rcookie= 48 38 98 93 ea 81 69 6c | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 51 41 ca cb 92 16 db 50 3a 94 84 75 df 0e f8 97 | natd_hash: hash= db 25 eb 09 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 5c a4 c6 3e d4 88 dc 64 | natd_hash: rcookie= 48 38 98 93 ea 81 69 6c | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 63 f8 c7 93 f9 62 cb d7 d7 6b ea df c3 fd 0d 24 | natd_hash: hash= b9 d4 05 83 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 12 for state #11 | state #11 requesting EVENT_RETRANSMIT to be deleted | #11 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f20900043d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5a4860 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2080000c20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f2080004f50 size 128 | #11 spent 0.217 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 6 resuming | crypto helper 6 starting work-order 12 for state #11 | [RE]START processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #11 and saving MD | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 12 | #11 is busy; has a suspended MD | [RE]START processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-eku-serverAuth" #11 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #11 spent 0.48 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.492 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 12 time elapsed 0.001367 seconds | (#11) spent 1.37 milliseconds in crypto helper computing work-order 12: ikev2_inR1outI2 KE (pcr) | crypto helper 6 sending results from work-order 12 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x7f2084004470 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #11 | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 12 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #11: calculating g^{xy}, sending I2 | creating state object #12 at 0x56366a5c49b0 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.child started | duplicating state object #11 "west-eku-serverAuth" as #12 for IPSEC SA | #12 setting local endpoint to 192.1.2.45:500 from #11.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #11.#12; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #11 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #11.#12 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2080004f50 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2080000c20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2080000c20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f2080004f50 size 128 | parent state #11: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 213 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 32 30 30 06 03 55 04 03 0c 29 77 65 73 | my identity 74 2d 65 6b 75 2d 73 65 72 76 65 72 41 75 74 68 | my identity 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | my identity 61 6e 2e 6f 72 67 31 3d 30 3b 06 09 2a 86 48 86 | my identity f7 0d 01 09 01 16 2e 75 73 65 72 2d 77 65 73 74 | my identity 2d 65 6b 75 2d 73 65 72 76 65 72 41 75 74 68 40 | my identity 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | my identity 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 221 | Sending [CERT] of certificate: E=user-west-eku-serverAuth@testing.libreswan.org,CN=west-eku-serverAuth.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1259 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 e7 30 82 04 50 a0 03 02 01 02 02 01 0b | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 32 30 30 06 03 55 04 03 0c 29 77 | CERT 65 73 74 2d 65 6b 75 2d 73 65 72 76 65 72 41 75 | CERT 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | CERT 73 77 61 6e 2e 6f 72 67 31 3d 30 3b 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 2e 75 73 65 72 2d 77 65 | CERT 73 74 2d 65 6b 75 2d 73 65 72 76 65 72 41 75 74 | CERT 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f 00 30 | CERT 82 01 8a 02 82 01 81 00 9e 73 f9 70 eb 7c ed b1 | CERT 64 d4 ad 72 35 6e c8 ae e8 ab af 0f 9f f3 30 47 | CERT 47 a9 0f 37 1c 94 ef ed 8e 2e 3b 74 41 d2 5f f8 | CERT 2b 54 bc b3 5a 28 a3 b8 41 68 16 21 dc fb 6a 2f | CERT a1 61 44 34 b7 10 a7 ee a1 3a b8 e4 2a fc c2 15 | CERT ca 22 57 0b 3f 9e e5 b5 59 ef 52 b2 b0 e3 8b ea | CERT bd c0 2f 16 3f 99 7e 2b 5e 0e 6e d1 34 1d 7d a2 | CERT 3e 8f f8 a3 92 13 26 65 9a 6a 82 bf 68 54 41 2d | CERT 34 cb 0e a4 4a d9 5e ff 90 01 0a b5 cc e1 4a 16 | CERT 90 2d 00 09 86 a3 4d 6c a7 d9 d2 5d 53 c6 9b d4 | CERT 3d 62 d7 af 5b d5 a2 c7 c5 0e e1 41 4a 50 d0 b5 | CERT a1 ce 04 a0 57 ba eb 9f d4 61 19 ae c6 af 3f c6 | CERT c5 ee 97 5c 32 84 d4 17 14 28 a0 54 47 d9 7c 90 | CERT 7d e2 9b b8 18 27 fc 95 d6 d3 6e f4 2b 09 3d 95 | CERT 05 bc 72 af dc e6 b3 14 31 60 33 ef b5 44 fb 29 | CERT e8 45 cd bf 67 bb 04 99 af 91 31 2b 6f f9 71 63 | CERT cf 13 da ab dc 6c 41 70 99 ad 8d dd 36 ab a5 e1 | CERT 82 8a 45 49 d0 a1 f9 a4 dc 3c 5b 86 cb bd 85 34 | CERT b4 fa a8 be 66 9b ed 71 f1 93 b8 63 2c 89 29 17 | CERT 03 f1 f3 21 cd e6 1d 48 97 ac a5 7a 62 9d c2 a8 | CERT 38 40 7c ba 6d 68 61 b6 d6 b8 75 09 56 9d be cd | CERT 6b 48 19 0e 01 4c 96 24 61 0a 69 5c 90 93 6c a2 | CERT e3 d9 74 b1 b3 fa 9d b6 f1 85 68 13 b8 20 a3 49 | CERT 23 1b 88 0c da 98 94 c0 16 92 45 db 31 ee 73 41 | CERT bd 93 0e 80 0d 45 da 7d 02 03 01 00 01 a3 81 e8 | CERT 30 81 e5 30 09 06 03 55 1d 13 04 02 30 00 30 34 | CERT 06 03 55 1d 11 04 2d 30 2b 82 29 77 65 73 74 2d | CERT 65 6b 75 2d 73 65 72 76 65 72 41 75 74 68 2e 74 | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | CERT 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 | CERT 80 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 | CERT 01 05 05 07 03 01 30 41 06 08 2b 06 01 05 05 07 | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 | CERT f7 0d 01 01 0b 05 00 03 81 81 00 0a ba 28 45 40 | CERT fd 6f 86 62 8c 31 f7 d6 0b 0e 6b fc 50 66 1e f4 | CERT f3 44 bd 8c 8d 01 92 61 97 a6 4a 46 0e d5 89 94 | CERT db a5 9b 58 b4 06 fe 6b 21 04 08 27 9e 61 51 e4 | CERT bc 52 6e 3a ea 13 66 73 97 06 ef 77 eb d6 ee 50 | CERT 06 e4 b3 10 17 7f 35 b8 f7 de 3b 83 e6 77 6f b9 | CERT be 0d 8f b0 be ec 28 91 b0 1b d3 40 32 39 25 20 | CERT bd 50 56 d0 ed f6 ca 71 d7 f9 0d dd 6c e4 ce 4c | CERT c5 d5 b7 d6 73 ac 6b 75 ea 8e cc | emitting length of IKEv2 Certificate Payload: 1264 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-serverAuth.testing.libreswan.org, E=user-west-eku-serverAuth@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAZ5z+ | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAZ5z+ | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAZ5z+ | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAZ5z+ | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAZ5z+ | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAZ5z+ | private key for cert west-eku-serverAuth not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAZ5z+ | #11 spent 9.83 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 89 4e 9b fa f3 d8 a7 bd 8d ae d4 8b 16 da 41 c6 | rsa signature 5f a8 a0 d6 a8 d4 45 dd 1f 05 98 a3 77 7c 50 d5 | rsa signature 21 57 47 cb aa ad 7c 98 a2 7d 75 df 01 f5 de 6a | rsa signature 4b 96 34 62 6a ef a8 7c 9a 9d ce c9 10 b0 d2 2e | rsa signature c2 ef 61 5b 46 f8 58 a9 80 ac 38 1f 28 eb 67 06 | rsa signature f4 6e df 48 02 10 70 97 fb 87 91 20 06 b2 66 57 | rsa signature 97 ff 3d d5 a3 0f 42 a4 d4 80 3f e1 2a 9b ee fe | rsa signature ba e0 8e a4 6f b1 02 f6 6b 99 7a 37 f7 e8 1f e8 | rsa signature e6 99 db c6 fa f0 e0 ce 2d a1 a4 3c 2e 5f be af | rsa signature c8 53 db 9c 19 16 b1 f5 2a d7 d1 68 cd 2e 5e 51 | rsa signature a5 74 cd ac 53 b0 ee 4a 9d b2 d7 ea db 35 d2 01 | rsa signature 0f 4b 66 27 6a 53 ba dd e9 6d 14 71 a5 1a 3a 4b | rsa signature 6c 22 f3 67 f2 f5 78 86 8d d6 25 ba 3b ff 23 d8 | rsa signature 87 8e 2d ee b6 3a 20 3c f1 a0 05 2c b6 9b 34 c8 | rsa signature 1b 16 48 af fb 89 b8 53 91 f8 cc 21 63 7e 20 e1 | rsa signature 21 9c 01 b9 2e 3f 40 db 22 20 a8 3c 9b 98 d2 53 | rsa signature a6 2e 2b e2 81 e5 96 0b c1 2b 11 2e 73 ac ff fb | rsa signature 96 64 e5 e0 01 07 72 e5 59 41 d6 62 f1 15 a2 30 | rsa signature 12 e4 3b 31 fc e9 0d ca 6a c8 09 f4 dc c0 0d 6f | rsa signature 8f b7 39 1d b6 eb fc 6a fc 65 fc 3c 08 e0 2b bd | rsa signature 05 66 29 5d c9 1c 39 da 1d 9f f5 32 b5 14 b9 b5 | rsa signature 5c 54 4d 9a e4 40 09 70 58 52 db 7d e0 b9 7c c2 | rsa signature 5f 48 34 b2 17 c5 31 64 24 20 a2 9d d8 b2 92 76 | rsa signature 62 f3 39 ab 03 6f e6 da dc 50 93 87 bd 33 90 5d | #11 spent 10.2 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #11 | netlink_get_spi: allocated 0x1c1a99c for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-eku-serverAuth (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-eku-serverAuth": constructed local ESP/AH proposals for west-eku-serverAuth (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 01 c1 a9 9c | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 01 c1 a9 9c | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 01 c1 a9 9c | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 01 c1 a9 9c | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2118 | emitting length of ISAKMP Message: 2146 | **parse ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2146 (0x862) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2118 (0x846) | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 dd 09 00 00 00 30 81 d2 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 32 30 30 06 03 | cleartext fragment 55 04 03 0c 29 77 65 73 74 2d 65 6b 75 2d 73 65 | cleartext fragment 72 76 65 72 41 75 74 68 2e 74 65 73 74 69 6e 67 | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 3d | cleartext fragment 30 3b 06 09 2a 86 48 86 f7 0d 01 09 01 16 2e 75 | cleartext fragment 73 65 72 2d 77 65 73 74 2d 65 6b 75 2d 73 65 72 | cleartext fragment 76 65 72 41 75 74 68 40 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 00 04 | cleartext fragment f0 04 30 82 04 e7 30 82 04 50 a0 03 02 01 02 02 | cleartext fragment 01 0b 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 | cleartext fragment 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 | cleartext fragment 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 | cleartext fragment 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f | cleartext fragment 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 | cleartext fragment 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 | cleartext fragment 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d | cleartext fragment 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 | cleartext fragment 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 | cleartext fragment 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 | cleartext fragment 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 | cleartext fragment 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 | cleartext fragment 34 35 39 5a 30 81 d2 31 0b 30 09 06 03 55 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 | cleartext fragment 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 | cleartext fragment 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 | cleartext fragment 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 | cleartext fragment 70 61 72 74 6d 65 6e 74 31 32 30 30 06 03 55 04 | cleartext fragment 03 0c 29 77 65 73 74 2d 65 6b 75 2d 73 65 72 76 | cleartext fragment 65 72 41 75 74 68 2e 74 65 73 74 69 6e 67 2e 6c | cleartext fragment 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 3d 30 3b | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 2e 75 73 65 | cleartext fragment 72 2d 77 65 73 74 2d 65 6b 75 2d 73 65 72 76 65 | cleartext fragment 72 41 75 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | cleartext fragment 01 8f 00 30 82 01 8a 02 82 01 81 00 9e 73 f9 70 | cleartext fragment eb 7c ed b1 64 d4 ad 72 35 6e c8 ae e8 ab af 0f | cleartext fragment 9f f3 30 47 47 a9 0f 37 1c 94 ef ed 8e 2e 3b 74 | cleartext fragment 41 d2 5f f8 2b 54 bc b3 5a 28 a3 b8 41 68 16 21 | cleartext fragment dc fb 6a 2f a1 61 44 34 b7 10 a7 ee a1 3a b8 e4 | cleartext fragment 2a fc c2 15 ca 22 57 0b 3f 9e e5 b5 59 ef 52 b2 | cleartext fragment b0 e3 8b ea bd c0 2f 16 3f 99 7e 2b 5e 0e 6e d1 | cleartext fragment 34 1d 7d a2 3e 8f f8 a3 92 13 26 65 9a 6a 82 bf | cleartext fragment 68 54 41 2d 34 cb 0e a4 4a d9 5e ff 90 01 0a b5 | cleartext fragment cc e1 4a 16 90 2d 00 09 86 a3 4d 6c a7 d9 d2 5d | cleartext fragment 53 c6 9b d4 3d 62 d7 af 5b d5 a2 c7 c5 0e e1 41 | cleartext fragment 4a 50 d0 b5 a1 ce 04 a0 57 ba eb 9f d4 61 19 ae | cleartext fragment c6 af 3f c6 c5 ee 97 5c 32 84 d4 17 14 28 a0 54 | cleartext fragment 47 d9 7c 90 7d e2 9b b8 18 27 fc 95 d6 d3 6e f4 | cleartext fragment 2b 09 3d 95 05 bc 72 af dc e6 b3 14 31 60 33 ef | cleartext fragment b5 44 fb 29 e8 45 cd bf 67 bb 04 99 af 91 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 31 2b 6f f9 71 63 cf 13 da ab dc 6c 41 70 99 ad | cleartext fragment 8d dd 36 ab a5 e1 82 8a 45 49 d0 a1 f9 a4 dc 3c | cleartext fragment 5b 86 cb bd 85 34 b4 fa a8 be 66 9b ed 71 f1 93 | cleartext fragment b8 63 2c 89 29 17 03 f1 f3 21 cd e6 1d 48 97 ac | cleartext fragment a5 7a 62 9d c2 a8 38 40 7c ba 6d 68 61 b6 d6 b8 | cleartext fragment 75 09 56 9d be cd 6b 48 19 0e 01 4c 96 24 61 0a | cleartext fragment 69 5c 90 93 6c a2 e3 d9 74 b1 b3 fa 9d b6 f1 85 | cleartext fragment 68 13 b8 20 a3 49 23 1b 88 0c da 98 94 c0 16 92 | cleartext fragment 45 db 31 ee 73 41 bd 93 0e 80 0d 45 da 7d 02 03 | cleartext fragment 01 00 01 a3 81 e8 30 81 e5 30 09 06 03 55 1d 13 | cleartext fragment 04 02 30 00 30 34 06 03 55 1d 11 04 2d 30 2b 82 | cleartext fragment 29 77 65 73 74 2d 65 6b 75 2d 73 65 72 76 65 72 | cleartext fragment 41 75 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d | cleartext fragment 0f 04 04 03 02 07 80 30 13 06 03 55 1d 25 04 0c | cleartext fragment 30 0a 06 08 2b 06 01 05 05 07 03 01 30 41 06 08 | cleartext fragment 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 | cleartext fragment 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f | cleartext fragment 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 | cleartext fragment 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e | cleartext fragment 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 | cleartext fragment 00 0a ba 28 45 40 fd 6f 86 62 8c 31 f7 d6 0b 0e | cleartext fragment 6b fc 50 66 1e f4 f3 44 bd 8c 8d 01 92 61 97 a6 | cleartext fragment 4a 46 0e d5 89 94 db a5 9b 58 b4 06 fe 6b 21 04 | cleartext fragment 08 27 9e 61 51 e4 bc 52 6e 3a ea 13 66 73 97 06 | cleartext fragment ef 77 eb d6 ee 50 06 e4 b3 10 17 7f 35 b8 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment f7 de 3b 83 e6 77 6f b9 be 0d 8f b0 be ec 28 91 | cleartext fragment b0 1b d3 40 32 39 25 20 bd 50 56 d0 ed f6 ca 71 | cleartext fragment d7 f9 0d dd 6c e4 ce 4c c5 d5 b7 d6 73 ac 6b 75 | cleartext fragment ea 8e cc 21 00 01 88 01 00 00 00 89 4e 9b fa f3 | cleartext fragment d8 a7 bd 8d ae d4 8b 16 da 41 c6 5f a8 a0 d6 a8 | cleartext fragment d4 45 dd 1f 05 98 a3 77 7c 50 d5 21 57 47 cb aa | cleartext fragment ad 7c 98 a2 7d 75 df 01 f5 de 6a 4b 96 34 62 6a | cleartext fragment ef a8 7c 9a 9d ce c9 10 b0 d2 2e c2 ef 61 5b 46 | cleartext fragment f8 58 a9 80 ac 38 1f 28 eb 67 06 f4 6e df 48 02 | cleartext fragment 10 70 97 fb 87 91 20 06 b2 66 57 97 ff 3d d5 a3 | cleartext fragment 0f 42 a4 d4 80 3f e1 2a 9b ee fe ba e0 8e a4 6f | cleartext fragment b1 02 f6 6b 99 7a 37 f7 e8 1f e8 e6 99 db c6 fa | cleartext fragment f0 e0 ce 2d a1 a4 3c 2e 5f be af c8 53 db 9c 19 | cleartext fragment 16 b1 f5 2a d7 d1 68 cd 2e 5e 51 a5 74 cd ac 53 | cleartext fragment b0 ee 4a 9d b2 d7 ea db 35 d2 01 0f 4b 66 27 6a | cleartext fragment 53 ba dd e9 6d 14 71 a5 1a 3a 4b 6c 22 f3 67 f2 | cleartext fragment f5 78 86 8d d6 25 ba 3b ff 23 d8 87 8e 2d ee b6 | cleartext fragment 3a 20 3c f1 a0 05 2c b6 9b 34 c8 1b 16 48 af fb | cleartext fragment 89 b8 53 91 f8 cc 21 63 7e 20 e1 21 9c 01 b9 2e | cleartext fragment 3f 40 db 22 20 a8 3c 9b 98 d2 53 a6 2e 2b e2 81 | cleartext fragment e5 96 0b c1 2b 11 2e 73 ac ff fb 96 64 e5 e0 01 | cleartext fragment 07 72 e5 59 41 d6 62 f1 15 a2 30 12 e4 3b 31 fc | cleartext fragment e9 0d ca 6a c8 09 f4 dc c0 0d 6f 8f b7 39 1d b6 | cleartext fragment eb fc 6a fc 65 fc 3c 08 e0 2b bd 05 66 29 5d c9 | cleartext fragment 1c 39 da 1d 9f f5 32 b5 14 b9 b5 5c 54 4d 9a e4 | cleartext fragment 40 09 70 58 52 db 7d e0 b9 7c c2 5f 48 34 b2 17 | cleartext fragment c5 31 64 24 20 a2 9d d8 b2 92 76 62 f3 39 ab 03 | cleartext fragment 6f e6 da dc 50 93 87 bd 33 90 5d 2c 00 00 a4 02 | cleartext fragment 00 00 20 01 03 04 02 01 c1 a9 9c 03 00 00 0c 01 | cleartext fragment 00 00 14 80 0e 01 00 00 00 00 08 05 00 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 177 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 02 00 00 20 02 03 04 02 01 c1 a9 9c 03 00 00 | cleartext fragment 0c 01 00 00 14 80 0e 00 80 00 00 00 08 05 00 00 | cleartext fragment 00 02 00 00 30 03 03 04 04 01 c1 a9 9c 03 00 00 | cleartext fragment 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 03 00 00 | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 | cleartext fragment 00 00 00 00 30 04 03 04 04 01 c1 a9 9c 03 00 00 | cleartext fragment 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 03 00 00 | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 | cleartext fragment 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff | cleartext fragment ff c0 01 02 2d c0 01 02 2d 00 00 00 18 01 00 00 | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 01 02 17 c0 01 02 | cleartext fragment 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 210 | emitting length of ISAKMP Message: 238 | suspend processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #12: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #12 to 0 after switching state | Message ID: recv #11.#12 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #11.#12 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-eku-serverAuth" #12: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 e5 e4 38 45 cd 76 da 80 e3 88 4e f9 | 1d 24 87 35 68 e8 08 c0 90 28 d9 3e 39 ec a5 8a | 44 b7 b1 26 8b 71 b4 76 42 c5 81 8d ea 82 37 24 | 69 58 bb 43 f1 25 b0 f4 5f 8b 46 e1 bb dc cb 1f | 93 2c 21 1f 82 86 7d c1 28 57 65 0b 74 4d c1 31 | 85 aa 4e 15 4c b9 f0 bb a8 b0 19 e2 89 f3 55 2f | 7d ac 44 b9 fb 3c 74 4d 6b 1d 52 c3 e4 2e 8f 6f | 5d 8c 20 d8 67 2d d7 37 7b 4a 79 34 f5 17 47 41 | 7c 29 01 37 a9 68 8e 14 65 01 f0 25 a5 9c 27 db | 5b 0c 51 f1 4c e8 96 f3 02 ea 51 14 26 e7 f6 0b | 55 d7 c2 78 b8 ef 46 cb d5 34 6c df 67 c6 fd 74 | 17 35 7b 31 4d c0 2b 8b f5 d7 2e 59 c2 b9 32 6a | 11 3f 7b 3d 75 b4 a1 d8 60 b4 2c 86 87 6b 2c a3 | c7 e8 85 3b 5a 1b 8a 33 46 5b 26 91 8b 1b da f8 | 54 75 35 db d2 4d 51 14 68 e9 c4 91 e9 5d 6a ad | e6 1d b5 5d 2d b6 40 c3 63 ee ad d0 76 7f 88 d8 | 43 72 90 08 9a d7 3a b0 a5 5a a3 42 5b c4 ee 8c | 65 41 36 88 3f a0 81 fc 2f c3 d5 bf 28 b3 a5 44 | 49 87 2a 75 97 56 5b 37 e5 70 b7 5b 9c e8 32 cb | 81 8d aa 06 df 4e 89 a0 3f f5 1e 36 cc 2e ca 71 | 37 3a ce 42 13 e7 5d 15 31 91 28 21 65 52 8a f2 | 0a a4 2e c7 92 dd b4 14 a6 88 35 73 11 05 ff 41 | 70 e2 2a 10 2f ec cd 31 a0 72 0e 9b c8 35 64 ff | e1 97 de f1 5d 54 23 2e c6 8f 04 a3 25 1d 01 13 | 14 79 26 5f d5 4c 19 72 a3 7d 30 bc 55 72 ee b4 | 4f 68 16 c7 77 70 d4 88 fe 26 49 51 fc d3 4a 62 | 81 cb 10 1f 71 67 c9 b3 d9 15 e3 0f b1 30 35 05 | 79 1e 80 86 39 8b 02 4b 65 4e 74 5a b2 04 9e ad | de 26 f8 be 76 3f da 0a 87 3b a0 a1 ea 23 99 dd | 58 27 97 58 88 3a 7d 04 c5 8f b8 8a b9 a8 5d 58 | 1e cf fa 92 fc 26 d4 88 9b 48 a5 84 bc a0 65 c6 | 36 48 43 bf 5e 73 69 c5 4c 5e 81 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 b0 de 9c cc 02 b5 95 ea db 11 1c 70 | a7 8d 09 37 8f 62 14 e2 f3 f7 2f 0e 5c 2e f5 67 | 43 cf 2d a6 91 98 8b f8 66 13 c3 ed a4 1a c1 09 | 5e 75 c9 18 ce 19 9a 85 4c ed 17 3e 31 07 6d c7 | 2b 6f b0 c1 4e bc 0c 88 55 f7 4f 55 ac 59 46 2c | eb b6 7e d9 4b b4 98 24 34 bf 82 b8 4e 30 5f 7d | f3 9b 8b e4 0c 75 09 5c 41 87 e1 22 8c e3 54 ea | 5c f2 9c b4 b6 28 e6 70 9c e2 c0 ce 1f f1 5c bc | 09 d5 75 ba bf 1d 5f b1 18 6b 1c 68 14 ab 37 b2 | 63 ff a1 3d 18 bd d4 f8 72 c8 f5 78 30 9f dd 91 | 3e e0 7c 22 bb db 1a c4 f2 f1 e4 2e 54 2b bc a7 | f7 ee 69 cf 31 81 4b 36 8d ec 72 b4 06 36 80 d3 | b3 8c 6f 31 20 15 29 a7 d3 1c b9 bf b0 ab 1d 6a | 58 30 c6 41 38 6a 74 15 ee 2a c8 a5 e5 36 65 70 | c2 55 ca ab 7a c8 f9 96 00 a6 33 9b ce 7b 1e e0 | 7e 58 e1 90 b8 0c c9 9a e5 a3 9a 3e d7 f9 f8 27 | 52 47 c2 51 28 ba e0 3a 95 58 cd 6c d1 89 bb ca | ca ad 73 e1 be d1 6b e8 0d 30 84 c3 8e 55 30 56 | ba b8 a2 49 e1 eb 69 35 41 1b 1f 45 b2 3d b8 9b | 41 08 34 a0 f5 87 8e e2 96 5a c7 5f ce bf bc 04 | e0 43 20 36 ac ec ed c1 6f be b9 39 ef 77 0c fd | 29 f4 e1 f6 21 90 0c 6d f8 15 e4 54 e6 b0 f0 6a | 71 2c 01 39 ca e3 f7 7f 7b 5d 90 56 8a 53 a1 f0 | f6 0b 37 95 02 39 59 e2 39 8a 4b 74 7b 2b 1b 58 | d1 74 af bc c5 b3 29 3a 43 ab 5d e2 97 cc e0 40 | 75 2c a6 e0 b8 70 20 c4 87 a2 40 63 12 22 6a b2 | 2c 65 e3 5b f0 66 e5 91 4a 56 1c a9 46 fe 3e 3a | f5 62 3f 41 92 85 85 62 ce b7 c1 92 d6 34 23 c1 | 5f 65 42 b0 39 56 d0 db d0 68 a2 2d de 84 09 07 | 64 97 6f 76 7f dc 42 04 77 65 fd 2f 9e 1c 96 df | 54 04 29 5d 0c 66 fa be 92 f8 60 5d b3 c6 bc 50 | 43 2f 46 76 c8 d5 07 ee 3d ee 09 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 ac 36 bd f9 24 26 23 74 07 86 c0 bb | df 85 8b d1 1b 4a 94 90 df 76 67 06 d6 3b 51 d9 | 12 71 9a 66 3d 34 c9 99 ff e4 b7 5e 27 6e 06 54 | 24 54 fb 21 f1 a8 32 8f 37 ed 1a 3d cc a9 a6 b6 | ea 15 e8 f4 97 2d f8 b4 1c 5c 7a ad a5 3b d2 5d | e2 ac be 38 5e 61 2e 0c df b2 91 0a 89 45 a3 5a | a5 58 b8 1c af bb 8b 79 d0 86 ce 76 f6 e4 52 f8 | da 3e b6 4b 57 3c d9 99 0d fe 41 5d 84 9e 05 9d | 1a 48 f9 bb 71 4c 82 da 21 6a 17 9f 98 22 4e 47 | 20 70 7f 44 b5 b6 2f 15 ec f7 71 8f 3f 79 8e ac | d9 ee 1b 7b 04 68 61 7c 3a 73 74 9a 25 c3 a9 b9 | 6b 90 87 e2 59 d2 f8 f6 50 16 a2 c8 b5 98 8c e2 | 8d ed e3 1e b0 fb 38 a9 60 4a 9d 60 27 44 4c 56 | 0c 22 48 13 6a 99 9d 52 45 0f 12 69 7d c8 13 c0 | 0c 65 a7 11 28 8e 65 80 c4 e8 8b e5 18 c2 06 2b | c5 07 1a 5f be c6 62 fe 51 41 e3 85 84 d5 46 38 | 1a 07 19 ac 15 70 c3 02 66 a3 ea 29 4a 24 90 f1 | 33 81 a1 e0 61 e4 29 48 11 c6 02 1c e3 63 92 e4 | d5 cc 11 79 3e d9 be 2a 41 a5 15 89 76 0e 37 0d | 93 f3 80 3a ae 40 d2 16 59 c3 b0 af 17 c3 e7 93 | 50 c4 97 82 3c 08 ef 37 94 92 81 3d d1 58 b0 7d | e7 c9 92 fd ff bb d1 ec 81 68 ba 45 66 99 fe ca | cd 9a b4 5a 1a 1c ee 10 52 6b 68 1f dc 7b 8f 8b | b6 e0 fb 67 c0 e2 f4 df 08 8a d0 15 2a 19 86 7d | 88 0a 99 f7 b8 fd 73 7b c9 81 36 3b c9 89 63 53 | 3e 02 98 0d b6 67 31 68 c1 2d c8 35 69 5d e9 66 | c9 38 8c 08 05 ea 7e e5 79 00 6d 4b 6d 20 12 64 | 21 f3 a6 16 f2 7c 76 53 f8 60 33 86 89 5f 1e 51 | 3d 6c 27 84 14 05 5b 82 e5 44 16 f6 e1 be e5 2c | 07 7d 8e 2d 81 09 00 f9 a2 71 1e ae 2f 7d 90 a6 | 3a 38 56 76 cf 88 81 5f b0 a1 64 58 1d da c5 fb | ae 45 3c e4 6a f9 13 f8 a1 13 e8 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 a4 27 ae 46 58 69 c6 79 d2 3c fc 01 | af 1b 7d ea 9f ff cc 1a bc 32 4a d6 0c ba c5 5a | 21 2d 8f 99 78 34 fc 39 35 91 55 88 5c 92 4b 93 | df 5e 64 3a da 35 e2 9c 6f 31 96 db 90 c9 e1 34 | f2 d4 a5 3a eb 15 ad a2 0f 83 b8 42 1f ed dc cd | 0a e2 e8 ee 85 89 46 40 7c 44 c7 62 4b 50 cb 5d | 03 4d 13 06 64 ba 80 6c b1 02 51 fe 1a 7e f1 d8 | 48 4e 5a 4a 80 8d 55 4a bb 3e 39 c3 77 10 cd 15 | c9 dc ef 12 9d 1c 0d 79 1a b5 92 90 f0 e9 b7 27 | 20 dc ce 54 fb ae 81 ee b2 f3 97 b0 76 ea 9d 20 | 65 47 77 c6 2c 6c 25 81 77 e3 10 e5 f3 5c 58 1d | 50 5d 83 8d 0e 63 db cf fb 39 e3 66 e9 45 ba 1b | 40 fb 34 58 46 9b c0 8a 33 02 af 1a 8c f5 d2 4a | 04 fd 31 61 0f 84 65 03 1a 41 be 1b d6 97 a2 09 | 02 46 ec 37 6d 6a 6d de 73 ec 6e 59 4f f6 26 ca | bd cb 79 39 9e a5 0d 2b bd 6e 9b 55 67 07 6c 27 | ef 59 be 07 6c 76 74 15 5d 39 55 f2 62 b1 32 6c | bc 52 08 11 eb 6b 35 25 1c 37 f5 17 f2 8a 88 d0 | 06 26 9a 92 fe ab 64 c9 6f 01 b6 cc 66 6e b4 ae | 4c c1 78 0a 82 da bc 3a 60 33 a4 84 b5 42 4d a1 | 44 b4 49 80 66 d8 84 da dc e6 46 9c b1 08 1e 91 | 88 21 9a 38 45 c1 22 59 c5 ba b2 8b 4f 3a 37 00 | 14 79 31 78 32 f3 91 01 95 df 62 43 a6 6c 1a 4e | 1d f5 df 1d 4d ac ea f7 b4 9e ae d9 97 09 8f 52 | 7e 2d 75 3a e9 a9 a4 d1 b6 4b 14 a4 2e 5d b6 34 | 06 2e 6e 4c c1 58 58 bb 99 5b b3 00 f2 4f 35 71 | b2 d5 e2 fb 7c 1a 9d f2 ee af 16 99 fc 53 09 7b | d2 21 d2 76 c4 bc f5 d7 ab 1f 16 47 19 08 95 0d | b7 8c 6f d1 42 4e 1c b4 95 5a 22 45 6d 51 74 69 | 0f 8d 3e 73 88 1c 89 31 d0 a8 c7 61 5e 13 d1 1c | 81 14 97 e0 18 d4 6c cd 9f 31 06 4f 07 67 9e 73 | 60 01 54 9e af 39 33 5b c4 09 50 | sending 238 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 35 20 23 08 00 00 00 01 00 00 00 ee 00 00 00 d2 | 00 05 00 05 ff 62 f2 9a 51 66 95 4a b0 3a 13 43 | a6 29 a2 47 f7 fe d3 a1 29 1d a5 bd 6c 9b 5c a3 | 07 cf 08 5f a4 4d 46 ab 43 fa d0 b0 9a d9 29 a8 | 46 13 16 90 6b 8b a8 9e 40 0c 84 0c ad b1 42 a2 | 47 e0 28 9e 33 d6 db e5 30 9a 5d c3 34 23 8e 1f | b1 13 3c 58 ed cc 48 7b 53 08 55 f9 b3 36 62 ef | 09 9f 46 91 85 46 2c b2 b4 80 50 81 9e ee e5 da | 9f 58 81 4b ef 82 cb 93 ec 8c 69 34 b2 58 37 ff | 4b 59 86 26 1e ad 0f fd 31 ed cc 8a 20 b4 f0 4f | c6 e2 f6 6f 1b c0 e6 e2 41 77 97 a4 aa 02 44 51 | e2 9b 0f f9 1c fb b2 74 38 a0 d7 57 e3 a8 6d b3 | 8f 84 36 3c 94 89 4f 3a 8c 49 6e 7f d6 0b 71 78 | 78 e2 e4 d9 6e 88 b8 97 66 5c e3 dc 43 e6 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-eku-serverAuth" #12: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60d4b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f208c004470 size 128 | #12 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48994.016728 | resume sending helper answer for #11 suppresed complete_v2_state_transition() | #11 spent 1.41 milliseconds | #11 spent 12 milliseconds in resume sending helper answer | stop processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2084004470 | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 5c a4 c6 3e d4 88 dc 64 48 38 98 93 ea 81 69 6c | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 01 b8 5d 18 5f ac b9 cb 3d 03 65 cd fd 1c be 17 | 6a 4f d9 47 4e 21 92 66 95 48 15 4f 3c 32 77 92 | ca | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 5c a4 c6 3e d4 88 dc 64 | responder cookie: | 48 38 98 93 ea 81 69 6c | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #11 in PARENT_I2 (find_v2_ike_sa) | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #12 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #12 is idle | #12 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #12 in state PARENT_I2: sent v2I2, expected v2R2 | #12 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-eku-serverAuth" #12: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #11 ikev2.ike failed auth-failed "west-eku-serverAuth" #12: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #12 fd@25 .st_dev=9 .st_ino=1686218 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #11 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f208c004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60d4b0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60d4b0 | inserting event EVENT_RETRANSMIT, timeout in 59.996 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f208c004470 size 128 "west-eku-serverAuth" #12: STATE_PARENT_I2: suppressing retransmits; will wait 59.996 seconds for retry | #12 spent 0.0625 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #11 spent 0.241 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.256 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-serverAuth" (in terminate_a_connection() at terminate.c:69) "west-eku-serverAuth": terminating SAs using this connection | connection 'west-eku-serverAuth' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #12 | suspend processing: connection "west-eku-serverAuth" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #12 ikev2.child deleted other | #12 spent 0.0625 milliseconds in total | [RE]START processing: state #12 connection "west-eku-serverAuth" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-eku-serverAuth" #12: deleting state (STATE_PARENT_I2) aged 0.078s and NOT sending notification | child state #12: PARENT_I2(open IKE SA) => delete | child state #12: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #12 requesting EVENT_RETRANSMIT to be deleted | #12 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f208c004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60d4b0 | priority calculation of connection "west-eku-serverAuth" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-eku-serverAuth" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-eku-serverAuth | State DB: deleting IKEv2 state #12 in CHILDSA_DEL | child state #12: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #12 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #11 | start processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #11 ikev2.ike deleted auth-failed | #11 spent 16.4 milliseconds in total | [RE]START processing: state #11 connection "west-eku-serverAuth" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-eku-serverAuth" #11: deleting state (STATE_PARENT_I2) aged 0.086s and NOT sending notification | parent state #11: PARENT_I2(open IKE SA) => delete | state #11 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2080004f50 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2080000c20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-eku-serverAuth | State DB: deleting IKEv2 state #11 in PARENT_I2 | parent state #11: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #11 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-serverAuth" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-eku-serverAuth' wasn't on the list | stop processing: connection "west-eku-serverAuth" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.319 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ku-nonRepudiation" (in initiate_a_connection() at initiate.c:186) | connection 'west-ku-nonRepudiation' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #13 at 0x56366a5a3770 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-ku-nonRepudiation" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-ku-nonRepudiation" IKE SA #13 "west-ku-nonRepudiation" "west-ku-nonRepudiation" #13: initiating v2 parent SA | constructing local IKE proposals for west-ku-nonRepudiation (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-ku-nonRepudiation": constructed local IKE proposals for west-ku-nonRepudiation (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 13 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a60d4b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f208c004470 size 128 | #13 spent 0.183 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-ku-nonRepudiation" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.251 milliseconds in whack | crypto helper 3 resuming | crypto helper 3 starting work-order 13 for state #13 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 13 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 13 time elapsed 0.001018 seconds | (#13) spent 0.994 milliseconds in crypto helper computing work-order 13: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 13 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f2078004f50 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 13 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #13 | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-ku-nonRepudiation (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 6f df 5a b8 eb 3d 38 a7 e7 c3 96 9a 3b 43 c3 d2 | ikev2 g^x c0 d2 a5 6e d6 75 c8 4c e2 a1 d1 53 3c 56 f6 30 | ikev2 g^x 53 6f ad bf 81 f8 5c 65 a9 bd 9c 31 53 d1 04 0e | ikev2 g^x 69 d6 a8 f3 18 7c fe 05 a9 35 44 40 85 5a a1 3a | ikev2 g^x 94 4a b4 5a 8b 60 2e a6 24 0c d4 0c 08 da de d6 | ikev2 g^x 13 3b 09 da c9 c4 94 bc 38 cd d1 0e f6 fb 9d 78 | ikev2 g^x 44 40 3e 30 0c d2 c5 f0 50 88 ce 41 fb 71 ee 13 | ikev2 g^x e4 cc 06 a9 01 f1 a9 81 32 c2 b7 cf 23 ed 3d 26 | ikev2 g^x 9c b5 59 b3 bf 0b 5a 02 25 60 2e f4 50 75 69 81 | ikev2 g^x 83 9b 98 ff ab 3a 4a 64 16 90 54 89 ca 4e 91 a9 | ikev2 g^x b6 87 ec 10 8b e6 9c 16 fa 38 af 7d fc b2 43 bc | ikev2 g^x 33 de fb 01 e5 f7 18 db 4f 06 97 3d dd 0f 60 6e | ikev2 g^x 2a 5f 5a 11 61 8a de a6 fb 57 8e 62 e1 a0 8e 79 | ikev2 g^x d3 5c 32 d8 ac 8b 45 a8 ed 1c 8a 61 89 33 b6 47 | ikev2 g^x a0 42 15 c3 82 98 d8 1c a0 0a 93 af 95 f0 ef f8 | ikev2 g^x 1b 8b 14 8c 55 76 23 d9 ec 98 76 18 37 5d d5 9a | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 92 51 d7 cf 1c 9c fc 54 d1 9b 8a 08 45 a9 94 78 | IKEv2 nonce 95 21 81 64 b9 e3 48 09 b0 95 e0 98 cd 20 61 88 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= a0 42 b7 df 02 fc 9d c9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= c2 61 ca 79 6f 16 f0 fa cd c2 b2 d4 50 b7 55 d4 | natd_hash: hash= 06 6f d7 1e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data c2 61 ca 79 6f 16 f0 fa cd c2 b2 d4 50 b7 55 d4 | Notify data 06 6f d7 1e | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= a0 42 b7 df 02 fc 9d c9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 2e b2 8d 59 cc 71 90 a5 f5 2f 3c c9 3a d6 c7 34 | natd_hash: hash= ec f3 66 ea | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2e b2 8d 59 cc 71 90 a5 f5 2f 3c c9 3a d6 c7 34 | Notify data ec f3 66 ea | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #13: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #13 to 4294967295 after switching state | Message ID: IKE #13 skipping update_recv as MD is fake | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-ku-nonRepudiation" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | a0 42 b7 df 02 fc 9d c9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 6f df 5a b8 eb 3d 38 a7 | e7 c3 96 9a 3b 43 c3 d2 c0 d2 a5 6e d6 75 c8 4c | e2 a1 d1 53 3c 56 f6 30 53 6f ad bf 81 f8 5c 65 | a9 bd 9c 31 53 d1 04 0e 69 d6 a8 f3 18 7c fe 05 | a9 35 44 40 85 5a a1 3a 94 4a b4 5a 8b 60 2e a6 | 24 0c d4 0c 08 da de d6 13 3b 09 da c9 c4 94 bc | 38 cd d1 0e f6 fb 9d 78 44 40 3e 30 0c d2 c5 f0 | 50 88 ce 41 fb 71 ee 13 e4 cc 06 a9 01 f1 a9 81 | 32 c2 b7 cf 23 ed 3d 26 9c b5 59 b3 bf 0b 5a 02 | 25 60 2e f4 50 75 69 81 83 9b 98 ff ab 3a 4a 64 | 16 90 54 89 ca 4e 91 a9 b6 87 ec 10 8b e6 9c 16 | fa 38 af 7d fc b2 43 bc 33 de fb 01 e5 f7 18 db | 4f 06 97 3d dd 0f 60 6e 2a 5f 5a 11 61 8a de a6 | fb 57 8e 62 e1 a0 8e 79 d3 5c 32 d8 ac 8b 45 a8 | ed 1c 8a 61 89 33 b6 47 a0 42 15 c3 82 98 d8 1c | a0 0a 93 af 95 f0 ef f8 1b 8b 14 8c 55 76 23 d9 | ec 98 76 18 37 5d d5 9a 29 00 00 24 92 51 d7 cf | 1c 9c fc 54 d1 9b 8a 08 45 a9 94 78 95 21 81 64 | b9 e3 48 09 b0 95 e0 98 cd 20 61 88 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 c2 61 ca 79 | 6f 16 f0 fa cd c2 b2 d4 50 b7 55 d4 06 6f d7 1e | 00 00 00 1c 00 00 40 05 2e b2 8d 59 cc 71 90 a5 | f5 2f 3c c9 3a d6 c7 34 ec f3 66 ea | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f208c004470 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a60d4b0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ku-nonRepudiation" #13: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60d4b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f208c004470 size 128 | #13 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48996.203005 | resume sending helper answer for #13 suppresed complete_v2_state_transition() and stole MD | #13 spent 1.55 milliseconds in resume sending helper answer | stop processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2078004f50 | spent 0.00182 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 08 22 b7 f0 | 97 00 a0 5f 0a 07 d9 37 a1 58 1d 7e f0 8d 29 bc | 10 8a a4 20 ab 36 3d d1 67 bf c9 89 18 b5 00 52 | bf 57 65 40 ce 8b fe a6 6a ba 36 36 6d 0b 97 0a | 55 22 de 77 6f 47 c8 bb a9 88 2e 31 06 17 77 6e | c6 48 bf 52 04 0a 0f 74 06 b5 49 93 f3 6e ec c5 | 25 0e 72 63 7a 18 09 d5 c3 a9 9f f1 a9 ed 4c 02 | bf ca 58 09 0b c5 41 cf 6f ac 9d 72 83 e2 1b d9 | f5 d4 db ea b3 7a 10 73 1b ef c7 00 64 44 4d 62 | e2 3b 26 da 6c 1c 47 f8 f0 94 9d 85 57 df 25 19 | 01 49 3c 95 89 a1 15 a8 9a 4a 26 50 13 3e aa 7d | f2 25 eb 1a d3 a9 e0 f5 d2 68 63 4f c2 39 15 0a | 03 6e 53 98 27 34 d2 06 67 3e d7 78 4d e5 d5 90 | 01 6b b7 ed b4 56 9c 95 c3 6c 4b b9 8d ac 0d cd | 09 e8 bf 15 3c 80 a9 70 98 d0 d4 b3 dd ca 2e 86 | fb 6c cc 10 fc a6 ff 6b 88 29 b0 66 e6 94 55 06 | 73 a6 2a e3 62 00 fd 9f 8b 4e d6 4a 29 00 00 24 | 8c c6 78 cd f9 bb 88 d1 53 4f e3 a1 06 f9 06 4c | 4b f9 d1 8c 25 91 f6 e3 33 d1 4c 47 5c 28 20 dd | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | b7 6f e7 d5 96 dc c8 42 c5 e1 f9 36 1d f8 7f c3 | c3 ea 6a 99 26 00 00 1c 00 00 40 05 a0 d7 26 b8 | 08 9e 45 36 72 f0 24 df fe bc 54 60 39 f1 b5 6f | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #13 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #13 is idle | #13 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #13 IKE SPIi and SPI[ir] | #13 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-ku-nonRepudiation (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= a0 42 b7 df 02 fc 9d c9 | natd_hash: rcookie= be 9f a6 ab a7 e3 17 09 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= a0 d7 26 b8 08 9e 45 36 72 f0 24 df fe bc 54 60 | natd_hash: hash= 39 f1 b5 6f | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= a0 42 b7 df 02 fc 9d c9 | natd_hash: rcookie= be 9f a6 ab a7 e3 17 09 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= b7 6f e7 d5 96 dc c8 42 c5 e1 f9 36 1d f8 7f c3 | natd_hash: hash= c3 ea 6a 99 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 14 for state #13 | state #13 requesting EVENT_RETRANSMIT to be deleted | #13 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f208c004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60d4b0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2078000c20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f2078004f50 size 128 | #13 spent 0.286 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-ku-nonRepudiation" #13 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.582 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.596 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 14 for state #13 | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 time elapsed 0.001357 seconds | (#13) spent 1.36 milliseconds in crypto helper computing work-order 14: ikev2_inR1outI2 KE (pcr) | crypto helper 5 sending results from work-order 14 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f207c004470 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 14 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #13: calculating g^{xy}, sending I2 | creating state object #14 at 0x56366a5c49b0 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "west-ku-nonRepudiation" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.45:500 from #13.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #13.#14; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2078004f50 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2078000c20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2078000c20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f2078004f50 size 128 | parent state #13: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 219 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 d8 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 35 30 33 06 03 55 04 03 0c 2c 77 65 73 | my identity 74 2d 6b 75 2d 6e 6f 6e 52 65 70 75 64 69 61 74 | my identity 69 6f 6e 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | my identity 65 73 77 61 6e 2e 6f 72 67 31 40 30 3e 06 09 2a | my identity 86 48 86 f7 0d 01 09 01 16 31 75 73 65 72 2d 77 | my identity 65 73 74 2d 6b 75 2d 6e 6f 6e 52 65 70 75 64 69 | my identity 61 74 69 6f 6e 40 74 65 73 74 69 6e 67 2e 6c 69 | my identity 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 227 | Sending [CERT] of certificate: E=user-west-ku-nonRepudiation@testing.libreswan.org,CN=west-ku-nonRepudiation.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1278 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 fa 30 82 04 63 a0 03 02 01 02 02 01 21 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 d8 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 35 30 33 06 03 55 04 03 0c 2c 77 | CERT 65 73 74 2d 6b 75 2d 6e 6f 6e 52 65 70 75 64 69 | CERT 61 74 69 6f 6e 2e 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 31 40 30 3e 06 | CERT 09 2a 86 48 86 f7 0d 01 09 01 16 31 75 73 65 72 | CERT 2d 77 65 73 74 2d 6b 75 2d 6e 6f 6e 52 65 70 75 | CERT 64 69 61 74 69 6f 6e 40 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 | CERT a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 | CERT 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 bb 6b | CERT 65 8a 93 90 c0 5a 6a 6f b8 16 50 59 35 56 d9 ec | CERT d2 e0 85 e9 a4 18 b4 71 10 b9 59 77 81 43 ec b3 | CERT 46 c7 53 b8 e5 71 ea 6d d7 60 ad aa a2 05 dc 1a | CERT 00 a4 85 a1 87 c5 56 b8 f2 56 87 da 15 4c fd 9d | CERT 77 da f1 53 7f 8a ab c6 ba 0f 13 e1 7f b2 dc 0c | CERT 09 8f 70 6a 9c 96 eb 12 5e e4 17 72 89 d3 49 b3 | CERT 47 3c 6b d8 f4 b5 ed 96 89 05 55 03 87 62 2a 04 | CERT d4 0c 65 2f d8 20 24 b6 59 03 8c 19 eb 2d 07 ea | CERT 91 1d ec 54 37 b7 40 11 4f b8 d9 a0 6e 87 28 16 | CERT 6b bb c5 29 6d ad cf 2c 06 ee 5d 71 26 ec db 29 | CERT 59 7d 2c a6 bf 98 58 6f 74 33 6b 98 27 a5 6e 72 | CERT cc 2b 37 e1 a0 30 4c 9d fb 97 02 c5 8e 7f 2f a1 | CERT 1e 3d 51 c8 41 e9 eb 2d e9 20 79 44 24 fe 64 1e | CERT f9 33 a6 22 53 92 68 cc 5f 84 1d 34 da 44 48 34 | CERT de d0 8d 34 6d ab 18 ab 34 aa d0 0a b8 55 c7 ff | CERT 21 31 11 1f 04 e5 c8 8f a6 79 87 cb f6 93 f3 c1 | CERT 41 33 d2 08 f4 d1 8a ca f5 11 b7 34 19 b0 1c 31 | CERT 06 9e d9 1e ec d5 60 66 71 56 94 01 1f ce 79 ca | CERT b5 28 6a 3c 11 de 60 f4 87 c1 f7 a1 03 35 54 93 | CERT ec 31 64 ee e6 2e b5 27 df f5 39 45 07 4b d1 67 | CERT 5c f5 3a a6 35 c5 1f 3c bb 13 fd 42 c0 b0 ef a8 | CERT f9 99 c6 6b 1f ce 7b d8 e4 93 6b 93 91 2d 0f 07 | CERT 5f 51 51 7c 8e 06 58 ad af 7b 2d 44 56 c2 cf 9c | CERT 6c 0f 9d 80 63 54 2e a5 9e 87 fa a2 73 57 02 03 | CERT 01 00 01 a3 81 f5 30 81 f2 30 09 06 03 55 1d 13 | CERT 04 02 30 00 30 37 06 03 55 1d 11 04 30 30 2e 82 | CERT 2c 77 65 73 74 2d 6b 75 2d 6e 6f 6e 52 65 70 75 | CERT 64 69 61 74 69 6f 6e 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 | CERT 03 55 1d 0f 04 04 03 02 06 40 30 1d 06 03 55 1d | CERT 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 | CERT 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 | CERT 05 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 | CERT 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 | CERT 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 | CERT 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 | CERT 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e | CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f | CERT 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 04 7a | CERT 37 2c 7e 26 cd 0e c7 fd b0 85 fb e1 f7 22 97 f9 | CERT 74 02 32 d5 bc 4d b7 bb a5 17 92 07 f5 93 f2 b3 | CERT 87 63 dd 90 7a 1b 27 27 ac 62 b6 57 38 fe ed 69 | CERT 3c 66 9a 75 a7 90 2d 62 67 fb fb 70 2e 9d 07 cd | CERT 1d 1f d1 94 fd e0 79 b9 e7 cc d2 6f a2 6c 82 70 | CERT 71 ec 58 a4 66 db 9f 67 2e 90 8f c2 1a 31 3c b2 | CERT 94 f7 4c af 38 55 91 6d ae 70 7c 2b a5 36 a5 22 | CERT b9 2b 46 69 0b 40 0b da 4d e3 3a 4f d6 bb | emitting length of IKEv2 Certificate Payload: 1283 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-nonRepudiation.testing.libreswan.org, E=user-west-ku-nonRepudiation@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAbtrZ | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAbtrZ | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAbtrZ | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAbtrZ | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAbtrZ | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAbtrZ | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAbtrZ | private key for cert west-ku-nonRepudiation not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAbtrZ | #13 spent 9.85 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 00 bf 99 01 c5 91 9a 3b 75 84 af 9c f3 25 b5 2b | rsa signature 16 e0 f4 7a 6f 4b a2 55 dc af 46 a4 2b 38 5a d8 | rsa signature 76 d9 af 7a 1d bf 4c 41 a3 aa 23 ca 02 05 25 56 | rsa signature 86 2f 5e 63 b7 ba 50 11 53 37 70 33 c9 07 26 dd | rsa signature 34 a1 b3 92 6d 6b be 1b 5b 11 da 3b 00 20 78 c6 | rsa signature c1 fe eb c2 e2 aa 52 b3 6e 09 6b 95 d2 63 1c 2d | rsa signature 4b 0d 59 c4 b9 f3 f8 24 5a 73 24 b0 4b cf 3c ae | rsa signature e7 d2 57 4b 47 e6 e6 6c 9f ed 60 56 1e b8 98 db | rsa signature ae 84 fa e7 e2 7a c4 78 9d 16 51 f7 92 77 0c 45 | rsa signature 4f 45 68 9d e9 50 db 7f d3 39 f2 e4 e0 ae 8f af | rsa signature 8c a0 03 66 ca 55 93 ff 22 85 5a 47 1e ee 6c 09 | rsa signature dd b2 10 ac 5c f7 2a 04 70 55 a6 ab 67 24 5d e2 | rsa signature bd dd 4d 52 1b 85 7a bc de 7a db 21 69 5e 14 fa | rsa signature 97 85 b4 8c 87 93 f5 63 20 7b fb b2 4a 60 f6 4a | rsa signature 78 fb 95 15 5a a8 e1 a3 d1 88 53 f0 db e0 67 5c | rsa signature d3 fd fa b6 c2 86 7b b5 d1 67 ae ba ac c6 a5 af | rsa signature 5f da bc 67 45 e2 e9 02 10 00 f1 f6 f5 10 3e e3 | rsa signature d2 c4 36 7e 98 b3 41 e0 e0 fc 10 4f be d1 27 3e | rsa signature 51 03 50 48 42 9d 31 00 52 66 c6 e0 46 b2 42 e7 | rsa signature d7 0c 72 89 29 87 72 50 be dd b4 de e5 a8 d8 24 | rsa signature a1 c8 6b d1 ff ba 44 fb 6d 22 6a ef 6e 17 22 17 | rsa signature 10 13 a9 67 ca 92 0f 9e 34 40 b6 2a fa f5 c4 53 | rsa signature 32 cd 7a ae ab 8b c5 49 16 d2 b0 15 72 13 a2 9d | rsa signature 66 a9 2c da d7 65 33 70 f3 3f c7 3c 80 da 30 e4 | #13 spent 10.3 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #13 | netlink_get_spi: allocated 0x5b90ded0 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-ku-nonRepudiation (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-ku-nonRepudiation": constructed local ESP/AH proposals for west-ku-nonRepudiation (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 5b 90 de d0 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 5b 90 de d0 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 5b 90 de d0 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 5b 90 de d0 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2143 | emitting length of ISAKMP Message: 2171 | **parse ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2171 (0x87b) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2143 (0x85f) | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 e3 09 00 00 00 30 81 d8 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 35 30 33 06 03 | cleartext fragment 55 04 03 0c 2c 77 65 73 74 2d 6b 75 2d 6e 6f 6e | cleartext fragment 52 65 70 75 64 69 61 74 69 6f 6e 2e 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 31 40 30 3e 06 09 2a 86 48 86 f7 0d 01 09 01 | cleartext fragment 16 31 75 73 65 72 2d 77 65 73 74 2d 6b 75 2d 6e | cleartext fragment 6f 6e 52 65 70 75 64 69 61 74 69 6f 6e 40 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 27 00 05 03 04 30 82 04 fa 30 82 04 63 | cleartext fragment a0 03 02 01 02 02 01 21 30 0d 06 09 2a 86 48 86 | cleartext fragment f7 0d 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 | cleartext fragment 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 | cleartext fragment 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 | cleartext fragment 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 | cleartext fragment 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 | cleartext fragment 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 | cleartext fragment 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 | cleartext fragment 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 | cleartext fragment 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 | cleartext fragment 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 | cleartext fragment 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 39 | cleartext fragment 31 35 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 | cleartext fragment 39 31 34 31 39 34 34 35 39 5a 30 81 d8 31 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 30 0e | cleartext fragment 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 | cleartext fragment 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f | cleartext fragment 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 | cleartext fragment 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 | cleartext fragment 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 35 | cleartext fragment 30 33 06 03 55 04 03 0c 2c 77 65 73 74 2d 6b 75 | cleartext fragment 2d 6e 6f 6e 52 65 70 75 64 69 61 74 69 6f 6e 2e | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | cleartext fragment 6e 2e 6f 72 67 31 40 30 3e 06 09 2a 86 48 86 f7 | cleartext fragment 0d 01 09 01 16 31 75 73 65 72 2d 77 65 73 74 2d | cleartext fragment 6b 75 2d 6e 6f 6e 52 65 70 75 64 69 61 74 69 6f | cleartext fragment 6e 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 09 2a | cleartext fragment 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f 00 30 | cleartext fragment 82 01 8a 02 82 01 81 00 bb 6b 65 8a 93 90 c0 5a | cleartext fragment 6a 6f b8 16 50 59 35 56 d9 ec d2 e0 85 e9 a4 18 | cleartext fragment b4 71 10 b9 59 77 81 43 ec b3 46 c7 53 b8 e5 71 | cleartext fragment ea 6d d7 60 ad aa a2 05 dc 1a 00 a4 85 a1 87 c5 | cleartext fragment 56 b8 f2 56 87 da 15 4c fd 9d 77 da f1 53 7f 8a | cleartext fragment ab c6 ba 0f 13 e1 7f b2 dc 0c 09 8f 70 6a 9c 96 | cleartext fragment eb 12 5e e4 17 72 89 d3 49 b3 47 3c 6b d8 f4 b5 | cleartext fragment ed 96 89 05 55 03 87 62 2a 04 d4 0c 65 2f d8 20 | cleartext fragment 24 b6 59 03 8c 19 eb 2d 07 ea 91 1d ec 54 37 b7 | cleartext fragment 40 11 4f b8 d9 a0 6e 87 28 16 6b bb c5 29 6d ad | cleartext fragment cf 2c 06 ee 5d 71 26 ec db 29 59 7d 2c a6 bf 98 | cleartext fragment 58 6f 74 33 6b 98 27 a5 6e 72 cc 2b 37 e1 a0 30 | cleartext fragment 4c 9d fb 97 02 c5 8e 7f 2f a1 1e 3d 51 c8 41 e9 | cleartext fragment eb 2d e9 20 79 44 24 fe 64 1e f9 33 a6 22 53 92 | cleartext fragment 68 cc 5f 84 1d 34 da 44 48 34 de d0 8d 34 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 6d ab 18 ab 34 aa d0 0a b8 55 c7 ff 21 31 11 1f | cleartext fragment 04 e5 c8 8f a6 79 87 cb f6 93 f3 c1 41 33 d2 08 | cleartext fragment f4 d1 8a ca f5 11 b7 34 19 b0 1c 31 06 9e d9 1e | cleartext fragment ec d5 60 66 71 56 94 01 1f ce 79 ca b5 28 6a 3c | cleartext fragment 11 de 60 f4 87 c1 f7 a1 03 35 54 93 ec 31 64 ee | cleartext fragment e6 2e b5 27 df f5 39 45 07 4b d1 67 5c f5 3a a6 | cleartext fragment 35 c5 1f 3c bb 13 fd 42 c0 b0 ef a8 f9 99 c6 6b | cleartext fragment 1f ce 7b d8 e4 93 6b 93 91 2d 0f 07 5f 51 51 7c | cleartext fragment 8e 06 58 ad af 7b 2d 44 56 c2 cf 9c 6c 0f 9d 80 | cleartext fragment 63 54 2e a5 9e 87 fa a2 73 57 02 03 01 00 01 a3 | cleartext fragment 81 f5 30 81 f2 30 09 06 03 55 1d 13 04 02 30 00 | cleartext fragment 30 37 06 03 55 1d 11 04 30 30 2e 82 2c 77 65 73 | cleartext fragment 74 2d 6b 75 2d 6e 6f 6e 52 65 70 75 64 69 61 74 | cleartext fragment 69 6f 6e 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | cleartext fragment 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f | cleartext fragment 04 04 03 02 06 40 30 1d 06 03 55 1d 25 04 16 30 | cleartext fragment 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 | cleartext fragment 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 01 | cleartext fragment 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 | cleartext fragment 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 | cleartext fragment 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a | cleartext fragment 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f | cleartext fragment 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 | cleartext fragment 0d 01 01 0b 05 00 03 81 81 00 04 7a 37 2c 7e 26 | cleartext fragment cd 0e c7 fd b0 85 fb e1 f7 22 97 f9 74 02 32 d5 | cleartext fragment bc 4d b7 bb a5 17 92 07 f5 93 f2 b3 87 63 dd 90 | cleartext fragment 7a 1b 27 27 ac 62 b6 57 38 fe ed 69 3c 66 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 9a 75 a7 90 2d 62 67 fb fb 70 2e 9d 07 cd 1d 1f | cleartext fragment d1 94 fd e0 79 b9 e7 cc d2 6f a2 6c 82 70 71 ec | cleartext fragment 58 a4 66 db 9f 67 2e 90 8f c2 1a 31 3c b2 94 f7 | cleartext fragment 4c af 38 55 91 6d ae 70 7c 2b a5 36 a5 22 b9 2b | cleartext fragment 46 69 0b 40 0b da 4d e3 3a 4f d6 bb 21 00 01 88 | cleartext fragment 01 00 00 00 00 bf 99 01 c5 91 9a 3b 75 84 af 9c | cleartext fragment f3 25 b5 2b 16 e0 f4 7a 6f 4b a2 55 dc af 46 a4 | cleartext fragment 2b 38 5a d8 76 d9 af 7a 1d bf 4c 41 a3 aa 23 ca | cleartext fragment 02 05 25 56 86 2f 5e 63 b7 ba 50 11 53 37 70 33 | cleartext fragment c9 07 26 dd 34 a1 b3 92 6d 6b be 1b 5b 11 da 3b | cleartext fragment 00 20 78 c6 c1 fe eb c2 e2 aa 52 b3 6e 09 6b 95 | cleartext fragment d2 63 1c 2d 4b 0d 59 c4 b9 f3 f8 24 5a 73 24 b0 | cleartext fragment 4b cf 3c ae e7 d2 57 4b 47 e6 e6 6c 9f ed 60 56 | cleartext fragment 1e b8 98 db ae 84 fa e7 e2 7a c4 78 9d 16 51 f7 | cleartext fragment 92 77 0c 45 4f 45 68 9d e9 50 db 7f d3 39 f2 e4 | cleartext fragment e0 ae 8f af 8c a0 03 66 ca 55 93 ff 22 85 5a 47 | cleartext fragment 1e ee 6c 09 dd b2 10 ac 5c f7 2a 04 70 55 a6 ab | cleartext fragment 67 24 5d e2 bd dd 4d 52 1b 85 7a bc de 7a db 21 | cleartext fragment 69 5e 14 fa 97 85 b4 8c 87 93 f5 63 20 7b fb b2 | cleartext fragment 4a 60 f6 4a 78 fb 95 15 5a a8 e1 a3 d1 88 53 f0 | cleartext fragment db e0 67 5c d3 fd fa b6 c2 86 7b b5 d1 67 ae ba | cleartext fragment ac c6 a5 af 5f da bc 67 45 e2 e9 02 10 00 f1 f6 | cleartext fragment f5 10 3e e3 d2 c4 36 7e 98 b3 41 e0 e0 fc 10 4f | cleartext fragment be d1 27 3e 51 03 50 48 42 9d 31 00 52 66 c6 e0 | cleartext fragment 46 b2 42 e7 d7 0c 72 89 29 87 72 50 be dd b4 de | cleartext fragment e5 a8 d8 24 a1 c8 6b d1 ff ba 44 fb 6d 22 6a ef | cleartext fragment 6e 17 22 17 10 13 a9 67 ca 92 0f 9e 34 40 b6 2a | cleartext fragment fa f5 c4 53 32 cd 7a ae ab 8b c5 49 16 d2 b0 15 | cleartext fragment 72 13 a2 9d 66 a9 2c da d7 65 33 70 f3 3f c7 3c | cleartext fragment 80 da 30 e4 2c 00 00 a4 02 00 00 20 01 03 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 202 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 04 02 5b 90 de d0 03 00 00 0c 01 00 00 14 80 0e | cleartext fragment 01 00 00 00 00 08 05 00 00 00 02 00 00 20 02 03 | cleartext fragment 04 02 5b 90 de d0 03 00 00 0c 01 00 00 14 80 0e | cleartext fragment 00 80 00 00 00 08 05 00 00 00 02 00 00 30 03 03 | cleartext fragment 04 04 5b 90 de d0 03 00 00 0c 01 00 00 0c 80 0e | cleartext fragment 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 04 03 | cleartext fragment 04 04 5b 90 de d0 03 00 00 0c 01 00 00 0c 80 0e | cleartext fragment 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 | cleartext fragment 00 00 07 00 00 10 00 00 ff ff c0 01 02 2d c0 01 | cleartext fragment 02 2d 00 00 00 18 01 00 00 00 07 00 00 10 00 00 | cleartext fragment ff ff c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 235 | emitting length of ISAKMP Message: 263 | suspend processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #14: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #14 to 0 after switching state | Message ID: recv #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #13.#14 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-ku-nonRepudiation" #14: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 ef 49 7d 11 f0 5b 64 5d 99 8a bc 21 | c3 8c 50 38 99 06 fe 9c e5 e2 fc ec 69 d4 77 5d | 84 91 67 4d 4b d3 8a 32 5b 7d 52 fc 26 79 4e 5d | eb 58 e6 e6 77 88 69 a5 2a 50 ce 7a 37 3a 0d b4 | ef 23 c7 30 00 0a 3d 40 68 45 60 6e 1b a8 be 00 | 07 ea 52 fa 93 d7 b1 22 5f 2e a0 05 db fe 91 1d | 6b 66 67 e5 4a 0b 3f f3 cb 55 27 4c 9f 4e de ed | f5 cf 79 da 11 8b 28 e5 cd 19 f8 1b 87 a3 1a f0 | 83 9e 73 73 79 32 f4 72 84 ac f5 71 06 5e 55 3b | ef d3 12 e8 2c 14 81 01 d1 cb e6 e8 0e 93 e9 52 | 90 98 a6 71 64 e9 85 40 01 14 69 27 64 a5 78 7c | 94 22 42 07 d8 63 4c f6 10 c0 4d 19 eb 81 01 2d | 00 8b 02 5f 37 de ff b5 78 1d 17 f2 12 6e bd 6f | 6d 4e af 20 b3 1a 73 c9 5a a5 1b b2 b1 95 a1 3a | 60 c8 14 7a 95 88 10 b3 76 53 c1 0b 74 5f 13 b4 | d8 94 76 43 0e 54 76 cb 0f 2a 79 f9 80 41 13 32 | 00 58 e1 3f 77 f2 31 b2 87 b9 9f be ef d8 78 e7 | b6 75 90 33 96 cd 5f b3 3e 18 4c 8e e4 ec cb 3b | 0f 04 34 3c 8b d0 cc 9b f0 81 ea 66 1a cd e4 86 | c3 60 80 bf f4 7c 13 79 0a ca 33 f6 e0 33 08 6e | b5 1f c3 3d 1e 34 df 7c 7e f8 24 01 48 b9 2c 62 | 74 db 2d de ca 57 02 5c fc ae 38 6b c0 db d5 7c | 0e 6e 47 e6 9e 24 9a 73 17 26 77 d0 b2 ea 50 7c | 95 73 df 50 df 2c 08 60 d2 89 fd 38 ab d9 b6 0a | f7 12 73 bd 82 b9 d6 42 0d 64 19 a8 ea a3 0b 59 | 2f 0e 58 51 ac 2a 71 a4 e6 25 a4 ad 53 f0 c6 ea | e7 b3 da 80 48 e0 74 1c 42 45 93 f3 f1 d5 02 43 | 64 c2 40 3a 6a d0 a4 d0 6c 28 45 4e 66 24 1b 7c | 56 74 96 14 1f 62 53 14 ac 4b 2a 3c ae 04 3a 7d | 2a a1 bc ae 8a 8f e4 b8 02 aa e1 ff 04 62 e0 bd | a7 67 73 07 38 a8 01 c3 08 b3 07 21 27 74 1c 9f | 4e 34 9e 3d 03 96 5e ad 6c 6c 5b | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 e5 82 65 5c 19 64 a2 1c 75 44 fd a4 | 81 d5 25 e0 d1 ae 63 48 ac 96 ba 42 49 24 60 23 | ad df 8a 86 3c cc 30 b5 04 b2 b5 24 9d 16 34 33 | f4 f8 28 63 60 62 37 27 da f8 43 9e 51 86 8c 5c | 58 24 eb 2a d3 a1 31 f1 89 db f2 a7 d9 42 41 93 | 77 d7 4e e2 89 a8 e3 40 da c5 f9 e6 25 74 11 0c | 98 bb 6c 94 c0 fa 1e da bc 93 da 28 f9 37 19 69 | 55 f7 32 f1 de 58 a9 d3 34 38 4f c7 20 29 c0 fb | f9 35 67 e9 b1 20 3b 30 78 7d 09 ec c5 49 f8 5a | ea 00 9e 7e 09 52 7f af 5f 5b f7 e6 b1 25 bf ac | 88 24 98 67 b1 f5 62 04 ad d0 23 a4 73 b0 ff a3 | ad 3a 6a db e5 9d 51 4a 2e a1 0f a5 31 10 4c 74 | df 53 21 e9 39 57 db 06 bd a7 59 0e 8f d0 17 66 | 09 f9 55 77 3d 2c 80 73 16 84 6b ef b2 19 52 92 | 3d 17 d0 65 77 0c ea 1b f6 d8 e0 16 e1 e9 cb 57 | f7 ec 5f 76 70 53 fa ce 77 6b 5d 9e 2b fe 58 b1 | 75 c9 46 d9 12 3e d0 f7 74 b5 b4 96 af 09 0a f9 | 03 53 dc 17 88 bc 2a 49 5a a3 28 0c f4 7d ba ab | e0 02 31 66 71 01 aa 42 d0 98 90 f5 03 6f f0 09 | 6f 77 4a 68 d0 fa ac 17 5d 8b 23 38 ae d0 e4 37 | b9 a5 13 77 be b6 7d 5b 98 b7 d9 7a ce 48 fe 67 | 46 ed d7 0d f1 e3 c7 78 87 5e fd 74 35 76 04 30 | 79 07 f7 66 08 fc cc 4e 8d 28 d1 ef 73 ff 0b 12 | be d8 31 c5 6c 00 b7 aa 2b 99 2b 23 1f 4a b9 d9 | 61 7c af f0 f1 15 98 7b 7c 94 9f bd be 0b 7e 22 | 8a c0 6b 51 93 2b 24 88 84 0c 91 05 13 ac bd b9 | 38 8f f8 58 e3 25 1c 70 22 6e 22 a7 5a 6a cf 68 | a7 59 c3 48 59 27 55 bc 38 a8 51 1a 65 be fd 67 | bf 9d 7e 93 d1 7a 5e 86 78 d6 88 14 00 2c c0 db | 13 7f f1 c9 29 d2 e2 7d df 78 d4 62 be 74 25 82 | b4 fe f2 52 ea 12 fc 94 7f a0 a3 82 e6 b2 73 52 | 1e 1e 52 e5 9a 68 52 2f a1 bc df | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 55 e3 a3 64 e8 6b 6a ec 34 0c 78 6e | 98 b1 58 10 1b bb 75 73 05 a1 ae fb e5 b9 08 6e | e5 7a 2a 69 a9 07 47 41 5a 72 50 68 d7 07 f8 3b | af 01 fe d4 eb 57 d8 2e d5 3b 02 cd 36 8a 0b 6e | 5c 4e c2 7b 22 fc d8 8e e1 df 1b 2a a0 ba 4d fa | d7 78 86 27 3a 59 72 a5 f3 fc 37 c3 40 a5 b4 62 | ca 2b c4 56 67 a9 ab e0 55 03 6a 5c 89 78 a0 fe | 9b 94 58 63 a6 cc 99 04 ee ad 78 f0 c3 3e 21 41 | c7 91 81 f3 8e 15 af 5d 21 18 f4 81 08 98 a5 56 | ae be 37 f4 61 2c 1f 1c 40 96 bb 15 9c 39 7a 0b | 76 c1 a2 40 85 91 28 70 88 dd c0 84 9a ed 04 4f | d5 f0 4e b3 07 15 18 66 fc 1d 71 a5 1e b6 27 e8 | af c4 db a0 24 f9 9a e3 c4 6a 9d 33 82 37 88 ad | 06 70 6f 80 02 a2 46 a1 1d 86 c6 8c 70 fb 56 67 | 17 f1 8d ac ce db f8 24 18 55 78 bd 20 3c 8a a1 | 2f 1b d0 78 4d dd 3b 99 96 43 65 35 9d 05 db b7 | 35 1e 66 24 ff 98 20 c9 6d ac 5c d2 8e d3 3b 8e | 16 19 db 9b 06 8a 35 26 da ae 13 9e fb ad 1c 4a | cc 10 b9 3f 49 b1 0a d4 ca 63 3b 37 3b 3b 4f a0 | d7 44 9b 53 9b 5f 51 77 86 a5 ee 7e 7a 04 3c 18 | a2 07 81 e8 54 3c bd e6 f0 e9 fa 6d d2 0a 34 89 | 7e 2d 1b aa 18 98 90 49 53 87 1a e1 a9 a4 2e 23 | 49 70 95 f1 b8 d7 3e 56 8c ef 2b 1e 6b 07 a5 55 | 2f b8 63 68 56 32 2b 3a 00 28 a1 b2 c1 ce 8e f3 | 81 4c 55 6d 5f 0e a0 b0 0c ef 3b c7 9a e7 78 e6 | ae 37 f8 ff 5b 36 31 a5 5e 40 6d 36 01 6a a4 7f | 4e 8b 51 7e c5 33 79 fe 93 ea ec 86 d2 cd ce 4d | cb 88 77 42 f4 12 a4 00 c5 25 52 b4 4f cf 24 ba | b8 07 bf c3 84 ed f4 cc 45 de 8b c9 57 7e 09 46 | 31 64 5b ef e0 c8 93 64 a3 81 67 7b 6c 0e f1 b8 | c6 26 a8 78 90 8e 9e 56 98 a1 7f bd 8e 9b d6 86 | dc 15 26 b1 35 91 7f 3b e2 8b 9a | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 49 0e f7 76 61 4b e3 8c df ec df 3c | ae da b9 2a 63 5d f3 08 b5 03 8b ae 62 9f c2 26 | a9 42 76 b6 f1 86 6c 77 3e fa fa 97 ec 2a 35 e9 | 35 de 03 26 3d 4e 03 7c 9a d0 fe fa 1c d7 1e 74 | 99 a5 60 89 67 c4 bc 16 ba 12 de f3 3b 32 d8 7c | b0 b5 81 00 20 40 4c e2 94 9d 25 83 7e 91 c7 13 | fd cd 10 97 d0 12 51 0f be 85 1d 59 0d e3 40 7e | 17 35 12 79 d0 3c 55 eb 4f ce 14 01 85 c2 ee ae | 5b e7 98 14 de 03 eb 23 40 8a ff 60 9a 1d 88 d6 | 0c 16 7a 47 65 3d 79 db bb b1 b8 7f a0 d2 c9 5b | f4 d5 09 fd 33 c8 00 51 51 f2 95 24 dc 41 22 34 | 07 ad 83 ae 55 f0 f4 b0 6a 39 32 86 6c 8c 98 13 | 01 7e b1 58 b3 95 3c ff 79 27 6e 8c 87 80 f2 cd | 08 33 89 f8 b1 94 42 4b 8b 7c cb 8d db 44 1c 6c | 22 6a 30 12 52 69 58 7c 36 75 9f 21 b9 25 02 71 | 2c 61 02 dd da 67 8f 98 25 40 80 c2 9f 0e 26 2e | 53 da 89 bb 61 fb bf 67 10 8c 19 32 3d 47 41 24 | 21 22 e8 f3 cf 2a ee db 19 1f 20 ef de 7c b8 e7 | c4 4d 21 af 79 e1 34 4b b1 4c 38 3e 3d ef 07 d7 | 37 47 ec 8e 5a ec f3 02 23 50 75 43 08 5b 29 70 | bf e0 72 c7 26 c6 8d ab bd 99 dd 7c fa fc 92 e1 | ad bf a4 d0 eb c7 0e 6d 25 ec b2 24 f3 6d 56 89 | 83 2a e0 70 f6 20 a2 e8 e8 ef 8c 65 0f e3 ba dd | 82 58 40 b4 d3 41 be 57 e5 e7 20 b9 33 e7 35 b1 | 59 a9 f3 a1 06 eb cd 84 d7 51 b8 69 a8 0c 85 2e | a3 74 f8 64 54 58 00 5a f2 7b 58 81 13 8c 14 39 | ff 88 30 ec c9 1c 0f 00 2b 97 83 fe 35 ae 36 18 | 55 19 aa 4b 9d e5 a1 32 a2 5b 50 c4 04 2a 8e 9c | 13 27 c5 6d 0c 66 d4 c5 b0 40 ab 9f 2b a2 31 15 | 7f 0c 8d f2 4d 48 f9 9d 89 9c 62 a1 1c 25 93 0e | 8b 2f c2 cb 48 0b 11 06 2c 76 2b 65 fb d0 f8 54 | 08 96 28 4e 4a e1 a5 f7 56 d5 9e | sending 263 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 35 20 23 08 00 00 00 01 00 00 01 07 00 00 00 eb | 00 05 00 05 12 cc ae c4 80 52 2b d8 f8 3f c4 d5 | 30 7a 42 b8 e7 53 e2 37 2c 9b 13 b6 a1 79 15 5a | 2d ee 00 38 73 85 f2 db 3d 8c 9a 37 2b 35 aa a8 | df e8 80 df 7b d0 8a af 93 e0 03 89 1f dc 55 77 | 12 e4 10 0c cf 10 c4 82 84 9d 9f f3 bd 34 8d d4 | 03 a9 15 e4 9b 2d 08 ec d9 e3 ad 9b fb 4b 3c a8 | 62 b6 97 97 23 8d 67 0a c1 c7 73 ac c1 a1 73 4a | f5 59 6d 85 53 31 43 cf 99 35 ba 08 d5 e9 de a5 | 0c 4d 9f a9 1e 10 fb 69 7b 33 c5 8f e4 c4 93 62 | 5e 3f b8 a2 e1 75 08 c2 c7 20 26 d8 13 8e 8c 2d | 1b 8f 8c 67 88 4d 05 f2 29 aa 93 d3 26 02 16 fc | 75 d5 8d 46 ab 43 98 3f 75 af d4 9d ea 56 7f c6 | 0c 15 59 d6 c1 33 71 5c ac 6c 22 ca 7b 8e c8 ba | b2 fc bc 28 c6 bc e7 2d 99 8f 38 59 f1 6a d5 38 | 25 21 cc de 2a 09 5e | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ku-nonRepudiation" #14: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5e6730 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f2084004470 size 128 | #14 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48996.222392 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.79 milliseconds | #13 spent 12.5 milliseconds in resume sending helper answer | stop processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f207c004470 | spent 0.00324 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a0 42 b7 df 02 fc 9d c9 be 9f a6 ab a7 e3 17 09 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 4b 55 7d c5 66 2c 32 e5 e8 30 bf 58 f5 bf 5e ab | 61 f8 ff 58 f7 1a a1 f8 b8 04 fd 9e 61 22 01 49 | 5f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a0 42 b7 df 02 fc 9d c9 | responder cookie: | be 9f a6 ab a7 e3 17 09 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #13 in PARENT_I2 (find_v2_ike_sa) | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #14 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #14 is idle | #14 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #14 in state PARENT_I2: sent v2I2, expected v2R2 | #14 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-ku-nonRepudiation" #14: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #13 ikev2.ike failed auth-failed "west-ku-nonRepudiation" #14: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #14 fd@25 .st_dev=9 .st_ino=1693823 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #13 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2084004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5e6730 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5e6730 | inserting event EVENT_RETRANSMIT, timeout in 59.996622 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f2084004470 size 128 "west-ku-nonRepudiation" #14: STATE_PARENT_I2: suppressing retransmits; will wait 59.996622 seconds for retry | #14 spent 0.0559 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.221 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.232 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ku-nonRepudiation" (in terminate_a_connection() at terminate.c:69) "west-ku-nonRepudiation": terminating SAs using this connection | connection 'west-ku-nonRepudiation' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "west-ku-nonRepudiation" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | #14 spent 0.0559 milliseconds in total | [RE]START processing: state #14 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ku-nonRepudiation" #14: deleting state (STATE_PARENT_I2) aged 0.084s and NOT sending notification | child state #14: PARENT_I2(open IKE SA) => delete | child state #14: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #14 requesting EVENT_RETRANSMIT to be deleted | #14 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2084004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5e6730 | priority calculation of connection "west-ku-nonRepudiation" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-ku-nonRepudiation" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-ku-nonRepudiation | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | start processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted auth-failed | #13 spent 17.4 milliseconds in total | [RE]START processing: state #13 connection "west-ku-nonRepudiation" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ku-nonRepudiation" #13: deleting state (STATE_PARENT_I2) aged 0.093s and NOT sending notification | parent state #13: PARENT_I2(open IKE SA) => delete | state #13 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2078004f50 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2078000c20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-ku-nonRepudiation | State DB: deleting IKEv2 state #13 in PARENT_I2 | parent state #13: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #13 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ku-nonRepudiation" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-ku-nonRepudiation' wasn't on the list | stop processing: connection "west-ku-nonRepudiation" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.267 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-sanCritical" (in initiate_a_connection() at initiate.c:186) | connection 'west-sanCritical' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #15 at 0x56366a5a3770 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-sanCritical" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-sanCritical" IKE SA #15 "west-sanCritical" "west-sanCritical" #15: initiating v2 parent SA | constructing local IKE proposals for west-sanCritical (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-sanCritical": constructed local IKE proposals for west-sanCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 15 for state #15 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5e6730 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f2084004470 size 128 | #15 spent 0.145 milliseconds in ikev2_parent_outI1() | crypto helper 0 resuming | crypto helper 0 starting work-order 15 for state #15 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 15 | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-sanCritical" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.209 milliseconds in whack | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 15 time elapsed 0.000905 seconds | (#15) spent 0.916 milliseconds in crypto helper computing work-order 15: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 15 for state #15 to event queue | scheduling resume sending helper answer for #15 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #15 | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 15 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #15 | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-sanCritical (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x a2 10 67 d0 52 d4 ea ad e9 79 1a 61 4e 6c d4 4e | ikev2 g^x 73 d0 0c f5 7d 1e e1 ea 85 2a 99 55 36 ce 3a da | ikev2 g^x 7b 50 91 f0 58 0a 64 90 76 42 86 69 e9 e2 1b 5c | ikev2 g^x 39 1f 1d fd b4 46 6b 6b f4 76 a7 2d 3e 7c ae 81 | ikev2 g^x ed f0 49 06 89 79 be c5 27 96 b5 d1 1e 3e f4 87 | ikev2 g^x a2 5c 93 7c d3 33 d3 81 c5 ca 3b 7b 9f c5 24 c3 | ikev2 g^x d0 0c d5 3a 51 f8 f5 e4 e2 d4 1f e9 be 6e a5 4a | ikev2 g^x 26 92 64 66 43 c9 91 10 58 14 dd 92 fa 44 7a e7 | ikev2 g^x 6e c3 8c ce f4 67 ab dd 9c 14 cb 6c 71 fa 82 88 | ikev2 g^x ef e9 e5 03 7a 15 ea 99 a5 af f2 7f 07 ff 88 ce | ikev2 g^x 61 ee 2d 47 b6 d1 1e e9 75 a2 b9 2c e5 40 a7 34 | ikev2 g^x f1 37 2c a2 0f 73 69 7c 80 da 10 5c b1 6d b8 30 | ikev2 g^x 72 60 bd f4 3a de d7 91 89 ea b8 89 2a b9 01 e0 | ikev2 g^x c8 c8 5a 1a 22 a8 e8 12 c8 87 42 16 14 20 c7 31 | ikev2 g^x a9 74 1d c5 9c 9c 76 f9 ab e4 3a 7c 33 e0 f7 60 | ikev2 g^x 88 5c 2d 93 24 af ed 59 f0 e2 a6 c5 30 fc f6 bb | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce fe 34 4d 00 0b 60 4d 76 9c 02 2b 65 0c da a7 15 | IKEv2 nonce ec c9 e4 67 20 d1 df a9 c2 43 e5 9d 29 b3 dc 92 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= e4 44 f5 ac a6 6c 70 e6 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 34 f2 66 12 b7 f5 c0 d6 a5 6e 5c 7b 39 21 f7 dc | natd_hash: hash= b8 0b a4 ff | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 34 f2 66 12 b7 f5 c0 d6 a5 6e 5c 7b 39 21 f7 dc | Notify data b8 0b a4 ff | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= e4 44 f5 ac a6 6c 70 e6 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 19 1a 4c 48 05 d7 41 3b 0a 8a ae 76 0b bf a2 cd | natd_hash: hash= 69 ae 50 61 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 19 1a 4c 48 05 d7 41 3b 0a 8a ae 76 0b bf a2 cd | Notify data 69 ae 50 61 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #15: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #15 to 4294967295 after switching state | Message ID: IKE #15 skipping update_recv as MD is fake | Message ID: sent #15 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-sanCritical" #15: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | e4 44 f5 ac a6 6c 70 e6 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 a2 10 67 d0 52 d4 ea ad | e9 79 1a 61 4e 6c d4 4e 73 d0 0c f5 7d 1e e1 ea | 85 2a 99 55 36 ce 3a da 7b 50 91 f0 58 0a 64 90 | 76 42 86 69 e9 e2 1b 5c 39 1f 1d fd b4 46 6b 6b | f4 76 a7 2d 3e 7c ae 81 ed f0 49 06 89 79 be c5 | 27 96 b5 d1 1e 3e f4 87 a2 5c 93 7c d3 33 d3 81 | c5 ca 3b 7b 9f c5 24 c3 d0 0c d5 3a 51 f8 f5 e4 | e2 d4 1f e9 be 6e a5 4a 26 92 64 66 43 c9 91 10 | 58 14 dd 92 fa 44 7a e7 6e c3 8c ce f4 67 ab dd | 9c 14 cb 6c 71 fa 82 88 ef e9 e5 03 7a 15 ea 99 | a5 af f2 7f 07 ff 88 ce 61 ee 2d 47 b6 d1 1e e9 | 75 a2 b9 2c e5 40 a7 34 f1 37 2c a2 0f 73 69 7c | 80 da 10 5c b1 6d b8 30 72 60 bd f4 3a de d7 91 | 89 ea b8 89 2a b9 01 e0 c8 c8 5a 1a 22 a8 e8 12 | c8 87 42 16 14 20 c7 31 a9 74 1d c5 9c 9c 76 f9 | ab e4 3a 7c 33 e0 f7 60 88 5c 2d 93 24 af ed 59 | f0 e2 a6 c5 30 fc f6 bb 29 00 00 24 fe 34 4d 00 | 0b 60 4d 76 9c 02 2b 65 0c da a7 15 ec c9 e4 67 | 20 d1 df a9 c2 43 e5 9d 29 b3 dc 92 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 34 f2 66 12 | b7 f5 c0 d6 a5 6e 5c 7b 39 21 f7 dc b8 0b a4 ff | 00 00 00 1c 00 00 40 05 19 1a 4c 48 05 d7 41 3b | 0a 8a ae 76 0b bf a2 cd 69 ae 50 61 | state #15 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2084004470 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5e6730 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-sanCritical" #15: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5e6730 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f2084004470 size 128 | #15 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48998.415789 | resume sending helper answer for #15 suppresed complete_v2_state_transition() and stole MD | #15 spent 1.22 milliseconds in resume sending helper answer | stop processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2090001350 | spent 0.00261 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 e0 42 02 f2 | f9 02 d0 46 cf 38 7f 17 e8 cf bb 7e 7c 6f 2b b3 | 63 7c 6f 47 b4 54 8e 58 fd f4 36 6a c7 29 63 4d | 43 c9 5d 87 a0 77 66 01 b6 84 c4 57 99 0d 9e a9 | 28 d7 c8 4e 4d c0 cd f2 27 91 f1 35 f2 cb ee 07 | a6 ae 28 35 0e 74 ba 0b ac e9 9a a3 c0 b5 13 21 | c5 c7 5d 56 76 db 79 ae 43 43 11 69 72 12 44 df | 8c ba f2 37 e0 2c d2 02 e3 84 0a 17 10 03 4a 74 | 7c a1 b6 94 f4 8b 7c 1f 56 c4 2c 88 62 5e 9e 5c | ad fc c0 cf f5 db 72 65 98 0b d3 44 c0 33 79 a3 | fa e8 ec 0c c9 96 83 97 fc aa 46 0e c1 c0 6f f1 | dd 77 1d 24 b0 3f bf 7a cd 12 76 c3 4b 84 b2 88 | 24 79 49 81 4a 78 e3 f6 24 ac 65 68 07 6d eb 7c | 3e ee 97 eb 6f ef 13 61 0b 32 7e d0 2e 09 f5 69 | 18 e6 90 33 ab ce 03 89 80 39 ab 9a 69 e4 f2 a6 | 64 72 89 4d d2 11 5f ca af 13 e2 72 e8 e1 4d 13 | 0e 28 e5 36 c6 f8 5b 89 f9 10 2b 1b 29 00 00 24 | 8a 6b 4f 2d ec 59 3d 93 65 0a db c1 f3 cc 69 e9 | 5d 01 66 9a 61 77 b9 75 17 85 f1 aa 49 e3 26 85 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 7c 31 f7 c0 85 9c 42 90 11 3b e9 ef 48 29 97 4d | cc eb 5d 95 26 00 00 1c 00 00 40 05 e9 a9 36 f7 | 63 90 8a 19 75 1e db 65 9e 89 b6 b9 7a 65 b0 64 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #15 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #15 is idle | #15 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #15 IKE SPIi and SPI[ir] | #15 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-sanCritical (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= e4 44 f5 ac a6 6c 70 e6 | natd_hash: rcookie= eb 8a 0a 28 90 23 f2 93 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= e9 a9 36 f7 63 90 8a 19 75 1e db 65 9e 89 b6 b9 | natd_hash: hash= 7a 65 b0 64 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= e4 44 f5 ac a6 6c 70 e6 | natd_hash: rcookie= eb 8a 0a 28 90 23 f2 93 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 7c 31 f7 c0 85 9c 42 90 11 3b e9 ef 48 29 97 4d | natd_hash: hash= cc eb 5d 95 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 16 for state #15 | state #15 requesting EVENT_RETRANSMIT to be deleted | #15 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2084004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5e6730 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5e6730 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | #15 spent 0.232 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 1 resuming | [RE]START processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 1 starting work-order 16 for state #15 | #15 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 16 | suspending state #15 and saving MD | #15 is busy; has a suspended MD | [RE]START processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-sanCritical" #15 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #15 spent 0.49 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.502 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 16 time elapsed 0.001407 seconds | (#15) spent 1.4 milliseconds in crypto helper computing work-order 16: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 16 for state #15 to event queue | scheduling resume sending helper answer for #15 | libevent_malloc: new ptr-libevent@0x7f2088008980 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #15 | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 16 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #15: calculating g^{xy}, sending I2 | creating state object #16 at 0x56366a5c49b0 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.child started | duplicating state object #15 "west-sanCritical" as #16 for IPSEC SA | #16 setting local endpoint to 192.1.2.45:500 from #15.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #15.#16; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #15 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #15.#16 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #15 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2090001350 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5e6730 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a5e6730 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | parent state #15: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 207 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 cc 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 | my identity 74 2d 73 61 6e 43 72 69 74 69 63 61 6c 2e 74 65 | my identity 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | my identity 6f 72 67 31 3a 30 38 06 09 2a 86 48 86 f7 0d 01 | my identity 09 01 16 2b 75 73 65 72 2d 77 65 73 74 2d 73 61 | my identity 6e 43 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e | my identity 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 215 | Sending [CERT] of certificate: E=user-west-sanCritical@testing.libreswan.org,CN=west-sanCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1263 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 eb 30 82 04 54 a0 03 02 01 02 02 01 15 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 cc 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 | CERT 65 73 74 2d 73 61 6e 43 72 69 74 69 63 61 6c 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 31 3a 30 38 06 09 2a 86 48 86 f7 | CERT 0d 01 09 01 16 2b 75 73 65 72 2d 77 65 73 74 2d | CERT 73 61 6e 43 72 69 74 69 63 61 6c 40 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 | CERT 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 | CERT 81 00 eb 62 b1 e0 cd a6 d5 d1 31 f7 ad 49 9b d1 | CERT af d8 79 c9 1c 6e 67 4c f8 3d cf 74 c2 9c 04 f9 | CERT a0 96 c1 d2 86 56 47 7c ed 79 09 62 86 a2 c7 c8 | CERT b8 49 ae 0e 6b ea 41 16 4b ce b2 c6 a2 8e 03 ae | CERT 4f 51 60 b2 b6 2c 98 2d 49 c3 ca 47 c6 cd 82 71 | CERT 5b d9 e1 3a f4 18 ba 69 b4 83 8c 06 e6 59 37 93 | CERT 69 19 72 68 45 75 43 2c 2b 03 1f 7a 6f 75 49 fb | CERT d4 5c da 8a 48 0c 54 4f b3 c6 f0 29 6b b0 b5 38 | CERT 0a 36 52 08 53 26 b5 33 c9 c0 c3 8c e8 02 51 dc | CERT 8a 52 0f 85 0c 8e b5 41 55 8c 05 42 70 3f 42 a6 | CERT af e2 be ea 19 bd c8 aa cc 62 a2 77 47 3c fd 35 | CERT 23 c0 d9 91 ad 68 cf 1e 06 0c 14 ec f4 87 e0 3c | CERT 15 c3 da 84 2a 6d d2 67 94 58 19 a0 2a 9f 48 7c | CERT 9d ee c5 e0 8b f3 e0 b5 f8 24 c5 01 dc 2d 4b 7d | CERT 70 7b 17 29 84 2a 6d f7 19 fc 75 ee ba 02 8a 58 | CERT 04 c2 4e 8e e5 de 04 ed ab 05 37 96 b7 c2 0c 45 | CERT 9a da ba 10 f7 1c 0c 10 0c d0 c2 cd a2 10 d0 06 | CERT 15 e0 c6 d1 64 3e 98 35 be 1d 98 37 c9 23 8d 43 | CERT 5e c7 3c cd f1 63 a7 42 80 0a fe 01 44 4b ba 0a | CERT ba 17 fe b2 82 f4 63 6e 25 2f 18 da 25 cc 18 e3 | CERT 89 66 9a fd f0 87 79 87 ad 4e b7 20 e3 ca 6f 34 | CERT 31 b0 ef 4f 60 2a 3c b8 f9 62 13 3c ae c9 0a 63 | CERT 41 52 eb f1 7b ce c9 20 41 4d d3 54 cf ac e1 8e | CERT ab aa 03 eb a9 26 32 f2 36 f4 75 ca 63 1e 8e 7d | CERT be 37 02 03 01 00 01 a3 81 f2 30 81 ef 30 09 06 | CERT 03 55 1d 13 04 02 30 00 30 34 06 03 55 1d 11 01 | CERT 01 ff 04 2a 30 28 82 26 77 65 73 74 2d 73 61 6e | CERT 43 72 69 74 69 63 61 6c 2e 74 65 73 74 69 6e 67 | CERT 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 0b | CERT 06 03 55 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 | CERT 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 | CERT 06 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b 06 | CERT 01 05 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 | CERT 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e | CERT 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | CERT 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 | CERT 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c | CERT 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 | CERT 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | CERT 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 | CERT 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 13 | CERT f1 a5 a5 09 f5 d4 8c e3 41 7a 5e 7c bc a7 a7 3b | CERT 4b ea f6 48 75 0a 5b 93 7c b8 64 28 ed 69 63 3f | CERT 52 2c 82 78 27 ac 3f 48 58 f8 01 de 3b 7e b4 6d | CERT 31 eb 38 1d 7b 86 8e 1d f8 2d cd a7 bc a2 1b 70 | CERT d5 b3 0f 8a f4 19 fc 5b 0a 89 c9 5d 6b 53 0e b2 | CERT 16 da 15 44 21 49 8c 0c c2 08 f7 cf 6b fe eb 18 | CERT 2f 33 d1 34 aa 8c 9d f6 f3 11 60 43 a3 b9 0a a0 | CERT 1d 01 c0 29 29 dd 79 51 d6 9f b6 a9 11 db e2 | emitting length of IKEv2 Certificate Payload: 1268 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-sanCritical.testing.libreswan.org, E=user-west-sanCritical@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAetis | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAetis | private key for cert west-sanCritical not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAetis | #15 spent 6.63 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 5d 48 d0 e7 5a c9 5d cc 70 9f b4 77 f8 2e 13 46 | rsa signature 42 fb 86 cd 38 18 0c e5 3d 87 f2 38 f9 fe 0d 2b | rsa signature dd 41 c7 8f 0a 61 8d 0f 8a 6d 3c c4 90 5a 6c 4a | rsa signature d1 66 9d 42 fc ab 22 9b 7b 53 b6 d5 c3 0f 25 11 | rsa signature 91 bf 11 a1 1c 66 ac a3 ce 55 a3 85 57 3f 39 db | rsa signature ef 63 3d 0c d4 af 37 ed b4 90 b3 35 ad 25 bb 58 | rsa signature 57 e1 31 0d 4a 0b 38 85 85 24 f9 9c 2c 31 1d 78 | rsa signature 8d 35 64 4f e4 9c 97 6c e1 72 83 1d 24 70 23 02 | rsa signature 7c b5 87 ea 28 5f 1f 90 85 5f fe 08 52 35 ed 98 | rsa signature e2 b9 6e ce 88 c6 00 65 71 a5 71 62 d6 54 5e c6 | rsa signature f8 74 c8 9b 28 65 ec 90 85 03 45 c2 6e 4a 39 43 | rsa signature 61 4b fb 18 08 d6 92 21 7f 54 91 3f ea f0 cc 51 | rsa signature 6b 08 52 1d e3 fc f2 bd e1 4d f0 25 6e 53 08 9c | rsa signature 24 ae ac 18 fc 80 96 02 32 0d fa 38 4c 66 6b b6 | rsa signature 95 f6 52 d3 f4 fa f0 07 a6 e9 3f de 00 df 4e 26 | rsa signature c5 f7 96 fa 02 45 e8 6e 42 12 64 2f 1a 73 7e 8c | rsa signature b7 5b 62 51 34 55 c4 35 54 88 10 e2 80 06 d2 48 | rsa signature 50 ff e4 35 c0 66 98 50 9d c7 73 25 47 58 b1 db | rsa signature bc 8b 66 7e 16 aa da ea 91 da 95 30 32 44 d4 27 | rsa signature 22 f5 a2 ba 9f df b5 cf e0 12 69 df 9d 74 21 4c | rsa signature a2 40 f2 c3 7d ab ed 5c 0a 3d 77 f3 bc 15 39 37 | rsa signature f1 2b 70 fb 3a 27 36 31 89 2d 84 f4 a0 bf 65 08 | rsa signature af c6 f3 be 1d 38 8a 42 1e 05 b0 20 d9 dc e6 47 | rsa signature 77 29 34 49 a4 ca 67 bf 41 af 41 cb 93 11 84 dd | #15 spent 6.9 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #15 | netlink_get_spi: allocated 0x2d709951 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-sanCritical (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-sanCritical": constructed local ESP/AH proposals for west-sanCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 2d 70 99 51 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 2d 70 99 51 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 2d 70 99 51 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 2d 70 99 51 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2116 | emitting length of ISAKMP Message: 2144 | **parse ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2144 (0x860) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2116 (0x844) | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 d7 09 00 00 00 30 81 cc 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2f 30 2d 06 03 | cleartext fragment 55 04 03 0c 26 77 65 73 74 2d 73 61 6e 43 72 69 | cleartext fragment 74 69 63 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 31 3a 30 38 06 | cleartext fragment 09 2a 86 48 86 f7 0d 01 09 01 16 2b 75 73 65 72 | cleartext fragment 2d 77 65 73 74 2d 73 61 6e 43 72 69 74 69 63 61 | cleartext fragment 6c 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 27 00 04 f4 04 30 82 04 eb | cleartext fragment 30 82 04 54 a0 03 02 01 02 02 01 15 30 0d 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 ac 31 0b | cleartext fragment 30 09 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 | cleartext fragment 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 | cleartext fragment 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 | cleartext fragment 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 | cleartext fragment 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 | cleartext fragment 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 | cleartext fragment 23 06 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 | cleartext fragment 6e 20 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 | cleartext fragment 69 6e 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 09 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 | cleartext fragment 31 39 30 39 31 35 31 39 34 34 35 39 5a 18 0f 32 | cleartext fragment 30 32 32 30 39 31 34 31 39 34 34 35 39 5a 30 81 | cleartext fragment cc 31 0b 30 09 06 03 55 04 06 13 02 43 41 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | cleartext fragment 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | cleartext fragment 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | cleartext fragment 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | cleartext fragment 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | cleartext fragment 6e 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 | cleartext fragment 74 2d 73 61 6e 43 72 69 74 69 63 61 6c 2e 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 31 3a 30 38 06 09 2a 86 48 86 f7 0d 01 | cleartext fragment 09 01 16 2b 75 73 65 72 2d 77 65 73 74 2d 73 61 | cleartext fragment 6e 43 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | cleartext fragment eb 62 b1 e0 cd a6 d5 d1 31 f7 ad 49 9b d1 af d8 | cleartext fragment 79 c9 1c 6e 67 4c f8 3d cf 74 c2 9c 04 f9 a0 96 | cleartext fragment c1 d2 86 56 47 7c ed 79 09 62 86 a2 c7 c8 b8 49 | cleartext fragment ae 0e 6b ea 41 16 4b ce b2 c6 a2 8e 03 ae 4f 51 | cleartext fragment 60 b2 b6 2c 98 2d 49 c3 ca 47 c6 cd 82 71 5b d9 | cleartext fragment e1 3a f4 18 ba 69 b4 83 8c 06 e6 59 37 93 69 19 | cleartext fragment 72 68 45 75 43 2c 2b 03 1f 7a 6f 75 49 fb d4 5c | cleartext fragment da 8a 48 0c 54 4f b3 c6 f0 29 6b b0 b5 38 0a 36 | cleartext fragment 52 08 53 26 b5 33 c9 c0 c3 8c e8 02 51 dc 8a 52 | cleartext fragment 0f 85 0c 8e b5 41 55 8c 05 42 70 3f 42 a6 af e2 | cleartext fragment be ea 19 bd c8 aa cc 62 a2 77 47 3c fd 35 23 c0 | cleartext fragment d9 91 ad 68 cf 1e 06 0c 14 ec f4 87 e0 3c 15 c3 | cleartext fragment da 84 2a 6d d2 67 94 58 19 a0 2a 9f 48 7c 9d ee | cleartext fragment c5 e0 8b f3 e0 b5 f8 24 c5 01 dc 2d 4b 7d 70 7b | cleartext fragment 17 29 84 2a 6d f7 19 fc 75 ee ba 02 8a 58 04 c2 | cleartext fragment 4e 8e e5 de 04 ed ab 05 37 96 b7 c2 0c 45 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 9a da ba 10 f7 1c 0c 10 0c d0 c2 cd a2 10 d0 06 | cleartext fragment 15 e0 c6 d1 64 3e 98 35 be 1d 98 37 c9 23 8d 43 | cleartext fragment 5e c7 3c cd f1 63 a7 42 80 0a fe 01 44 4b ba 0a | cleartext fragment ba 17 fe b2 82 f4 63 6e 25 2f 18 da 25 cc 18 e3 | cleartext fragment 89 66 9a fd f0 87 79 87 ad 4e b7 20 e3 ca 6f 34 | cleartext fragment 31 b0 ef 4f 60 2a 3c b8 f9 62 13 3c ae c9 0a 63 | cleartext fragment 41 52 eb f1 7b ce c9 20 41 4d d3 54 cf ac e1 8e | cleartext fragment ab aa 03 eb a9 26 32 f2 36 f4 75 ca 63 1e 8e 7d | cleartext fragment be 37 02 03 01 00 01 a3 81 f2 30 81 ef 30 09 06 | cleartext fragment 03 55 1d 13 04 02 30 00 30 34 06 03 55 1d 11 01 | cleartext fragment 01 ff 04 2a 30 28 82 26 77 65 73 74 2d 73 61 6e | cleartext fragment 43 72 69 74 69 63 61 6c 2e 74 65 73 74 69 6e 67 | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 0b | cleartext fragment 06 03 55 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 | cleartext fragment 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 | cleartext fragment 06 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b 06 | cleartext fragment 01 05 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 | cleartext fragment 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e | cleartext fragment 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | cleartext fragment 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 | cleartext fragment 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c | cleartext fragment 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 13 | cleartext fragment f1 a5 a5 09 f5 d4 8c e3 41 7a 5e 7c bc a7 a7 3b | cleartext fragment 4b ea f6 48 75 0a 5b 93 7c b8 64 28 ed 69 63 3f | cleartext fragment 52 2c 82 78 27 ac 3f 48 58 f8 01 de 3b 7e b4 6d | cleartext fragment 31 eb 38 1d 7b 86 8e 1d f8 2d cd a7 bc a2 1b 70 | cleartext fragment d5 b3 0f 8a f4 19 fc 5b 0a 89 c9 5d 6b 53 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 0e b2 16 da 15 44 21 49 8c 0c c2 08 f7 cf 6b fe | cleartext fragment eb 18 2f 33 d1 34 aa 8c 9d f6 f3 11 60 43 a3 b9 | cleartext fragment 0a a0 1d 01 c0 29 29 dd 79 51 d6 9f b6 a9 11 db | cleartext fragment e2 21 00 01 88 01 00 00 00 5d 48 d0 e7 5a c9 5d | cleartext fragment cc 70 9f b4 77 f8 2e 13 46 42 fb 86 cd 38 18 0c | cleartext fragment e5 3d 87 f2 38 f9 fe 0d 2b dd 41 c7 8f 0a 61 8d | cleartext fragment 0f 8a 6d 3c c4 90 5a 6c 4a d1 66 9d 42 fc ab 22 | cleartext fragment 9b 7b 53 b6 d5 c3 0f 25 11 91 bf 11 a1 1c 66 ac | cleartext fragment a3 ce 55 a3 85 57 3f 39 db ef 63 3d 0c d4 af 37 | cleartext fragment ed b4 90 b3 35 ad 25 bb 58 57 e1 31 0d 4a 0b 38 | cleartext fragment 85 85 24 f9 9c 2c 31 1d 78 8d 35 64 4f e4 9c 97 | cleartext fragment 6c e1 72 83 1d 24 70 23 02 7c b5 87 ea 28 5f 1f | cleartext fragment 90 85 5f fe 08 52 35 ed 98 e2 b9 6e ce 88 c6 00 | cleartext fragment 65 71 a5 71 62 d6 54 5e c6 f8 74 c8 9b 28 65 ec | cleartext fragment 90 85 03 45 c2 6e 4a 39 43 61 4b fb 18 08 d6 92 | cleartext fragment 21 7f 54 91 3f ea f0 cc 51 6b 08 52 1d e3 fc f2 | cleartext fragment bd e1 4d f0 25 6e 53 08 9c 24 ae ac 18 fc 80 96 | cleartext fragment 02 32 0d fa 38 4c 66 6b b6 95 f6 52 d3 f4 fa f0 | cleartext fragment 07 a6 e9 3f de 00 df 4e 26 c5 f7 96 fa 02 45 e8 | cleartext fragment 6e 42 12 64 2f 1a 73 7e 8c b7 5b 62 51 34 55 c4 | cleartext fragment 35 54 88 10 e2 80 06 d2 48 50 ff e4 35 c0 66 98 | cleartext fragment 50 9d c7 73 25 47 58 b1 db bc 8b 66 7e 16 aa da | cleartext fragment ea 91 da 95 30 32 44 d4 27 22 f5 a2 ba 9f df b5 | cleartext fragment cf e0 12 69 df 9d 74 21 4c a2 40 f2 c3 7d ab ed | cleartext fragment 5c 0a 3d 77 f3 bc 15 39 37 f1 2b 70 fb 3a 27 36 | cleartext fragment 31 89 2d 84 f4 a0 bf 65 08 af c6 f3 be 1d 38 8a | cleartext fragment 42 1e 05 b0 20 d9 dc e6 47 77 29 34 49 a4 ca 67 | cleartext fragment bf 41 af 41 cb 93 11 84 dd 2c 00 00 a4 02 00 00 | cleartext fragment 20 01 03 04 02 2d 70 99 51 03 00 00 0c 01 00 00 | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 175 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 00 20 02 03 04 02 2d 70 99 51 03 00 00 0c 01 | cleartext fragment 00 00 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 | cleartext fragment 00 00 30 03 03 04 04 2d 70 99 51 03 00 00 0c 01 | cleartext fragment 00 00 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 | cleartext fragment 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 | cleartext fragment 00 00 30 04 03 04 04 2d 70 99 51 03 00 00 0c 01 | cleartext fragment 00 00 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 | cleartext fragment 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d | cleartext fragment 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 | cleartext fragment 01 02 2d c0 01 02 2d 00 00 00 18 01 00 00 00 07 | cleartext fragment 00 00 10 00 00 ff ff c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 208 | emitting length of ISAKMP Message: 236 | suspend processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #16: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #16 to 0 after switching state | Message ID: recv #15.#16 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #15.#16 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-sanCritical" #16: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 02 aa 98 60 9c 7c 4f b4 c8 d2 4c ea | dd 73 c8 08 56 9b 4c 24 02 d2 de ca 34 10 2e df | 57 aa 6d 3a 47 6a 11 01 43 62 7d 79 76 19 f1 dc | 37 91 ed cb 92 30 9b 82 1a bf e4 2e 02 7a 00 25 | 05 cb 0a a4 a2 47 49 43 7a e9 1a 7e 3e e1 99 12 | 50 1e be 36 8e 8e 43 c7 15 31 1b a6 76 49 06 5a | 65 3f a9 a0 ad 42 a2 ae e9 8d 87 d4 82 f7 1c b6 | 9e 58 7d 57 75 49 aa 61 75 b3 3a 2f bd d0 56 13 | 99 8f d6 7d 0c 8b 6f 02 65 07 6a 50 c4 9d c5 30 | 20 5c 06 12 28 f6 9b 19 4d df 80 7b 95 8d 95 60 | 77 c1 3f 7d b8 f1 5e a7 f8 be 98 ee b1 43 9b 40 | bf 21 da eb 44 94 eb 08 3b 59 4d 10 4f 2a 3b 5a | a9 6e 71 11 31 9b 5f fe 4f 50 56 5c 7e 15 82 76 | 9d f8 32 10 e8 3f b6 6d 2e 34 3a a9 6e 10 9e c5 | b6 ea b9 b8 8f 3d b6 b4 dc 94 a7 ec 91 64 9d 66 | 06 81 aa 8a 6e 07 b4 5b 8e cf 71 c5 a0 47 cb 14 | 3c 2a 84 5e 9b 23 97 2a e6 8d ad d1 af b1 2d 04 | 0c 8b ca b6 06 fc 82 fc 82 86 a8 dc 24 32 09 49 | d4 fe 83 a5 98 85 a3 c2 fe 19 1e a0 2b b3 92 b2 | 28 6d f1 e2 f4 07 37 15 dc 4b 36 b3 0a 74 eb e0 | 3d 20 dd bc 1b f1 dc 80 2d 65 00 3c 05 c2 76 aa | 87 5f 40 73 4a 46 84 43 7d 8a 91 5a 63 7f ef b4 | db 6b 37 76 7b bd 28 39 bb 70 8d ab b8 77 07 9a | 2a d9 b5 ea 69 68 b5 b3 94 a9 a8 27 df de 54 0b | 75 2f 6c 17 b1 6a da b6 90 be 68 2a 6e 0a 4b bf | b1 e1 9c dc f5 42 63 bd e3 8b cf 4c 1a 2f 1b d5 | 4a 4a 65 79 8c 0e 2a 4f 1d 0e 81 e3 dc 7f c0 8f | 4c 63 29 be 37 82 83 7d 01 26 2b 49 86 3b 2c 44 | 37 d0 26 90 cb 7e dd a8 8a 67 ac f5 0c 84 1b 5a | fb db 80 7a cb 97 ce f2 84 43 7b 7f f1 46 e8 e1 | 8b d9 e4 6e cc ee a0 be 04 b3 57 5d 07 94 00 c9 | 6a 25 aa fb e4 b8 44 35 20 ec 22 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 8c 9d 41 66 0a ae 3a d7 b2 1c 2b 82 | d9 ee db 59 4c 00 e4 a3 82 a6 83 1e 9c e5 61 e1 | bd 18 27 e1 36 c4 b4 db 66 2f 07 59 e0 ed 4f 4f | c3 77 7d 1f 3d 19 c5 70 10 32 35 21 bb 57 01 c8 | bf 8a 4c 0e 65 d5 70 f4 aa fd 1f f4 58 4c bb 0c | 1a bd 35 a1 5f 46 03 f5 50 06 68 8d ea 42 36 61 | 21 49 f8 80 e9 dc e3 74 c5 d2 fa 8e 75 71 a9 43 | 45 d7 69 98 0b de 0b 10 ad 5d 98 11 a4 66 60 58 | 9c 8e 1d 1d af a3 42 c8 5c ea 31 75 ca f5 e3 cf | 5c f7 ca 4e 97 c2 7a 6b bd 28 06 6a eb e5 32 66 | ea f5 d5 79 bf 5e dd 88 85 b5 dd 33 14 c8 27 d1 | b4 b3 67 a8 5e 5c 5b 86 7e 2c 85 fa 3a e9 42 0a | a0 e9 f5 98 0f 91 03 af 58 45 06 20 b6 dd e1 00 | e6 1c c1 bc aa 87 08 ec 6a 02 4c fd b5 3e 69 06 | eb a3 b5 e9 8b 97 4d b1 38 52 e1 60 cb 08 af 88 | fc eb 8a 52 e9 84 24 84 bb 67 d4 eb 92 d4 8d 1b | 97 50 c8 ad 5d eb 78 7d d6 08 02 a4 4d ed d3 ee | f4 ec 4a 6d bb 89 ae 12 65 29 2b 5d d1 09 ba 18 | d4 29 8e 3f 6a f0 e6 8e c8 0a 85 ea f0 bd 90 96 | 4b 88 b9 ef 78 9a 41 96 f6 af 28 84 0b d4 b5 d7 | 72 bf 3d 21 6d f3 6a 6b f1 3c f3 74 c8 ec 69 8b | 8f c9 64 87 33 91 48 26 68 79 4c 86 86 84 6c ec | e1 09 30 1a 70 88 2f 83 11 63 e2 b6 fe 16 b7 68 | ed 58 39 07 aa 5f 29 71 25 ac 30 db 7d f7 f2 d5 | 28 2b b1 60 7c cc 1e e6 09 0e 9f 1c 6a e8 15 f0 | e0 32 29 91 8c d8 06 95 05 f2 d1 18 4d c4 b2 da | b8 67 c0 a6 97 39 8a 52 78 00 e9 0b f7 f3 21 3c | 14 4f e8 3c 95 c2 05 4d 31 1c 90 95 d8 2c 5c 71 | ca bc 3c 89 a0 6d 5d 1d 0e f7 93 eb ea 51 84 45 | 21 00 19 43 6a d4 b0 49 85 40 18 7c 50 ce 4c 67 | 38 71 f1 41 47 3e 1d 41 89 6f 6a 88 c9 f8 54 7a | 82 4d c3 c0 51 c2 54 da 48 1f fa | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 79 c6 19 54 6b 8b b1 17 01 8c 25 cc | c4 3f f1 d5 94 f9 e6 b6 e3 8a ef 66 29 d9 02 21 | 04 63 bd 3d 40 f0 9d 76 8b ec 2e dc 51 14 62 72 | cb da 98 c4 52 df d0 01 66 cf a3 89 d9 4e 4a 9f | 2e 3c 4d d7 5c de e6 20 8d 1f 07 fd 3d cb b6 4e | a1 38 63 85 e0 ef c1 eb 5a e5 03 0f 24 4d a4 56 | b2 a1 ef 0b fc ec be bb 28 99 92 05 16 1e 43 28 | e1 77 f4 15 bb 0a 9d e0 99 dc 74 6a d8 64 be d1 | bd 5a ca 76 d1 1b 18 93 ce 7b de c9 a3 df 29 ee | 5c cb ce 63 12 07 be ef 1c a7 da 5f 16 91 8a 42 | b0 9b 80 6c ce f7 6e 6d fd 6c a5 5f be c7 6d 42 | 5c 94 f1 74 95 11 a4 20 56 19 d0 6b 04 6c 4f 05 | f1 f5 22 a1 69 d1 8f 00 f0 78 1b 97 a5 17 5b 8c | 05 58 9d 85 99 83 4a d2 f1 52 4a fd d1 d0 7a 16 | 2a 3c 07 bb ce d9 77 3c 6e 75 d9 45 0f 0d 37 e8 | 75 6d 09 ea c5 55 9d 03 8b d8 d9 58 3a 27 1a 66 | 7d e8 c4 35 0d a0 e6 cb 8f 60 1d ae 6b 5e c9 7d | 99 4f 73 5b 66 1b 45 65 ba 01 f2 a6 3b 17 36 31 | 80 65 af 4e 7c 3f 26 48 0e b4 28 c2 68 45 3e 79 | cc e5 6d 77 03 eb f5 04 30 97 4a 35 4e 30 ed bc | 45 a2 6f bb 62 32 51 ae 92 5a db 32 c8 44 5a bc | 33 dd 25 d2 dd ce 5a 00 06 f2 65 90 7f f7 9a 91 | c3 04 b4 a9 d1 e2 13 9f 29 05 e0 fc 72 22 fe d8 | 89 f4 40 41 f7 0e 93 27 fe 08 d2 19 a2 70 73 0d | b0 b6 22 80 2e 0d 2e 73 99 67 23 b6 53 57 7e de | 74 8e c6 10 50 c4 bd 15 80 e8 7f b3 62 3c 86 a0 | 03 4e 35 8f 10 d6 56 21 88 14 1b 2a 69 c7 25 ad | 16 d5 87 72 48 c7 53 82 81 50 f2 eb 38 42 ab 88 | 32 d3 1e c1 67 37 53 db a8 36 41 81 39 6b 86 11 | 83 79 54 73 e9 9a b9 34 33 d4 22 09 35 1b 3f 20 | 2a eb f9 52 5e a9 90 98 47 f0 bc 28 19 da c5 26 | 5d b7 06 4b d6 05 61 14 13 6a 21 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 6a f0 b0 0c 01 f0 3b bd db 42 54 0a | 5c cd 5a 23 28 f6 b2 65 48 64 54 bc 70 9d 46 4e | ba 05 26 de a2 95 6b 65 c4 70 36 de ec 85 7d ef | 7b e9 5b bc 82 da 7e 6e e6 52 06 68 48 b9 d2 4c | 1b 15 52 73 f7 49 bd d3 77 be da 2d 98 3d 73 f4 | 09 27 a3 59 67 da cd a8 81 84 b3 38 06 5c 31 f8 | f3 76 7d b2 82 28 00 68 f9 cc 1e c4 85 a5 02 bb | 7e 1a 81 f6 43 3e 0e 4d 19 e3 12 23 6b 1a 6e c6 | a5 30 37 68 6c f4 8e 29 6c b8 cd 1b 70 cf a7 2a | 7c 83 49 84 88 e6 ac d9 9d cf 50 76 03 ef 50 64 | cb a0 6c d7 c3 ed e5 64 e8 48 ae a0 91 78 73 05 | d4 5a b7 a8 de 21 54 32 fc dd 3c b3 35 06 96 2c | 67 fb f8 59 73 7f e5 64 e6 59 6b 85 72 f8 84 d9 | d3 84 33 27 56 72 42 6a 57 55 68 30 5e e0 7e 62 | e2 e9 b6 30 82 a5 a6 fe c9 5d 66 7a be 77 77 37 | 9c cd f2 42 d4 ae cc 10 c0 91 10 04 7d 3f 88 a1 | 1a 4e 03 40 ef 9a bd da 7d 9c e6 16 ab 19 8e 7a | d6 45 08 26 ce bb 00 83 61 04 5d 07 5d 51 36 46 | c9 99 d0 9a f4 c1 82 02 59 61 b4 eb 4e 55 a8 39 | 05 73 3b 89 1e 72 02 96 17 ba 89 30 f5 ff c9 90 | 84 6f 98 44 d6 b9 51 9b d8 6d 51 c7 20 b4 f4 77 | 8b 6b c3 8a f2 50 35 64 f1 1b 46 3f f3 5d d8 9e | 23 76 81 81 8a b2 f7 77 c1 6c 45 c2 0e 33 9d 5f | 44 2b f1 b2 5f fd ee 31 66 80 c1 f0 b7 fa c7 96 | 66 e4 54 9c 4f 0e 6c 34 d3 b0 d8 10 b2 c8 56 2c | c4 64 64 ed e1 81 ec f4 2b 3c 1d 4d be b2 e6 43 | b8 9d a2 ac e9 f6 60 d0 0f cc de 3c 00 27 65 22 | 05 ff 3f c1 21 d2 a8 e7 6b 38 b0 a7 14 bc af f5 | c3 9d c3 12 07 05 76 75 f8 e0 c5 43 70 d1 f3 0c | 89 11 35 4f 0a 38 f5 7d f5 ff db 40 f5 43 61 bf | fc 4f 49 9b b7 9c 8a 53 4e 37 9c 14 72 8c 86 71 | 0e 49 40 51 58 8c 41 9e 6b 8b 5f | sending 236 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 35 20 23 08 00 00 00 01 00 00 00 ec 00 00 00 d0 | 00 05 00 05 da 4d e3 69 62 e9 1a 8e c8 21 d0 cd | 66 37 db c8 26 eb 6f 53 ad ee c9 9e e4 19 9e 20 | df 9e 0f 87 47 b5 fc 6d dc dc 53 c8 59 df e2 a1 | 25 1a 8f 25 74 d7 22 d2 49 d3 8b ef 14 e9 51 12 | 3e 92 dc 14 a4 dc bb c4 d3 13 32 49 36 5d c8 c2 | af 79 c3 e5 5e 13 3b 83 13 6c ce a4 d5 4d af c2 | 82 4a b2 e3 49 2d db 25 a1 d2 6f 3e 8c f9 7b 93 | e8 d2 7a e8 f0 06 2f 14 f9 5c 9a 9c 96 88 3d 2d | 84 9f 5f af 81 de 0a 32 9f 60 89 6e 0f 97 62 8a | d8 39 3c 9d 4b e9 83 eb 94 34 1e f2 32 ef 0f 42 | 5c 9d 09 34 8c 59 78 09 32 45 07 ef 84 01 c6 3b | 0e bf 6d 5a 65 cf 95 46 b6 0e 1e c9 1c 0c 4f 18 | 09 3f 5a 82 a4 47 5c 14 7e 64 94 3e | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-sanCritical" #16: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c81b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f207c004470 size 128 | #16 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48998.428666 | resume sending helper answer for #15 suppresed complete_v2_state_transition() | #15 spent 1.05 milliseconds | #15 spent 8.18 milliseconds in resume sending helper answer | stop processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2088008980 | spent 0.00258 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | e4 44 f5 ac a6 6c 70 e6 eb 8a 0a 28 90 23 f2 93 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 2d 45 1f eb 54 73 29 9a cd f4 a9 f0 12 79 04 fd | 8c fa 14 70 ac 6f 79 2b e0 cd 42 71 09 04 64 a7 | fb | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | e4 44 f5 ac a6 6c 70 e6 | responder cookie: | eb 8a 0a 28 90 23 f2 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #15 in PARENT_I2 (find_v2_ike_sa) | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #16 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #16 is idle | #16 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #16 in state PARENT_I2: sent v2I2, expected v2R2 | #16 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-sanCritical" #16: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #15 ikev2.ike failed auth-failed "west-sanCritical" #16: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #16 fd@25 .st_dev=9 .st_ino=1700419 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #15 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f207c004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c81b0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c81b0 | inserting event EVENT_RETRANSMIT, timeout in 59.996289 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f207c004470 size 128 "west-sanCritical" #16: STATE_PARENT_I2: suppressing retransmits; will wait 59.996289 seconds for retry | #16 spent 0.0701 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #15 spent 0.213 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.224 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-sanCritical" (in terminate_a_connection() at terminate.c:69) "west-sanCritical": terminating SAs using this connection | connection 'west-sanCritical' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #16 | suspend processing: connection "west-sanCritical" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #16 ikev2.child deleted other | #16 spent 0.0701 milliseconds in total | [RE]START processing: state #16 connection "west-sanCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-sanCritical" #16: deleting state (STATE_PARENT_I2) aged 0.075s and NOT sending notification | child state #16: PARENT_I2(open IKE SA) => delete | child state #16: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #16 requesting EVENT_RETRANSMIT to be deleted | #16 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f207c004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c81b0 | priority calculation of connection "west-sanCritical" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-sanCritical" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-sanCritical | State DB: deleting IKEv2 state #16 in CHILDSA_DEL | child state #16: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #16 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #15 | start processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #15 ikev2.ike deleted auth-failed | #15 spent 12.6 milliseconds in total | [RE]START processing: state #15 connection "west-sanCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-sanCritical" #15: deleting state (STATE_PARENT_I2) aged 0.082s and NOT sending notification | parent state #15: PARENT_I2(open IKE SA) => delete | state #15 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2090001350 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a5e6730 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-sanCritical | State DB: deleting IKEv2 state #15 in PARENT_I2 | parent state #15: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #15 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-sanCritical" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-sanCritical' wasn't on the list | stop processing: connection "west-sanCritical" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.298 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical" (in initiate_a_connection() at initiate.c:186) | connection 'west-ekuCritical' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #17 at 0x56366a5a3770 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-ekuCritical" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-ekuCritical" IKE SA #17 "west-ekuCritical" "west-ekuCritical" #17: initiating v2 parent SA | constructing local IKE proposals for west-ekuCritical (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-ekuCritical": constructed local IKE proposals for west-ekuCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 17 for state #17 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f207c004470 size 128 | #17 spent 0.156 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-ekuCritical" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.221 milliseconds in whack | crypto helper 4 resuming | crypto helper 4 starting work-order 17 for state #17 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 17 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 17 time elapsed 0.000991 seconds | (#17) spent 0.99 milliseconds in crypto helper computing work-order 17: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 17 for state #17 to event queue | scheduling resume sending helper answer for #17 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #17 | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 17 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #17 | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-ekuCritical (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 31 32 cd e5 ae e0 80 fd ca 06 10 e9 ca 9a a3 fb | ikev2 g^x 78 9b 39 d2 02 86 fc e7 c7 ff 15 49 86 16 c4 dc | ikev2 g^x 6c c1 97 8c 09 a1 5e ef 32 91 ad fa 4d 53 77 ec | ikev2 g^x 24 2f 79 a8 93 90 de 60 61 20 12 08 31 92 c0 65 | ikev2 g^x 69 b3 07 68 56 ed bc f5 2a c5 53 a3 b0 ca c4 39 | ikev2 g^x 77 ad ac 19 f1 05 d0 ef 3d 94 eb 6b 9b 62 73 53 | ikev2 g^x 25 9f ab 92 84 e4 43 11 bb aa c2 ac 80 f3 99 b8 | ikev2 g^x 4b d8 4d 9d a4 e8 c9 66 e7 94 48 ff 51 68 35 70 | ikev2 g^x 2e cf 35 3d bd 1f 8a c9 e8 ce 1b 58 9f 52 92 d1 | ikev2 g^x 7f 67 bd 68 f1 52 6f 34 eb 59 49 12 c3 53 e6 db | ikev2 g^x 94 ba a0 3e 17 0d 99 c8 16 88 bf d3 71 b3 0b 85 | ikev2 g^x fa ab 6d 68 ce 76 10 0e 5c a5 ff 02 1c b5 5f a3 | ikev2 g^x 4b ee 19 67 5e 27 1f d9 47 4e 5e dc c0 c9 37 ff | ikev2 g^x 86 b9 cd 3f ec 02 46 8c 16 3c c2 92 a8 29 a3 33 | ikev2 g^x 80 0d 5e b7 f4 20 a6 b4 f5 ca b6 03 7f 71 f4 46 | ikev2 g^x 7f 62 b8 e6 ad 15 a6 f0 e8 a1 f0 f0 01 3f ea 1b | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 97 e6 47 56 ce e9 c3 da db 27 e4 92 0f 9d 02 fe | IKEv2 nonce 84 54 f1 47 86 78 22 14 5a 4b 97 7a 9f a2 43 df | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 1d 7f e5 62 25 d5 b9 6e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= e6 45 be 91 e5 af 1c c4 02 ad 0c a4 a1 26 91 20 | natd_hash: hash= 27 a2 02 34 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e6 45 be 91 e5 af 1c c4 02 ad 0c a4 a1 26 91 20 | Notify data 27 a2 02 34 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 1d 7f e5 62 25 d5 b9 6e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a3 35 9e 0b 25 70 81 27 28 ef 32 4e 33 6b 41 77 | natd_hash: hash= 18 6c 1d 1b | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a3 35 9e 0b 25 70 81 27 28 ef 32 4e 33 6b 41 77 | Notify data 18 6c 1d 1b | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #17: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #17 to 4294967295 after switching state | Message ID: IKE #17 skipping update_recv as MD is fake | Message ID: sent #17 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-ekuCritical" #17: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 7f e5 62 25 d5 b9 6e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 31 32 cd e5 ae e0 80 fd | ca 06 10 e9 ca 9a a3 fb 78 9b 39 d2 02 86 fc e7 | c7 ff 15 49 86 16 c4 dc 6c c1 97 8c 09 a1 5e ef | 32 91 ad fa 4d 53 77 ec 24 2f 79 a8 93 90 de 60 | 61 20 12 08 31 92 c0 65 69 b3 07 68 56 ed bc f5 | 2a c5 53 a3 b0 ca c4 39 77 ad ac 19 f1 05 d0 ef | 3d 94 eb 6b 9b 62 73 53 25 9f ab 92 84 e4 43 11 | bb aa c2 ac 80 f3 99 b8 4b d8 4d 9d a4 e8 c9 66 | e7 94 48 ff 51 68 35 70 2e cf 35 3d bd 1f 8a c9 | e8 ce 1b 58 9f 52 92 d1 7f 67 bd 68 f1 52 6f 34 | eb 59 49 12 c3 53 e6 db 94 ba a0 3e 17 0d 99 c8 | 16 88 bf d3 71 b3 0b 85 fa ab 6d 68 ce 76 10 0e | 5c a5 ff 02 1c b5 5f a3 4b ee 19 67 5e 27 1f d9 | 47 4e 5e dc c0 c9 37 ff 86 b9 cd 3f ec 02 46 8c | 16 3c c2 92 a8 29 a3 33 80 0d 5e b7 f4 20 a6 b4 | f5 ca b6 03 7f 71 f4 46 7f 62 b8 e6 ad 15 a6 f0 | e8 a1 f0 f0 01 3f ea 1b 29 00 00 24 97 e6 47 56 | ce e9 c3 da db 27 e4 92 0f 9d 02 fe 84 54 f1 47 | 86 78 22 14 5a 4b 97 7a 9f a2 43 df 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 e6 45 be 91 | e5 af 1c c4 02 ad 0c a4 a1 26 91 20 27 a2 02 34 | 00 00 00 1c 00 00 40 05 a3 35 9e 0b 25 70 81 27 | 28 ef 32 4e 33 6b 41 77 18 6c 1d 1b | state #17 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f207c004470 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuCritical" #17: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c81b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f207c004470 size 128 | #17 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49000.672509 | resume sending helper answer for #17 suppresed complete_v2_state_transition() and stole MD | #17 spent 1.55 milliseconds in resume sending helper answer | stop processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f208c001350 | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 46 f6 2b 1c | f6 c7 e6 43 db d4 4d bd 50 72 e2 57 62 d3 37 ec | 35 4f 4b 7a 81 04 d3 2c 7a 7a c1 df 71 07 d0 49 | 09 11 14 f4 1c f1 e7 a9 fc d0 4c 74 fb 37 ca f1 | e0 09 92 a3 7e 75 2b a0 9a 22 99 98 24 af 17 7f | e1 93 d8 50 7f 12 de bb f6 20 19 21 30 62 e8 43 | e1 c6 72 a4 26 56 a9 2e e8 b4 76 bf 67 80 63 15 | 00 77 b6 eb 21 db 32 60 41 55 2c 36 6c eb b5 10 | 47 c2 cc 74 82 a9 54 4b b3 fb b9 f8 c9 57 e2 27 | 26 ff 9e 67 66 a0 6e 0b 71 6e ee a3 04 b5 bf 62 | 7c 8b e7 b1 4c 05 52 f6 ca 13 de bd 86 2e bd a8 | 4c 13 70 83 2f 22 2d 4e 9c 0c bb ea 17 96 f9 3a | c3 ba e0 3b 35 46 0a 2b f4 b7 b8 f1 fe ef 68 e2 | 4a ac 28 a5 24 6c 7c b2 cf 2f bf df cf 5d 02 18 | 63 ff 6a 14 07 6d c8 c6 30 87 20 5c ba ac 03 e8 | a8 2f 4b 6a 3b f1 a4 3d 74 1a f4 4e 6a 71 98 a7 | b8 55 ae 61 3c 0e 94 7c ee aa 93 17 29 00 00 24 | 1f a3 b2 f6 ac 8d 8b 48 93 dc b7 27 d3 fd ff 8e | 63 4a 1c e7 89 e8 d4 b6 82 d3 ff 07 04 f4 55 2b | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 0c 40 9c de e4 f6 ed 38 67 f0 60 2f 05 95 4c ac | 3a 4b 76 de 26 00 00 1c 00 00 40 05 3a 18 4f eb | 1a 5e bf 52 13 a4 53 10 58 3f 3e ed 22 44 e5 b0 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #17 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #17 is idle | #17 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #17 IKE SPIi and SPI[ir] | #17 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-ekuCritical (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 1d 7f e5 62 25 d5 b9 6e | natd_hash: rcookie= 48 78 23 82 85 de 15 e6 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 3a 18 4f eb 1a 5e bf 52 13 a4 53 10 58 3f 3e ed | natd_hash: hash= 22 44 e5 b0 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 1d 7f e5 62 25 d5 b9 6e | natd_hash: rcookie= 48 78 23 82 85 de 15 e6 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 0c 40 9c de e4 f6 ed 38 67 f0 60 2f 05 95 4c ac | natd_hash: hash= 3a 4b 76 de | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 18 for state #17 | state #17 requesting EVENT_RETRANSMIT to be deleted | #17 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f207c004470 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c81b0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | #17 spent 0.264 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 2 resuming | [RE]START processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 2 starting work-order 18 for state #17 | #17 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 18 | suspending state #17 and saving MD | #17 is busy; has a suspended MD | [RE]START processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-ekuCritical" #17 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #17 spent 0.573 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.586 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 18 time elapsed 0.004414 seconds | (#17) spent 1.39 milliseconds in crypto helper computing work-order 18: ikev2_inR1outI2 KE (pcr) | crypto helper 2 sending results from work-order 18 for state #17 to event queue | scheduling resume sending helper answer for #17 | libevent_malloc: new ptr-libevent@0x7f2080006170 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #17 | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 18 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #17: calculating g^{xy}, sending I2 | creating state object #18 at 0x56366a5c49b0 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.child started | duplicating state object #17 "west-ekuCritical" as #18 for IPSEC SA | #18 setting local endpoint to 192.1.2.45:500 from #17.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #17.#18; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #17 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #17.#18 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #17 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f208c001350 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a5c81b0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | parent state #17: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 207 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 cc 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 | my identity 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2e 74 65 | my identity 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | my identity 6f 72 67 31 3a 30 38 06 09 2a 86 48 86 f7 0d 01 | my identity 09 01 16 2b 75 73 65 72 2d 77 65 73 74 2d 65 6b | my identity 75 43 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e | my identity 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 215 | Sending [CERT] of certificate: E=user-west-ekuCritical@testing.libreswan.org,CN=west-ekuCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1266 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 ee 30 82 04 57 a0 03 02 01 02 02 01 1b | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 cc 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 | CERT 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 31 3a 30 38 06 09 2a 86 48 86 f7 | CERT 0d 01 09 01 16 2b 75 73 65 72 2d 77 65 73 74 2d | CERT 65 6b 75 43 72 69 74 69 63 61 6c 40 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 | CERT 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 | CERT 81 00 ba b1 6c 0a 45 98 40 87 ef a2 34 89 d5 db | CERT 9a ff 87 ed 65 50 52 e8 a1 ec 1f d2 e1 9d c7 f5 | CERT ce 3d a7 bd 41 f5 3e 96 b6 7f cb 79 76 9e 5e ec | CERT ce 3a ab b1 9c f3 83 55 18 58 d5 31 0e 28 0e 36 | CERT 26 d0 84 14 dc cc 71 a1 18 4a 6f f0 56 26 65 2f | CERT db 87 6e c6 ba 06 31 38 d2 39 3f 28 1a 6f 9a 6b | CERT 26 e0 44 26 c8 6e 84 47 8c 6d 59 46 24 a4 51 1b | CERT 35 3c 6a 64 8f 95 84 f5 06 4a 0f fd bd d5 20 dc | CERT b7 f3 cf 92 c4 40 cc d2 b9 70 2a 23 3e 57 d5 b8 | CERT 5f 87 e0 5c ea 2c fb 85 b0 fb 2b 46 1e 9b 95 92 | CERT 05 40 a8 6d 7b 42 2e 93 97 f7 37 05 4c 4b 5c 35 | CERT 2c d2 a1 05 82 0c c3 b3 d5 57 90 11 bd 2c 93 dd | CERT f8 d9 2c ad b1 e7 f3 48 27 9c 30 13 9d 5e 27 e4 | CERT ed a4 50 45 b5 d9 e6 7d 5f e3 e1 91 32 fa 9c 0f | CERT bf 6f a3 d0 f2 63 06 df 45 50 60 16 b3 c0 74 32 | CERT 51 e8 30 4e 9b 2b 2d 76 67 da d8 79 61 bf 22 4c | CERT 19 8a fc 1e 7a b8 bc 66 8e 3c dc 15 ce ec 19 17 | CERT b5 58 27 c2 76 90 07 43 06 ef 53 5e ba 6c 5a 0c | CERT c5 e5 1c e3 bc 35 40 56 20 0a a8 c2 01 b5 5d 67 | CERT 15 46 b1 7e f2 b3 47 49 fe 76 46 d0 f6 b2 4d 2f | CERT 82 51 90 3a b5 97 44 86 b6 95 2c 96 20 58 4c 8d | CERT de 2f b7 15 30 0b 3a 09 fc 48 37 12 8d 25 c0 bf | CERT 3f ff a1 b4 9e 88 fc aa 9e b8 33 9b dd 56 a0 e6 | CERT 10 90 b2 60 b8 d7 f7 0e 64 33 ee 2a 6c 36 d8 02 | CERT cf bf 02 03 01 00 01 a3 81 f5 30 81 f2 30 09 06 | CERT 03 55 1d 13 04 02 30 00 30 31 06 03 55 1d 11 04 | CERT 2a 30 28 82 26 77 65 73 74 2d 65 6b 75 43 72 69 | CERT 74 69 63 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 0e 06 03 55 | CERT 1d 0f 01 01 ff 04 04 03 02 07 80 30 20 06 03 55 | CERT 1d 25 01 01 ff 04 16 30 14 06 08 2b 06 01 05 05 | CERT 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 41 06 | CERT 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 | CERT 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a | CERT 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 | CERT 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 | CERT 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 | CERT 81 00 b3 e4 44 c0 ba 1a 8b 81 59 98 76 6b b0 29 | CERT b1 a7 66 bc 39 6b 5c db 53 81 85 37 3d f0 79 04 | CERT dc b3 ef 48 a5 df 4e ea 64 46 f4 f2 b9 ec 7b 30 | CERT 10 fa e6 f7 2d fe 44 48 c1 54 ec 96 4b 0c ba 9e | CERT ad 79 5e 04 cf 4f 41 ca fe 6c c5 15 41 79 a4 34 | CERT 5f fb 48 5d fe 0a 1d 5a 67 03 6e 1f 2f 6c 9c d0 | CERT 37 e1 da e9 29 b3 7f 01 f0 6e 93 fe a7 82 26 3e | CERT b8 95 d5 b8 a0 fa 63 25 da ef 22 5c b2 e4 ae e7 | CERT d6 47 | emitting length of IKEv2 Certificate Payload: 1271 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical.testing.libreswan.org, E=user-west-ekuCritical@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAbqxb | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAbqxb | private key for cert west-ekuCritical not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAbqxb | #17 spent 9.94 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 45 a6 f8 4b e3 bb 82 24 a8 e6 d1 c3 28 58 65 4b | rsa signature bd ee cf a7 19 68 87 31 5b a1 47 e7 96 92 84 0f | rsa signature 06 82 69 63 fe 78 5d 27 c2 b7 93 fc da 97 9b 19 | rsa signature cc 95 57 b0 f2 7e 9a 1d 81 1e 52 b9 29 22 9d ae | rsa signature c4 2b 60 9e 60 f2 9a 32 49 be 85 ec f8 74 ed 29 | rsa signature 25 32 39 f0 fc 0c d0 52 43 cb 58 ed cf 35 3e 54 | rsa signature 7e b3 f9 44 da 24 9e e1 f3 7a a8 0d 8f 82 76 46 | rsa signature 5f 9f 2d b3 16 87 ae 53 58 ea 01 c7 d7 6e 9f f1 | rsa signature 06 bc e1 d4 98 25 70 2c 82 c0 47 3b cc 72 da 49 | rsa signature 6e c0 d4 8d d3 52 a8 16 1f 19 c5 10 74 60 f4 10 | rsa signature 99 a9 83 c1 da b5 24 01 4e 14 52 ae 45 eb f4 23 | rsa signature 62 6a 87 8e 99 38 8e a9 43 84 57 1b 3a 5b ca f4 | rsa signature de 72 b0 a9 f8 0b 1b 3f 8b ef 81 8b 38 32 98 18 | rsa signature 81 b2 8f 66 26 60 01 2f 99 0b af b5 a5 47 e7 8e | rsa signature fd d8 51 7f 9b fe 24 38 f7 0e 4e a6 2c 0f bb 69 | rsa signature 98 51 cb 97 22 78 c5 6e a5 8a 10 b7 d3 bd 40 a7 | rsa signature e5 12 a3 50 ac 0f c0 ad 7a 3c 77 04 6a 64 2c e8 | rsa signature 1f f9 5a b9 6f 4c 04 9d 57 8a 90 47 1e 4b 43 a9 | rsa signature fb 51 8b 44 d1 cd b7 2c 68 58 f1 f0 a2 95 b1 2d | rsa signature 4f 9c 80 83 52 b9 ae 97 78 e9 f8 68 06 ca 48 e2 | rsa signature 87 f3 ae ce 3e 10 f9 8d 3f 30 84 2f 38 4e 5b f4 | rsa signature 2f da fa 7e 99 15 22 02 b6 be 89 d3 7a 76 ce 39 | rsa signature e3 64 1a 64 b2 a8 1e dd 73 91 2d 61 c5 b0 2e 02 | rsa signature 57 63 98 7f 49 62 df 59 ee 76 74 3e fc 8f 12 21 | #17 spent 10.3 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #17 | netlink_get_spi: allocated 0x79c0c95b for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-ekuCritical (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-ekuCritical": constructed local ESP/AH proposals for west-ekuCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 79 c0 c9 5b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 79 c0 c9 5b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 79 c0 c9 5b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 79 c0 c9 5b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2119 | emitting length of ISAKMP Message: 2147 | **parse ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2147 (0x863) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2119 (0x847) | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 d7 09 00 00 00 30 81 cc 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2f 30 2d 06 03 | cleartext fragment 55 04 03 0c 26 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 31 3a 30 38 06 | cleartext fragment 09 2a 86 48 86 f7 0d 01 09 01 16 2b 75 73 65 72 | cleartext fragment 2d 77 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 | cleartext fragment 6c 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 27 00 04 f7 04 30 82 04 ee | cleartext fragment 30 82 04 57 a0 03 02 01 02 02 01 1b 30 0d 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 ac 31 0b | cleartext fragment 30 09 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 | cleartext fragment 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 | cleartext fragment 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 | cleartext fragment 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 | cleartext fragment 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 | cleartext fragment 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 | cleartext fragment 23 06 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 | cleartext fragment 6e 20 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 | cleartext fragment 69 6e 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 09 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 | cleartext fragment 31 39 30 39 31 35 31 39 34 34 35 39 5a 18 0f 32 | cleartext fragment 30 32 32 30 39 31 34 31 39 34 34 35 39 5a 30 81 | cleartext fragment cc 31 0b 30 09 06 03 55 04 06 13 02 43 41 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | cleartext fragment 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | cleartext fragment 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | cleartext fragment 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | cleartext fragment 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | cleartext fragment 6e 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 | cleartext fragment 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2e 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 31 3a 30 38 06 09 2a 86 48 86 f7 0d 01 | cleartext fragment 09 01 16 2b 75 73 65 72 2d 77 65 73 74 2d 65 6b | cleartext fragment 75 43 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | cleartext fragment ba b1 6c 0a 45 98 40 87 ef a2 34 89 d5 db 9a ff | cleartext fragment 87 ed 65 50 52 e8 a1 ec 1f d2 e1 9d c7 f5 ce 3d | cleartext fragment a7 bd 41 f5 3e 96 b6 7f cb 79 76 9e 5e ec ce 3a | cleartext fragment ab b1 9c f3 83 55 18 58 d5 31 0e 28 0e 36 26 d0 | cleartext fragment 84 14 dc cc 71 a1 18 4a 6f f0 56 26 65 2f db 87 | cleartext fragment 6e c6 ba 06 31 38 d2 39 3f 28 1a 6f 9a 6b 26 e0 | cleartext fragment 44 26 c8 6e 84 47 8c 6d 59 46 24 a4 51 1b 35 3c | cleartext fragment 6a 64 8f 95 84 f5 06 4a 0f fd bd d5 20 dc b7 f3 | cleartext fragment cf 92 c4 40 cc d2 b9 70 2a 23 3e 57 d5 b8 5f 87 | cleartext fragment e0 5c ea 2c fb 85 b0 fb 2b 46 1e 9b 95 92 05 40 | cleartext fragment a8 6d 7b 42 2e 93 97 f7 37 05 4c 4b 5c 35 2c d2 | cleartext fragment a1 05 82 0c c3 b3 d5 57 90 11 bd 2c 93 dd f8 d9 | cleartext fragment 2c ad b1 e7 f3 48 27 9c 30 13 9d 5e 27 e4 ed a4 | cleartext fragment 50 45 b5 d9 e6 7d 5f e3 e1 91 32 fa 9c 0f bf 6f | cleartext fragment a3 d0 f2 63 06 df 45 50 60 16 b3 c0 74 32 51 e8 | cleartext fragment 30 4e 9b 2b 2d 76 67 da d8 79 61 bf 22 4c | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 19 8a fc 1e 7a b8 bc 66 8e 3c dc 15 ce ec 19 17 | cleartext fragment b5 58 27 c2 76 90 07 43 06 ef 53 5e ba 6c 5a 0c | cleartext fragment c5 e5 1c e3 bc 35 40 56 20 0a a8 c2 01 b5 5d 67 | cleartext fragment 15 46 b1 7e f2 b3 47 49 fe 76 46 d0 f6 b2 4d 2f | cleartext fragment 82 51 90 3a b5 97 44 86 b6 95 2c 96 20 58 4c 8d | cleartext fragment de 2f b7 15 30 0b 3a 09 fc 48 37 12 8d 25 c0 bf | cleartext fragment 3f ff a1 b4 9e 88 fc aa 9e b8 33 9b dd 56 a0 e6 | cleartext fragment 10 90 b2 60 b8 d7 f7 0e 64 33 ee 2a 6c 36 d8 02 | cleartext fragment cf bf 02 03 01 00 01 a3 81 f5 30 81 f2 30 09 06 | cleartext fragment 03 55 1d 13 04 02 30 00 30 31 06 03 55 1d 11 04 | cleartext fragment 2a 30 28 82 26 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 0e 06 03 55 | cleartext fragment 1d 0f 01 01 ff 04 04 03 02 07 80 30 20 06 03 55 | cleartext fragment 1d 25 01 01 ff 04 16 30 14 06 08 2b 06 01 05 05 | cleartext fragment 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 41 06 | cleartext fragment 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 | cleartext fragment 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a | cleartext fragment 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 | cleartext fragment 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 | cleartext fragment 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 | cleartext fragment 81 00 b3 e4 44 c0 ba 1a 8b 81 59 98 76 6b b0 29 | cleartext fragment b1 a7 66 bc 39 6b 5c db 53 81 85 37 3d f0 79 04 | cleartext fragment dc b3 ef 48 a5 df 4e ea 64 46 f4 f2 b9 ec 7b 30 | cleartext fragment 10 fa e6 f7 2d fe 44 48 c1 54 ec 96 4b 0c ba 9e | cleartext fragment ad 79 5e 04 cf 4f 41 ca fe 6c c5 15 41 79 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment a4 34 5f fb 48 5d fe 0a 1d 5a 67 03 6e 1f 2f 6c | cleartext fragment 9c d0 37 e1 da e9 29 b3 7f 01 f0 6e 93 fe a7 82 | cleartext fragment 26 3e b8 95 d5 b8 a0 fa 63 25 da ef 22 5c b2 e4 | cleartext fragment ae e7 d6 47 21 00 01 88 01 00 00 00 45 a6 f8 4b | cleartext fragment e3 bb 82 24 a8 e6 d1 c3 28 58 65 4b bd ee cf a7 | cleartext fragment 19 68 87 31 5b a1 47 e7 96 92 84 0f 06 82 69 63 | cleartext fragment fe 78 5d 27 c2 b7 93 fc da 97 9b 19 cc 95 57 b0 | cleartext fragment f2 7e 9a 1d 81 1e 52 b9 29 22 9d ae c4 2b 60 9e | cleartext fragment 60 f2 9a 32 49 be 85 ec f8 74 ed 29 25 32 39 f0 | cleartext fragment fc 0c d0 52 43 cb 58 ed cf 35 3e 54 7e b3 f9 44 | cleartext fragment da 24 9e e1 f3 7a a8 0d 8f 82 76 46 5f 9f 2d b3 | cleartext fragment 16 87 ae 53 58 ea 01 c7 d7 6e 9f f1 06 bc e1 d4 | cleartext fragment 98 25 70 2c 82 c0 47 3b cc 72 da 49 6e c0 d4 8d | cleartext fragment d3 52 a8 16 1f 19 c5 10 74 60 f4 10 99 a9 83 c1 | cleartext fragment da b5 24 01 4e 14 52 ae 45 eb f4 23 62 6a 87 8e | cleartext fragment 99 38 8e a9 43 84 57 1b 3a 5b ca f4 de 72 b0 a9 | cleartext fragment f8 0b 1b 3f 8b ef 81 8b 38 32 98 18 81 b2 8f 66 | cleartext fragment 26 60 01 2f 99 0b af b5 a5 47 e7 8e fd d8 51 7f | cleartext fragment 9b fe 24 38 f7 0e 4e a6 2c 0f bb 69 98 51 cb 97 | cleartext fragment 22 78 c5 6e a5 8a 10 b7 d3 bd 40 a7 e5 12 a3 50 | cleartext fragment ac 0f c0 ad 7a 3c 77 04 6a 64 2c e8 1f f9 5a b9 | cleartext fragment 6f 4c 04 9d 57 8a 90 47 1e 4b 43 a9 fb 51 8b 44 | cleartext fragment d1 cd b7 2c 68 58 f1 f0 a2 95 b1 2d 4f 9c 80 83 | cleartext fragment 52 b9 ae 97 78 e9 f8 68 06 ca 48 e2 87 f3 ae ce | cleartext fragment 3e 10 f9 8d 3f 30 84 2f 38 4e 5b f4 2f da fa 7e | cleartext fragment 99 15 22 02 b6 be 89 d3 7a 76 ce 39 e3 64 1a 64 | cleartext fragment b2 a8 1e dd 73 91 2d 61 c5 b0 2e 02 57 63 98 7f | cleartext fragment 49 62 df 59 ee 76 74 3e fc 8f 12 21 2c 00 00 a4 | cleartext fragment 02 00 00 20 01 03 04 02 79 c0 c9 5b 03 00 00 0c | cleartext fragment 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 178 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 00 02 00 00 20 02 03 04 02 79 c0 c9 5b 03 00 | cleartext fragment 00 0c 01 00 00 14 80 0e 00 80 00 00 00 08 05 00 | cleartext fragment 00 00 02 00 00 30 03 03 04 04 79 c0 c9 5b 03 00 | cleartext fragment 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 03 00 | cleartext fragment 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 | cleartext fragment 00 00 00 00 00 30 04 03 04 04 79 c0 c9 5b 03 00 | cleartext fragment 00 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 03 00 | cleartext fragment 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 | cleartext fragment ff ff c0 01 02 2d c0 01 02 2d 00 00 00 18 01 00 | cleartext fragment 00 00 07 00 00 10 00 00 ff ff c0 01 02 17 c0 01 | cleartext fragment 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 211 | emitting length of ISAKMP Message: 239 | suspend processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #18: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #18 to 0 after switching state | Message ID: recv #17.#18 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #17.#18 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-ekuCritical" #18: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 c2 52 fb 19 09 0a 07 a1 4c d4 38 bc | 6b f9 63 e9 15 ee f1 3b f2 b9 66 bc 33 7f 10 4a | ed 6e fa 5f 33 df 4e e9 e4 7f 2c bd b6 ae be 88 | ae a9 50 1c 8a 02 fd c4 58 a2 57 37 4b c0 28 28 | bc d1 b8 39 c1 a5 da 12 ff 7a 08 14 40 76 f1 03 | 0c f2 48 20 a5 46 57 b6 2c 6c ff 71 d7 f4 67 3d | 4f 9e da 73 26 6f c6 70 56 bd cf 7e de e2 fb 79 | 26 52 0d c3 ae 76 fc 94 ee fb b4 0b 39 cb 31 7c | 9f 6d d8 b8 23 ab ec 42 e8 81 d1 2d 9b 0b 1e 83 | 48 71 91 72 14 fe af c7 5e 11 34 2d ec f7 89 2b | bb b0 a3 a5 41 8c 1e 2e f0 4b 9f 0a 6d 2d fb 9b | b3 8e 18 44 76 a5 22 1a d8 b4 79 a9 a4 d1 8b 5a | ae ae 5d bd 61 76 22 b2 d8 bd 7e 44 33 62 42 a3 | 9b ad ad 54 25 e5 08 f6 e9 65 0b 83 dc 31 0c 93 | c5 02 77 03 0e 63 9f 5b 62 4e c2 c2 b2 64 99 25 | d8 a2 07 31 c5 cd e3 27 38 bb 17 a0 ca 7c c7 e6 | 0c 15 e9 f6 52 84 ac 15 6d 38 70 ed 19 08 78 dd | 64 49 67 04 99 86 42 23 a7 c7 6c c6 da 44 9f a6 | 58 ce d2 a0 1d c1 cd 31 cb 7d e7 02 7c 17 1b 29 | a3 eb d4 a6 cd 49 e9 25 51 26 37 ca f0 16 bb a4 | 6e bc 00 a2 d1 92 8d 7c d8 2b 4e d7 94 91 5c af | b2 e1 28 0e d4 40 61 cb 73 1a f5 d5 f2 be 26 ec | 3e fd 2f b6 af 19 32 be ac 9c 8d a7 59 10 1f 0a | 47 46 a9 47 41 aa df 60 b3 5d 19 b0 48 a2 3b 44 | e7 06 07 25 85 ad 92 24 87 0b 85 a8 c6 d0 3e c7 | 0e 4b d7 cb 62 c9 71 c5 02 17 4a b6 70 ef d8 7a | 48 be 27 62 0d a6 bb a1 47 eb 81 a2 75 34 22 97 | 2c 5b 9c cc dc 97 db c5 5e 3d 0c d2 c8 0b b2 77 | b7 02 cc 9e 97 08 3b 62 33 da 2f 17 b1 d8 db 65 | df 98 78 e8 85 fb 67 b7 4d 59 8c 79 55 49 9c e1 | 6a 4e 15 7d 0f 2a ce 9e a8 3f 5a 44 71 11 4a 9a | 52 ac 99 7b 9d d6 7b 8c 8f 45 c6 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 b9 d2 72 3f 0e e0 a6 5c 21 6a de 10 | 1a 48 d2 5f 47 2d 9f 70 b4 3f 67 4c 4a 22 f1 50 | 00 d3 77 54 ce 3d 69 ee d9 e4 2a 6d 14 09 b0 dc | 07 4d 95 c6 48 b4 a3 2d 69 18 db 29 c6 3b d3 1b | 24 ab 2c c3 22 cf 12 85 e8 80 d1 85 c0 99 8a 6c | 8e 78 ec 50 14 f8 ae 8d a3 08 b0 70 5b 09 af 6a | 55 76 ff d5 aa fc 4f 59 5f 18 47 9a c1 f8 c8 be | ab 4f 44 cd 72 fc 6a 18 37 d6 65 87 b7 90 07 f8 | 35 88 57 a0 43 39 d2 89 8a 1e 5d ea ab b7 94 65 | fc cb 24 91 7a b6 23 0b f0 67 00 41 93 c8 0d 63 | eb 9f 47 76 f4 71 9f cd d4 f5 77 24 a6 1e d1 2d | 91 46 29 62 f0 b6 00 0c 96 b2 d1 f5 92 76 36 e7 | 3a 0a e7 6f 8d b9 14 d5 7a 4a ae e1 86 6d 55 7b | 52 7c f9 b4 55 e8 bf ec 12 c9 02 41 10 3b 0c 99 | 9f 26 a1 12 3e 3a b4 91 da 3d 3d 2d 62 7f ff fa | ff ba cb 13 e9 c2 9c dc 73 89 d2 89 ed 79 96 06 | c3 3d e1 27 02 31 6c ed 18 cf 32 39 a9 e9 69 b8 | b8 8f f5 92 33 ce 7a 84 af db fd 53 58 5b cc 61 | 0a 82 86 7a 24 8f 5a ef 67 ca 37 b1 c7 aa df 89 | d2 5a 9b fd bd dc 0b 92 ed 2e 9c 17 0c e1 5b b8 | 6c 06 f5 d9 12 ea 74 9d 69 1c 14 0c db c9 89 1e | fa 20 16 59 0b 6d 38 da 9c 38 cc 15 28 da c8 b0 | 2b 23 ca e3 64 79 cf 29 9f b4 11 1d 3e c5 8d e0 | 02 49 4a 91 4d 72 b7 21 b5 49 b6 49 bb e3 19 f4 | 8b bd 85 a4 e4 64 d0 81 43 c9 63 cb 9f 82 ea 18 | 50 f0 dd 76 a6 99 95 7d 97 1f ae 5d 11 f2 fa f7 | 74 f5 ef c8 d4 cc 02 af e2 e0 71 93 91 4b f7 a6 | 90 43 e1 a8 b6 15 bb 3b 65 e4 c1 27 73 31 b9 cd | 4c 4f e2 f1 d9 ec 32 5a bd 33 02 d4 6f b6 95 37 | 27 5d 07 e3 c5 fd 6a 28 e2 ba 77 c4 ab 56 84 9e | 38 d0 a6 67 cc ed 44 f7 90 9b 8c 34 3c 59 69 64 | 1e 09 86 15 9a cd a5 ed 49 11 3f | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 50 92 b9 ae e6 d6 0b 83 85 7d 61 d3 | 4b f5 1f 7e 49 b8 0c 3d 2f e0 f9 03 31 23 c7 b5 | cc 98 6a a4 28 8f ae 24 d2 c7 bf 46 32 0f 89 79 | 0e 54 c0 a9 e2 a7 84 74 37 a6 36 c4 2c 77 7d e2 | d5 13 be 5b e9 19 22 37 2a f6 c2 fb 6a 92 7d 2d | c8 39 cd 28 d2 34 9f f7 a5 0d cd af bb a8 11 7f | da 3c bb 8c 65 0c 46 97 5f 6a 21 76 38 0d 04 c6 | 0a a4 f6 fa dd 22 9a 83 e8 f9 b2 fa a8 ca cb d3 | b5 94 91 f7 2b 7c 4d 6b 28 d9 2b 29 c2 33 58 63 | 54 7c 36 7c 62 43 39 75 1d 0e bd eb c7 2f ca 36 | 8b d8 74 57 c3 a1 fc 24 94 60 a9 a0 1b 59 36 29 | f7 f1 c9 31 40 cd 91 5a 04 d8 6c 0c 89 1e da eb | 29 fa 67 d4 85 b9 40 d7 66 ec ba 11 17 0d 7d 2c | 34 7b 22 b5 da a8 ed 0e 99 d8 a3 48 14 f0 db 05 | 28 8b 46 5d 69 bc bb 4a 61 08 4e 05 d0 03 c1 b9 | 2a ca 6f 58 a7 b3 07 ab 6a b5 45 94 32 71 02 01 | 1b d5 9d 60 25 1f 83 ea 75 32 64 95 b9 96 3f 05 | 18 13 cc 25 57 5c 5d 31 c8 50 24 a2 1a d8 bc b5 | fe b7 ba b3 91 e1 c1 10 eb e3 c5 54 a7 61 90 ee | 0d 3c 86 d8 b5 45 4f 51 93 66 6b 43 94 36 ac 6e | 80 e8 c7 2a 6f 2c f1 00 09 9c 7b db 33 6b b2 65 | 9d 7c e8 2d 00 e9 e5 d6 5a 4c 02 e2 98 14 e5 1f | df 3d 00 48 66 43 67 d4 00 8c 3e 4d ee 99 2e 4d | bb c6 84 10 c5 33 a6 f0 75 1a 04 bd 9e b9 68 c5 | 7d ec 09 3d ab 1c e2 48 b3 5f 23 f1 f6 51 15 4a | 5d 63 63 bf 9e 30 d8 6d 2a 13 40 d3 d4 a8 59 81 | ce 86 35 1e 86 a0 db 37 e0 10 5b de 1a e2 8f 04 | d8 7b e9 d6 fe 9b 55 f6 a7 7f 05 cf 0b 2c 07 4d | be 4f 95 b6 dd f2 5c a3 18 58 68 87 b8 77 c0 d6 | 35 ac c3 7d cb b8 65 76 4f b8 b0 dd 64 54 bb cb | f9 e7 c6 69 f4 87 35 bb 38 7b dc ab 14 81 ae 89 | c8 21 b5 78 d9 21 14 9f 73 a9 8a | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 8b c1 32 2b d8 63 ea 66 ff 41 21 9d | 6c 2e ff 18 be 11 be 59 4b e9 ea 8e c6 84 30 15 | dd a9 2f 10 81 89 72 b3 e0 3d 63 62 5f 66 b2 f8 | ee 2c cc f4 7d 12 05 79 fb a2 a3 d1 2c 3e c9 d0 | 4e 5b 1f 48 38 b9 f8 8b 89 6e 21 7f 56 ea 65 8a | 3b 0c bc e8 80 9c 3e 7d bd 84 4c 71 74 69 96 ac | f9 89 b1 fa 64 61 5a 0b b4 ca a3 55 df 95 47 44 | 40 83 30 3b 91 d5 3b 35 5b 2f b0 56 2e cd 2e 57 | d6 83 04 b7 7f e4 cc 87 0e 1d 5b 26 dc 62 83 41 | 37 12 75 59 cc 8c b7 9e 42 49 dd 68 82 d0 72 00 | cc f7 4b f5 ec e4 bf 9b aa d6 cd 70 a8 e3 7a e6 | ca 4a 2a a1 85 5a 02 aa e7 dd 39 9b ad 90 a7 b5 | f4 86 3b 7b 14 e6 00 22 d3 b2 2e a3 80 48 8d de | a7 84 99 9d 1a 6a e1 b6 19 a2 b6 14 10 47 0d 9a | b5 3b 96 29 99 d9 96 45 dc 80 96 c3 64 c7 db 24 | f6 f6 5d 63 89 7e b9 4b 14 ef 99 5a d1 28 ea 50 | 6a ef 65 9c 27 ca c2 c4 a5 b0 b1 5e 23 ef 9f 1d | 43 85 63 26 58 44 c6 c1 3a 25 24 bb fc 63 3f 79 | 47 29 d8 2a 1f 68 6c ca 8f 00 92 fb ed c0 bb a9 | b4 83 2c 51 4c 97 46 1d 0b e0 7e 6c 33 c0 f1 9d | e1 dd 84 0c 70 28 99 28 f0 d5 49 a8 1c 5d 25 f1 | 23 35 b0 aa 39 7d 8e 98 cb 8c 77 97 91 5d ce 2b | b4 69 12 c6 b3 b9 11 da c4 b6 dd 14 79 d8 40 a7 | 47 57 55 ae c3 b0 b0 9b 77 45 36 7f 91 b7 cd 0e | 76 d2 78 b3 db e6 0d 2d 06 df ac 66 4c 82 e8 95 | 4f 2f 66 fe e4 4b 40 4f 39 9e d3 7d 3c 4b 9b 0c | 4b d2 84 b3 cf 76 a9 54 03 6b 37 3a 93 2d 46 90 | 6f ff 90 52 b0 23 8b da 2e d6 84 e0 1c 7f 85 7e | 9d b4 8b 6b d7 e5 75 0c 49 52 0a 00 08 a1 52 9a | 8b a4 31 e8 68 a0 6e a8 27 d2 21 ae 5e 89 c5 b1 | 09 32 ad 56 7d 25 cb 47 b3 ae 19 71 a3 4c c8 04 | cc ca 60 c3 03 6e 43 48 67 09 bd | sending 239 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 35 20 23 08 00 00 00 01 00 00 00 ef 00 00 00 d3 | 00 05 00 05 63 8a 6d 80 fa a1 be f9 9b 88 3a 79 | 81 ee 11 57 66 87 4b 02 20 43 20 43 3f 10 5f 75 | c1 6f f1 21 98 29 77 5e 4f d8 b3 85 12 2a 21 5d | 03 f7 ea 5f bf 71 38 85 85 f2 6e 12 e5 03 a6 4e | 26 5e c0 fb 30 9c 8e 4e 8e 91 e5 b1 53 6a b8 39 | 6d 5e 39 ba 23 75 9a 0d 5a 56 82 04 84 4b e8 ee | ea c8 ec 01 cf 8f 7a 67 88 f9 19 8b d6 31 75 c4 | f7 ea 7a b6 da 22 8e 9e e7 a8 16 a3 4c 59 40 35 | ba cd b1 dc 5b 71 b7 8a a3 26 5c 1b 48 bc 79 7a | e1 be ca e2 f6 aa 1e 87 07 b5 3c e2 48 e8 79 07 | e3 39 8b 75 03 fb 37 4e eb 41 8f 07 f3 6e 6f af | 20 df 72 df 37 7a b0 6d 55 7d fe 41 d0 f0 ec af | 5f 8b da 68 89 91 75 d9 86 99 3b 0b 38 0a d6 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuCritical" #18: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f2088008980 size 128 | #18 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49000.695799 | resume sending helper answer for #17 suppresed complete_v2_state_transition() | #17 spent 1.72 milliseconds | #17 spent 12.4 milliseconds in resume sending helper answer | stop processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2080006170 | spent 0.00334 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1d 7f e5 62 25 d5 b9 6e 48 78 23 82 85 de 15 e6 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | e9 51 99 12 5a 44 4c 3f c9 8e 3a 1d 7f 61 cf d1 | da ef 06 91 8e 79 c4 37 85 4d 2f ad c0 14 44 88 | 26 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1d 7f e5 62 25 d5 b9 6e | responder cookie: | 48 78 23 82 85 de 15 e6 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #17 in PARENT_I2 (find_v2_ike_sa) | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #18 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #18 is idle | #18 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #18 in state PARENT_I2: sent v2I2, expected v2R2 | #18 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-ekuCritical" #18: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #17 ikev2.ike failed auth-failed "west-ekuCritical" #18: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #18 fd@25 .st_dev=9 .st_ino=1701851 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #17 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2088008980 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | inserting event EVENT_RETRANSMIT, timeout in 59.993871 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f2088008980 size 128 "west-ekuCritical" #18: STATE_PARENT_I2: suppressing retransmits; will wait 59.993871 seconds for retry | #18 spent 0.0659 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #17 spent 0.212 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.222 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical" (in terminate_a_connection() at terminate.c:69) "west-ekuCritical": terminating SAs using this connection | connection 'west-ekuCritical' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #18 | suspend processing: connection "west-ekuCritical" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #18 ikev2.child deleted other | #18 spent 0.0659 milliseconds in total | [RE]START processing: state #18 connection "west-ekuCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuCritical" #18: deleting state (STATE_PARENT_I2) aged 0.082s and NOT sending notification | child state #18: PARENT_I2(open IKE SA) => delete | child state #18: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #18 requesting EVENT_RETRANSMIT to be deleted | #18 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2088008980 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | priority calculation of connection "west-ekuCritical" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-ekuCritical" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-ekuCritical | State DB: deleting IKEv2 state #18 in CHILDSA_DEL | child state #18: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #18 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #17 | start processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #17 ikev2.ike deleted auth-failed | #17 spent 17.3 milliseconds in total | [RE]START processing: state #17 connection "west-ekuCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuCritical" #17: deleting state (STATE_PARENT_I2) aged 0.093s and NOT sending notification | parent state #17: PARENT_I2(open IKE SA) => delete | state #17 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f208c001350 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a5c81b0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-ekuCritical | State DB: deleting IKEv2 state #17 in PARENT_I2 | parent state #17: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #17 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-ekuCritical' wasn't on the list | stop processing: connection "west-ekuCritical" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.268 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-kuCritical" (in initiate_a_connection() at initiate.c:186) | connection 'west-kuCritical' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #19 at 0x56366a5a3770 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-kuCritical" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-kuCritical" IKE SA #19 "west-kuCritical" "west-kuCritical" #19: initiating v2 parent SA | constructing local IKE proposals for west-kuCritical (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-kuCritical": constructed local IKE proposals for west-kuCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 19 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f2088008980 size 128 | #19 spent 0.105 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 resuming | crypto helper 6 starting work-order 19 for state #19 | RESET processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 19 | RESET processing: connection "west-kuCritical" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.162 milliseconds in whack | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 19 time elapsed 0.001041 seconds | (#19) spent 1.05 milliseconds in crypto helper computing work-order 19: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 19 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 19 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #19 | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-kuCritical (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 1d 3e 17 d7 18 00 94 31 aa e8 96 10 e1 cb cd 57 | ikev2 g^x 27 1e 04 99 43 a6 85 5a 18 ef bd 19 ef 63 1c eb | ikev2 g^x 2a 71 e2 9d 2f 60 2f cf 71 bf 19 e1 7b 1b cc 2a | ikev2 g^x a3 72 88 7d 01 24 45 01 2a e7 c8 c9 ed 02 78 19 | ikev2 g^x c7 c4 7e 52 2d ec 08 ab 73 50 67 f9 87 13 0b 21 | ikev2 g^x 55 f6 a1 7d c9 f0 a8 ba 37 44 2f 4d 01 12 ca 3e | ikev2 g^x 2c dd 24 1d 1c 5d 18 34 24 02 17 35 b4 16 c0 e3 | ikev2 g^x ee 7d b8 5f d2 f6 4b 92 d6 de 4d 11 dc e3 d8 bd | ikev2 g^x 29 41 a8 d7 7a e1 ba 87 0c 16 34 3b f7 81 f0 85 | ikev2 g^x b8 83 47 85 39 c4 95 43 4c 32 d0 20 b8 a0 86 f8 | ikev2 g^x de 08 d5 73 21 6c 58 55 12 16 14 b7 c4 58 b9 7f | ikev2 g^x 55 11 41 0c d9 89 37 f4 1a ed bf f1 d7 6a 3f 0d | ikev2 g^x 3b 47 ed 3d 52 55 31 bb ee 05 61 97 2f 3a fe c9 | ikev2 g^x a8 af 90 4d 61 4e 7c 7a db e9 bf 73 af 05 40 e8 | ikev2 g^x e7 c4 9f 7e 8b f1 63 ac f0 29 15 a3 35 06 67 d1 | ikev2 g^x 4f 59 0f 03 69 d1 ce 50 49 bf 2d 61 58 f4 d6 bf | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 4c 7b 1a bd 53 10 6b 02 cc c7 26 61 2d bf bb 94 | IKEv2 nonce e9 f7 fc 2c ef 8b 58 67 a2 a5 66 9e 46 bf 8b 63 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= bc 84 e7 d8 82 85 47 bd | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 05 d5 51 fb 76 2e bb 99 47 c8 8b ff 7c 15 6f f2 | natd_hash: hash= ce 66 4e d7 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 05 d5 51 fb 76 2e bb 99 47 c8 8b ff 7c 15 6f f2 | Notify data ce 66 4e d7 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= bc 84 e7 d8 82 85 47 bd | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 5b 06 3c c3 1c ef 2f f1 79 c3 8b f5 7d ef f2 4c | natd_hash: hash= 56 4a e6 61 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5b 06 3c c3 1c ef 2f f1 79 c3 8b f5 7d ef f2 4c | Notify data 56 4a e6 61 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #19: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #19 to 4294967295 after switching state | Message ID: IKE #19 skipping update_recv as MD is fake | Message ID: sent #19 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-kuCritical" #19: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | bc 84 e7 d8 82 85 47 bd 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 1d 3e 17 d7 18 00 94 31 | aa e8 96 10 e1 cb cd 57 27 1e 04 99 43 a6 85 5a | 18 ef bd 19 ef 63 1c eb 2a 71 e2 9d 2f 60 2f cf | 71 bf 19 e1 7b 1b cc 2a a3 72 88 7d 01 24 45 01 | 2a e7 c8 c9 ed 02 78 19 c7 c4 7e 52 2d ec 08 ab | 73 50 67 f9 87 13 0b 21 55 f6 a1 7d c9 f0 a8 ba | 37 44 2f 4d 01 12 ca 3e 2c dd 24 1d 1c 5d 18 34 | 24 02 17 35 b4 16 c0 e3 ee 7d b8 5f d2 f6 4b 92 | d6 de 4d 11 dc e3 d8 bd 29 41 a8 d7 7a e1 ba 87 | 0c 16 34 3b f7 81 f0 85 b8 83 47 85 39 c4 95 43 | 4c 32 d0 20 b8 a0 86 f8 de 08 d5 73 21 6c 58 55 | 12 16 14 b7 c4 58 b9 7f 55 11 41 0c d9 89 37 f4 | 1a ed bf f1 d7 6a 3f 0d 3b 47 ed 3d 52 55 31 bb | ee 05 61 97 2f 3a fe c9 a8 af 90 4d 61 4e 7c 7a | db e9 bf 73 af 05 40 e8 e7 c4 9f 7e 8b f1 63 ac | f0 29 15 a3 35 06 67 d1 4f 59 0f 03 69 d1 ce 50 | 49 bf 2d 61 58 f4 d6 bf 29 00 00 24 4c 7b 1a bd | 53 10 6b 02 cc c7 26 61 2d bf bb 94 e9 f7 fc 2c | ef 8b 58 67 a2 a5 66 9e 46 bf 8b 63 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 05 d5 51 fb | 76 2e bb 99 47 c8 8b ff 7c 15 6f f2 ce 66 4e d7 | 00 00 00 1c 00 00 40 05 5b 06 3c c3 1c ef 2f f1 | 79 c3 8b f5 7d ef f2 4c 56 4a e6 61 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2088008980 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-kuCritical" #19: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f2088008980 size 128 | #19 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49002.895394 | resume sending helper answer for #19 suppresed complete_v2_state_transition() and stole MD | #19 spent 0.807 milliseconds in resume sending helper answer | stop processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f20840012f0 | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 3e 88 75 cb | 9b 08 fb 76 fb 6f a7 a4 76 b5 7b e6 4d ad 8a a4 | cd a5 04 b5 7f f2 c1 27 83 e8 32 01 a7 87 ba 01 | 68 ef 3d cf 6c 96 80 60 81 18 04 0a 97 96 2b 2c | a5 f3 70 26 2d fd 94 eb 71 d7 d3 6b f7 b0 e1 21 | d9 f7 47 ba 13 0c fe 9b 2d 16 fa e3 56 66 e0 53 | d3 d8 e1 dd 49 74 1a da 47 fe a3 f7 4e 5c 6c 3c | f2 50 e7 d8 31 99 c6 88 40 6f 5c f6 0f 13 dd 10 | 51 f8 2d ba 11 ee be 78 33 7c 94 10 2d e3 fe 68 | 9e 84 8f 59 33 40 6c 37 60 ec 99 b7 85 08 63 a6 | 6e b0 91 7d 50 b2 c0 ea 4b 24 c7 08 95 d5 35 37 | 8c 82 d5 df 34 32 53 b0 c3 79 df 3c 8f 2e 92 d3 | 25 da 24 b7 78 be d2 13 dd ff 62 99 90 c9 fe 19 | 72 ee 01 12 6b d7 2f e4 95 7b 1e a1 a4 7d 04 f5 | 4c a7 59 28 d6 4a 6a 10 fb c3 52 cb f6 ce c5 36 | 37 d2 30 97 1f 48 55 a9 70 8b 09 d5 e7 2e 63 39 | ed 97 b6 28 fa 25 85 59 0f d8 88 07 29 00 00 24 | 6d 2d fb 96 4b 82 fe ba 39 b0 55 e3 6c 25 45 eb | fc 70 b2 6b 94 40 80 64 b9 52 38 8a 50 9c 5a 82 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 91 8b 49 f5 d0 f9 d1 2d 0e dc fe 9a 51 9a 96 3d | 7f 56 43 c9 26 00 00 1c 00 00 40 05 65 13 66 2f | 93 75 8b 4e 04 93 7e b2 65 da 57 0e af 0f 2d 99 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #19 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #19 is idle | #19 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #19 IKE SPIi and SPI[ir] | #19 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-kuCritical (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= bc 84 e7 d8 82 85 47 bd | natd_hash: rcookie= 63 2a 35 34 44 3f fc 53 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 65 13 66 2f 93 75 8b 4e 04 93 7e b2 65 da 57 0e | natd_hash: hash= af 0f 2d 99 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= bc 84 e7 d8 82 85 47 bd | natd_hash: rcookie= 63 2a 35 34 44 3f fc 53 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 91 8b 49 f5 d0 f9 d1 2d 0e dc fe 9a 51 9a 96 3d | natd_hash: hash= 7f 56 43 c9 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 20 for state #19 | state #19 requesting EVENT_RETRANSMIT to be deleted | #19 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2088008980 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | #19 spent 0.14 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 3 resuming | [RE]START processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | crypto helper 3 starting work-order 20 for state #19 | suspending state #19 and saving MD | #19 is busy; has a suspended MD | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 | [RE]START processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-kuCritical" #19 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.322 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.329 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 time elapsed 0.001446 seconds | (#19) spent 1.45 milliseconds in crypto helper computing work-order 20: ikev2_inR1outI2 KE (pcr) | crypto helper 3 sending results from work-order 20 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f2078006170 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 20 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #19: calculating g^{xy}, sending I2 | creating state object #20 at 0x56366a5c49b0 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "west-kuCritical" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.45:500 from #19.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #19.#20; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f20840012f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a5c9aa0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | parent state #19: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 205 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 ca 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2e 30 2c 06 03 55 04 03 0c 25 77 65 73 | my identity 74 2d 6b 75 43 72 69 74 69 63 61 6c 2e 74 65 73 | my identity 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | my identity 72 67 31 39 30 37 06 09 2a 86 48 86 f7 0d 01 09 | my identity 01 16 2a 75 73 65 72 2d 77 65 73 74 2d 6b 75 43 | my identity 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e 67 2e | my identity 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 213 | Sending [CERT] of certificate: E=user-west-kuCritical@testing.libreswan.org,CN=west-kuCritical.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 19 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 ca 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2e 30 2c 06 03 55 04 03 0c 25 77 | CERT 65 73 74 2d 6b 75 43 72 69 74 69 63 61 6c 2e 74 | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | CERT 2e 6f 72 67 31 39 30 37 06 09 2a 86 48 86 f7 0d | CERT 01 09 01 16 2a 75 73 65 72 2d 77 65 73 74 2d 6b | CERT 75 43 72 69 74 69 63 61 6c 40 74 65 73 74 69 6e | CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | CERT 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | CERT 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | CERT d9 40 1f b9 1a eb ea 3d 9a 46 51 a7 10 f1 25 ad | CERT 3b 43 91 96 8b 99 93 03 51 52 dd 1a 00 72 9a 92 | CERT ec 73 de 46 71 b5 bd 64 57 4d 63 ec a0 bd 5f bb | CERT 4f 03 84 c6 6c 75 72 27 e1 22 27 24 7d 04 40 2a | CERT b8 54 15 47 90 c3 5a 18 e0 3d ae d7 21 fb 99 72 | CERT 62 51 11 67 0d dd 43 30 be 59 02 9d 1c 01 05 1d | CERT 7d d5 e3 aa 62 85 d9 c3 36 a1 24 69 02 ff fd e4 | CERT 80 0c 23 d9 17 89 b0 c8 67 da a3 1b 36 af 82 05 | CERT f2 9e 15 4e 74 63 05 23 61 6e 8f d9 aa 4a ad 0a | CERT 66 ad 5d 0b 46 82 e2 59 8f ef 7b e5 1d 38 32 07 | CERT 00 ae 2a ba 24 f5 71 cc 05 67 69 a7 a6 67 70 78 | CERT 39 0b ae e7 da 8d 77 fa ca e8 76 61 e9 29 61 98 | CERT cd 4c 50 ca 03 31 fc 28 e6 8a cc 3b f5 22 bd dc | CERT ca 5e ca dd d0 db c3 54 94 54 22 21 13 a2 1f 22 | CERT dd 1e 33 1d dc 0d 04 43 a3 d2 a4 8e dd 09 59 13 | CERT d4 8a af e6 a2 45 03 fc ce 37 1d 72 13 18 c2 5e | CERT eb dd e8 2d 58 7e ee 6a 38 6a 96 ab a4 22 68 aa | CERT 15 68 97 a5 71 e3 25 22 30 e7 64 be d3 e3 3d 2c | CERT 22 a7 ee 56 13 de 24 b0 48 9d 7a db 22 f3 41 65 | CERT 6f ec b6 24 3e e7 48 f6 29 58 d6 fd 2a dc e1 fc | CERT 2a 09 8c b9 cc 5f aa ce 63 5d a4 ec 96 b4 b3 69 | CERT e8 ac ef d1 d9 cb ec 18 d0 3b 80 28 8e 10 69 d7 | CERT 7d 73 78 ff 4a c9 94 04 24 65 b7 0d 5d 34 0b be | CERT 44 2e e0 2d 4f af 44 e3 08 c2 ef 4e 9c 5e 0f 05 | CERT 02 03 01 00 01 a3 81 f1 30 81 ee 30 09 06 03 55 | CERT 1d 13 04 02 30 00 30 30 06 03 55 1d 11 04 29 30 | CERT 27 82 25 77 65 73 74 2d 6b 75 43 72 69 74 69 63 | CERT 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | CERT 73 77 61 6e 2e 6f 72 67 30 0e 06 03 55 1d 0f 01 | CERT 01 ff 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 b4 3c 56 2b | CERT 17 f9 b5 09 c0 a6 51 57 24 bd d4 67 cb 1a 8a 48 | CERT 08 29 ee 64 be 38 b3 37 5b ac 5b 72 04 82 98 47 | CERT 7e 25 95 06 9e 00 3e 15 73 cd 58 99 95 a5 e2 70 | CERT 7d a7 54 49 48 1f 44 93 e7 18 24 a8 1f 02 a7 a7 | CERT 4f e3 09 0d 65 e1 82 6e e5 be 70 f8 e3 b7 a4 25 | CERT 92 f5 ff da 15 cf 70 1d 41 ba db 77 a5 a6 b2 69 | CERT 57 12 17 db ea 18 40 7f 53 ff c5 7b f8 b1 83 41 | CERT 78 f9 bd 9a d1 ce 41 cf 8d 1f c3 fc | emitting length of IKEv2 Certificate Payload: 1265 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuCritical.testing.libreswan.org, E=user-west-kuCritical@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAdlAH | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAdlAH | private key for cert west-kuCritical not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAdlAH vs PKK_RSA:AwEAAdlAH | #19 spent 5.5 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 72 f9 64 62 94 9b 33 29 fd 69 38 fb bc 01 08 c7 | rsa signature 08 81 5f a8 5d 6d 11 75 e5 79 50 c8 41 b1 2e 85 | rsa signature 63 d2 22 02 71 aa cd 82 e2 00 db 7a 5b 8c 67 41 | rsa signature f0 8f 66 78 cd c0 69 d5 9f 3b ec 02 b9 c9 fb 5d | rsa signature 2f 8f 1e c4 5a 98 56 b4 9f c8 f6 8d 40 b3 25 2d | rsa signature 0e 81 df b1 19 4c 6c 09 57 ba 2b 96 68 a8 8c 4d | rsa signature cf 8e 1b cb 21 5b a2 33 f8 cd 0e 6e ec 92 23 54 | rsa signature 4c d3 c5 dc a3 9a ac 87 32 e8 d0 cf 9f 1a 9c c9 | rsa signature 13 65 c1 56 75 f2 8b ff 03 8e 78 56 e9 30 96 c5 | rsa signature 79 bc ec df 6c b7 d3 86 1c 0d 3a c4 1f 3e 6a fe | rsa signature 8f 8b 0d 71 51 d8 10 b1 ed 06 f2 cb c1 2b de d5 | rsa signature e2 e6 6e 03 f7 70 52 cb a1 ff b9 32 16 3b 7d 22 | rsa signature 26 4e eb 7a 9e 2b 99 05 80 c8 4b 98 ad 58 c0 98 | rsa signature d0 df c3 d0 ce 0a ad fd 9d 52 45 21 70 65 af bb | rsa signature 5f f0 39 68 b2 c4 2f 92 12 e1 9e 19 84 ac e5 dc | rsa signature dc 8a e6 28 6d d4 ba 3a 3f e3 50 cb 7c 7b d9 d1 | rsa signature df 20 ef 55 30 b8 b9 51 42 5d da aa db 6c 50 f9 | rsa signature 2e 72 a7 64 04 1f df 1b ac 99 5d ca e2 79 c0 df | rsa signature 97 62 d3 27 6c 6c df d3 5a 06 0b c9 3c 90 ad 96 | rsa signature 2d a5 41 72 e8 6a 72 62 a9 8d d1 9d 01 67 16 c9 | rsa signature c9 3d 70 3e 14 7c 06 1c eb f1 8d 73 53 c4 76 f4 | rsa signature 36 c8 26 9c 44 b3 fa 8d 9c d5 c4 80 45 5f 52 0d | rsa signature 13 0f 49 09 a1 7b ba 3a a7 2e 6c 28 7a 9b 63 3a | rsa signature b7 b7 1b 90 63 2e c0 f9 70 fd 90 23 6e 1a 6e 99 | #19 spent 5.8 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #19 | netlink_get_spi: allocated 0xf8837430 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-kuCritical (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-kuCritical": constructed local ESP/AH proposals for west-kuCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f8 83 74 30 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f8 83 74 30 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f8 83 74 30 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f8 83 74 30 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2111 | emitting length of ISAKMP Message: 2139 | **parse ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2139 (0x85b) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2111 (0x83f) | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 d5 09 00 00 00 30 81 ca 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2e 30 2c 06 03 | cleartext fragment 55 04 03 0c 25 77 65 73 74 2d 6b 75 43 72 69 74 | cleartext fragment 69 63 61 6c 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 31 39 30 37 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 2a 75 73 65 72 2d | cleartext fragment 77 65 73 74 2d 6b 75 43 72 69 74 69 63 61 6c 40 | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | cleartext fragment 6e 2e 6f 72 67 27 00 04 f1 04 30 82 04 e8 30 82 | cleartext fragment 04 51 a0 03 02 01 02 02 01 19 30 0d 06 09 2a 86 | cleartext fragment 48 86 f7 0d 01 01 0b 05 00 30 81 ac 31 0b 30 09 | cleartext fragment 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 | cleartext fragment 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 | cleartext fragment 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 | cleartext fragment 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 | cleartext fragment 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 | cleartext fragment 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 | cleartext fragment 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 | cleartext fragment 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e | cleartext fragment 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 | cleartext fragment 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 | cleartext fragment 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 39 | cleartext fragment 30 39 31 35 31 39 34 34 35 39 5a 18 0f 32 30 32 | cleartext fragment 32 30 39 31 34 31 39 34 34 35 39 5a 30 81 ca 31 | cleartext fragment 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f | cleartext fragment 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e | cleartext fragment 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 | cleartext fragment 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c | cleartext fragment 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 | cleartext fragment 31 2e 30 2c 06 03 55 04 03 0c 25 77 65 73 74 2d | cleartext fragment 6b 75 43 72 69 74 69 63 61 6c 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 31 39 30 37 06 09 2a 86 48 86 f7 0d 01 09 01 16 | cleartext fragment 2a 75 73 65 72 2d 77 65 73 74 2d 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 40 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | cleartext fragment 01 8f 00 30 82 01 8a 02 82 01 81 00 d9 40 1f b9 | cleartext fragment 1a eb ea 3d 9a 46 51 a7 10 f1 25 ad 3b 43 91 96 | cleartext fragment 8b 99 93 03 51 52 dd 1a 00 72 9a 92 ec 73 de 46 | cleartext fragment 71 b5 bd 64 57 4d 63 ec a0 bd 5f bb 4f 03 84 c6 | cleartext fragment 6c 75 72 27 e1 22 27 24 7d 04 40 2a b8 54 15 47 | cleartext fragment 90 c3 5a 18 e0 3d ae d7 21 fb 99 72 62 51 11 67 | cleartext fragment 0d dd 43 30 be 59 02 9d 1c 01 05 1d 7d d5 e3 aa | cleartext fragment 62 85 d9 c3 36 a1 24 69 02 ff fd e4 80 0c 23 d9 | cleartext fragment 17 89 b0 c8 67 da a3 1b 36 af 82 05 f2 9e 15 4e | cleartext fragment 74 63 05 23 61 6e 8f d9 aa 4a ad 0a 66 ad 5d 0b | cleartext fragment 46 82 e2 59 8f ef 7b e5 1d 38 32 07 00 ae 2a ba | cleartext fragment 24 f5 71 cc 05 67 69 a7 a6 67 70 78 39 0b ae e7 | cleartext fragment da 8d 77 fa ca e8 76 61 e9 29 61 98 cd 4c 50 ca | cleartext fragment 03 31 fc 28 e6 8a cc 3b f5 22 bd dc ca 5e ca dd | cleartext fragment d0 db c3 54 94 54 22 21 13 a2 1f 22 dd 1e 33 1d | cleartext fragment dc 0d 04 43 a3 d2 a4 8e dd 09 59 13 d4 8a af e6 | cleartext fragment a2 45 03 fc ce 37 1d 72 13 18 c2 5e eb dd | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment e8 2d 58 7e ee 6a 38 6a 96 ab a4 22 68 aa 15 68 | cleartext fragment 97 a5 71 e3 25 22 30 e7 64 be d3 e3 3d 2c 22 a7 | cleartext fragment ee 56 13 de 24 b0 48 9d 7a db 22 f3 41 65 6f ec | cleartext fragment b6 24 3e e7 48 f6 29 58 d6 fd 2a dc e1 fc 2a 09 | cleartext fragment 8c b9 cc 5f aa ce 63 5d a4 ec 96 b4 b3 69 e8 ac | cleartext fragment ef d1 d9 cb ec 18 d0 3b 80 28 8e 10 69 d7 7d 73 | cleartext fragment 78 ff 4a c9 94 04 24 65 b7 0d 5d 34 0b be 44 2e | cleartext fragment e0 2d 4f af 44 e3 08 c2 ef 4e 9c 5e 0f 05 02 03 | cleartext fragment 01 00 01 a3 81 f1 30 81 ee 30 09 06 03 55 1d 13 | cleartext fragment 04 02 30 00 30 30 06 03 55 1d 11 04 29 30 27 82 | cleartext fragment 25 77 65 73 74 2d 6b 75 43 72 69 74 69 63 61 6c | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 30 0e 06 03 55 1d 0f 01 01 ff | cleartext fragment 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30 | cleartext fragment 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 | cleartext fragment 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 01 | cleartext fragment 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 | cleartext fragment 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 | cleartext fragment 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a | cleartext fragment 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f | cleartext fragment 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 | cleartext fragment 0d 01 01 0b 05 00 03 81 81 00 b4 3c 56 2b 17 f9 | cleartext fragment b5 09 c0 a6 51 57 24 bd d4 67 cb 1a 8a 48 08 29 | cleartext fragment ee 64 be 38 b3 37 5b ac 5b 72 04 82 98 47 7e 25 | cleartext fragment 95 06 9e 00 3e 15 73 cd 58 99 95 a5 e2 70 7d a7 | cleartext fragment 54 49 48 1f 44 93 e7 18 24 a8 1f 02 a7 a7 4f e3 | cleartext fragment 09 0d 65 e1 82 6e e5 be 70 f8 e3 b7 a4 25 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 92 f5 ff da 15 cf 70 1d 41 ba db 77 a5 a6 b2 69 | cleartext fragment 57 12 17 db ea 18 40 7f 53 ff c5 7b f8 b1 83 41 | cleartext fragment 78 f9 bd 9a d1 ce 41 cf 8d 1f c3 fc 21 00 01 88 | cleartext fragment 01 00 00 00 72 f9 64 62 94 9b 33 29 fd 69 38 fb | cleartext fragment bc 01 08 c7 08 81 5f a8 5d 6d 11 75 e5 79 50 c8 | cleartext fragment 41 b1 2e 85 63 d2 22 02 71 aa cd 82 e2 00 db 7a | cleartext fragment 5b 8c 67 41 f0 8f 66 78 cd c0 69 d5 9f 3b ec 02 | cleartext fragment b9 c9 fb 5d 2f 8f 1e c4 5a 98 56 b4 9f c8 f6 8d | cleartext fragment 40 b3 25 2d 0e 81 df b1 19 4c 6c 09 57 ba 2b 96 | cleartext fragment 68 a8 8c 4d cf 8e 1b cb 21 5b a2 33 f8 cd 0e 6e | cleartext fragment ec 92 23 54 4c d3 c5 dc a3 9a ac 87 32 e8 d0 cf | cleartext fragment 9f 1a 9c c9 13 65 c1 56 75 f2 8b ff 03 8e 78 56 | cleartext fragment e9 30 96 c5 79 bc ec df 6c b7 d3 86 1c 0d 3a c4 | cleartext fragment 1f 3e 6a fe 8f 8b 0d 71 51 d8 10 b1 ed 06 f2 cb | cleartext fragment c1 2b de d5 e2 e6 6e 03 f7 70 52 cb a1 ff b9 32 | cleartext fragment 16 3b 7d 22 26 4e eb 7a 9e 2b 99 05 80 c8 4b 98 | cleartext fragment ad 58 c0 98 d0 df c3 d0 ce 0a ad fd 9d 52 45 21 | cleartext fragment 70 65 af bb 5f f0 39 68 b2 c4 2f 92 12 e1 9e 19 | cleartext fragment 84 ac e5 dc dc 8a e6 28 6d d4 ba 3a 3f e3 50 cb | cleartext fragment 7c 7b d9 d1 df 20 ef 55 30 b8 b9 51 42 5d da aa | cleartext fragment db 6c 50 f9 2e 72 a7 64 04 1f df 1b ac 99 5d ca | cleartext fragment e2 79 c0 df 97 62 d3 27 6c 6c df d3 5a 06 0b c9 | cleartext fragment 3c 90 ad 96 2d a5 41 72 e8 6a 72 62 a9 8d d1 9d | cleartext fragment 01 67 16 c9 c9 3d 70 3e 14 7c 06 1c eb f1 8d 73 | cleartext fragment 53 c4 76 f4 36 c8 26 9c 44 b3 fa 8d 9c d5 c4 80 | cleartext fragment 45 5f 52 0d 13 0f 49 09 a1 7b ba 3a a7 2e 6c 28 | cleartext fragment 7a 9b 63 3a b7 b7 1b 90 63 2e c0 f9 70 fd 90 23 | cleartext fragment 6e 1a 6e 99 2c 00 00 a4 02 00 00 20 01 03 04 02 | cleartext fragment f8 83 74 30 03 00 00 0c 01 00 00 14 80 0e 01 00 | cleartext fragment 00 00 00 08 05 00 00 00 02 00 00 20 02 03 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 170 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 04 02 f8 83 74 30 03 00 00 0c 01 00 00 14 80 0e | cleartext fragment 00 80 00 00 00 08 05 00 00 00 02 00 00 30 03 03 | cleartext fragment 04 04 f8 83 74 30 03 00 00 0c 01 00 00 0c 80 0e | cleartext fragment 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 04 03 | cleartext fragment 04 04 f8 83 74 30 03 00 00 0c 01 00 00 0c 80 0e | cleartext fragment 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 | cleartext fragment 00 00 07 00 00 10 00 00 ff ff c0 01 02 2d c0 01 | cleartext fragment 02 2d 00 00 00 18 01 00 00 00 07 00 00 10 00 00 | cleartext fragment ff ff c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 203 | emitting length of ISAKMP Message: 231 | suspend processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #20: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #20 to 0 after switching state | Message ID: recv #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #19.#20 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-kuCritical" #20: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 5f b7 46 62 d5 d8 8a 63 c2 a4 65 6d | f5 77 29 33 a6 85 28 78 a5 08 5b 4b 41 9c d5 a6 | 07 23 f0 c8 29 dd 98 59 8e 12 60 40 ef 1e d5 09 | 2c 76 c9 90 41 ee 1f 9f ff 4a be 70 ee 66 bc ac | ca 32 b2 d6 6a 43 56 63 02 63 26 9e 6b 88 a5 27 | 4c 58 14 ca e2 5b f4 6d 45 fc f5 76 53 c0 95 16 | 5a 89 bf 61 1f a0 9b 9a c9 71 ee a1 1f cf 56 1f | 97 97 d0 95 d6 2b d6 e3 d2 63 af 58 22 d7 67 ee | 64 15 b9 6d 59 7a d8 5c 6e 18 a4 c6 64 f0 e1 f5 | cf 0a be 09 db dd 0a 91 eb ad 88 6e 9f 1d 12 e1 | 8e 4b 9a 7b e0 55 33 63 21 4f 70 52 fa db 97 55 | 58 a2 6a 3a 4b 45 37 09 db cf bc 7f f3 ba 17 90 | f9 3b 60 8b 74 4c 50 3d 61 3e 0d 05 14 e9 c3 eb | 91 7e 3a ad eb 17 54 05 02 37 ca 96 52 d1 de 3e | be 5f 92 6a c5 bd 11 5c e6 4e 46 13 58 ff 56 c1 | 6b a1 3f 7f 0d 2f cc 69 af 75 a1 15 f1 7c 3b ea | 95 c2 07 41 d5 91 c5 a9 1a 50 84 5a 1e 66 fb 97 | 54 48 9c 1a ad 4d c2 0a 77 bb 5f 95 8e 0f fd 25 | 7c 79 fc ab 1b 5f a7 83 e4 3a 42 d2 c1 d0 ee 28 | 32 b8 eb 71 5e ed 99 f2 b5 0f d8 7b ff a8 8f 04 | 2e 1f 75 09 ac 43 84 6f ae 63 0e 09 e1 28 2b e7 | 3e fd ac 2b 47 f6 3b f2 c3 6f 68 21 ed ed 7a 75 | d8 67 13 c1 e7 c5 09 23 fe 0c 44 af 18 5e bf 3f | 22 94 d3 e7 32 03 6b af 79 ad 38 a6 ee 2e 48 44 | c8 51 f8 1b c1 f8 ef 61 79 89 54 06 e8 93 06 95 | 1c 93 38 df 2f 80 96 58 d9 eb 35 24 16 c3 eb cd | 28 4b 24 6f 2b 09 f8 96 e1 6c da 8f b5 e6 1c 79 | 49 9b ae be be bd 59 af 8b 05 3d 32 55 88 ac 89 | a0 b7 f6 f5 75 b5 f5 df 30 58 f5 29 56 d7 aa ab | 27 c1 9e 6a c9 48 02 14 0f 77 9b 6c ac 5e 9c ea | 51 d2 2a 0f 66 02 f9 9a 0e 10 62 a7 b6 0a f1 ad | 95 de 47 79 b2 3c db da b9 4a 49 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 3b 62 d6 ed 41 32 96 4c af ea 28 8f | 21 34 dd 81 17 0e 46 0f 78 89 03 2e 83 ad d5 e6 | 76 be 3d 18 c2 7b 8c 2a 89 96 84 8c 59 8b 2b e5 | fe 6c 74 da 22 e9 ba 05 c8 d8 13 87 19 5c 4b 17 | 4e e3 08 e5 f0 32 96 90 b6 56 32 02 d2 57 13 1b | eb 98 5d 68 4b 56 83 6f 20 b9 fe 5d cc 72 7d 7c | 1e 20 b1 aa e8 de 10 de 38 9f a3 4d e5 4a 8e 8f | d6 5d 6d 93 5f ab 71 bf 1c 84 9a 1d ea 77 ae c3 | 0a fb bb b2 ce b2 1d 84 4a c9 65 c5 e5 9e e3 cd | 63 52 7a 80 25 25 90 4f 4b ee aa b6 9b 46 fa 65 | 6f 09 57 60 0c b3 5a 13 33 da 07 7f fc 52 63 b2 | c3 21 4b 26 d0 8b 63 a9 05 a9 a3 ac fa 60 1c 05 | 77 6e 11 45 28 10 e3 61 fc a8 89 35 f3 6b d6 ba | 62 9c 47 67 e2 df 3e c4 4c 02 96 03 bf 40 bf 9d | 02 75 09 bf 48 27 81 7c d3 d2 a4 c0 9e a8 c4 0c | f9 1e 8d 29 58 b5 9b 14 79 79 fd 79 6a 21 a3 20 | 31 62 14 88 e6 d8 e1 22 56 73 c9 50 f7 57 f6 34 | ab 83 ab 72 5a 81 24 87 18 42 15 7f 0e b6 0e 65 | 65 ca 37 b1 a7 15 24 56 e7 b8 6c 20 8e 6c c0 ec | 26 0a f7 d3 80 79 b5 81 54 65 32 c8 17 31 b6 8c | c7 74 cd c0 ed 5a aa 46 7b a6 1e 91 bc 04 0c d0 | 5a 1d 7b b5 2e 0a 73 25 e5 71 70 40 12 4c f6 91 | 2f 61 df 01 c2 17 36 72 ab 2e 8a df 0d 91 ab 1b | 59 17 f7 98 5b 4b b9 9b eb 79 12 5b 74 e4 1d 83 | c8 17 79 09 83 84 f2 73 6c 12 43 43 28 6a 7c 0e | 93 22 95 77 36 85 f5 eb 70 13 16 3e 84 73 44 e8 | 12 c5 8b b5 06 d2 73 72 86 61 71 06 fe 3a 4f 1f | 42 ea f1 9d a0 31 78 3b af 55 87 37 5b 45 b1 af | e2 a0 b4 53 e5 52 99 e4 4e f8 d4 bc e5 32 cd 34 | cf bd b8 e3 a8 98 52 81 c8 0e d7 70 c9 c7 60 9f | a4 1a 09 bc 48 ac a2 bd 50 48 ce e6 33 60 ef 94 | e8 90 7a b9 a3 05 89 bc ee d2 ce | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 d7 e0 7d a9 f6 f7 1f 1f 95 a9 6b a4 | 67 0c 66 83 c5 94 47 e2 a7 e3 1e f7 95 fa b0 73 | da 3b 28 e2 1c e3 10 d8 f6 24 ae fc 63 c5 04 ec | 23 95 9b 69 d2 08 bc ce d3 20 4f 2a 0d 20 38 6d | cf d4 82 3a d5 cb 78 18 f3 d2 f0 6d b6 86 8c f5 | 19 24 d2 95 92 a0 0f 9c 8f 7e 16 c9 d1 78 53 5f | 68 76 c3 e2 83 54 e2 6b 20 59 39 fb cd aa b7 91 | f7 ae 41 52 d7 5c 42 3c f1 63 5f c9 48 fc 4f 27 | e7 a6 ec 95 be dc 50 05 23 e1 9a 34 8d bc 35 93 | 08 34 74 8b 5c 16 d4 c2 9f 6b 60 d0 82 55 ad ab | 2c a7 d9 f6 47 ce f1 a2 c8 8e 45 2f 48 fb c3 f2 | fe e1 33 6d 6f 6c 5e a1 eb 15 5c 3e df fa b4 26 | 5f 00 88 86 e9 39 3b 61 89 e6 ce 4d d3 0e 58 5d | e3 61 ae bf 70 79 a8 ab 35 fe 00 08 c4 93 dd 45 | 2e ba 2e 12 86 de 0e 35 58 7b 3a f6 5a fc 24 be | 4e f1 b0 79 52 e5 88 d2 ac 1b b9 27 ac df 99 0d | 25 e5 08 7c 64 13 1d 8d f5 80 b5 ad 17 57 a9 43 | 4a 60 02 15 71 f6 d8 72 c4 14 ca 2b 4d 91 51 99 | 9d 91 ea 2e 65 33 ee c1 11 98 c2 89 b8 7e df 64 | 30 96 5a 36 d6 44 ba 1e 03 c3 45 69 93 ae 30 c0 | 43 41 d0 c6 1e b8 b9 85 6c f9 42 c4 04 d0 a2 cf | 28 eb 9c 93 19 ff ec cd aa 52 bd 87 6d 47 7f 97 | 47 bc db 67 58 a4 57 5f bd 5b 34 12 32 94 7e e6 | 87 03 03 a8 64 be f1 22 11 a8 78 bf ff 10 cf 22 | 81 9b a9 7b 03 4d 9a e4 9e 56 97 ce 5c 3c f6 73 | 5f b9 ec 8f 2b 48 f4 95 06 02 73 5f bb 43 0c 6a | cf 9a 72 9c 1c 62 54 44 3a f5 c0 3c 4d 81 c5 28 | 75 f7 13 86 8b a5 76 e6 0f 4c b1 a4 d4 ca ab ed | 16 62 5f 60 c4 55 4b ee 6c 55 56 95 05 da 4c 41 | b8 36 d8 fb 9b 59 d4 6d 6b 08 c3 9e 76 19 de 20 | 2a bd f9 48 39 2f 36 5c ca 2e d7 4a d0 aa e9 46 | 0e aa a5 94 91 8e 5e 00 1d 7e 93 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 2b ee 1b d5 57 47 a7 6b be e0 54 af | 21 91 b8 be a3 0e ad e4 49 58 90 03 91 ac 5b 64 | 14 f0 31 61 5d 97 1b 3b 38 43 49 99 43 03 2e 4c | 69 1d d8 57 eb bd 51 e4 8d 6a 89 69 c1 fc 32 04 | f6 b6 3d 0f 3d 3b 96 0e f7 e1 f3 b3 46 fa 99 0a | 29 98 1d cf b3 1d d6 40 ec e8 87 78 b2 ff 6d 18 | f0 8d 60 a3 06 7d 00 2b 99 89 2d d5 71 c7 ec fa | 89 f3 90 72 3e 42 a4 0d 68 56 fc c8 03 3f 3b 37 | 4b 99 cd 61 13 bc 33 4a 5a 41 19 a3 5d b8 44 c9 | f7 a8 c1 c1 fa ef 65 c9 82 e8 44 99 9e 5f 55 3f | f3 d9 36 a2 19 e2 56 f9 9a ca d2 f6 45 13 53 ac | 2b c0 fd 93 30 78 87 05 2f f7 9a 30 5d ae 0d 10 | 31 da 93 74 a1 0b 9b 66 e6 b5 2e 2f a6 53 26 ab | e8 a1 43 2e 1b 18 ee a9 76 c7 4e 04 24 23 11 8b | d1 14 32 4b fb 64 ec 04 1f 33 8e e9 70 b9 ab 0f | 8f dc c3 0c e8 d5 f7 10 5c 15 bc 54 d9 4b 11 d7 | 20 fa 38 f8 0f 4f 0b f0 cb 71 31 8b c6 de 92 79 | b8 53 bb 63 68 54 5d 61 53 e4 e8 83 19 69 9a 8f | 85 cc fe dc 8e c6 d0 de 08 2f c9 c3 09 f5 fc 20 | 2b ae 7b 74 9a f8 51 d5 a2 99 c3 48 5a a9 7b f2 | 49 e2 f4 d9 52 6d 57 4a 5f 20 96 b0 19 d6 a7 c1 | cf 46 c6 da cf 77 e7 58 0f 6a 7a 6d bf be 0f 4a | 94 39 d2 5f 5b 1a de 88 71 79 18 8f 8b 65 67 bd | 3a 87 17 8e ce af 1f 07 9c 1c 3f 90 fb d9 51 c7 | 3c 3b 7c ff e5 29 e3 a6 50 79 25 22 ea 71 60 79 | c7 52 a7 9d 01 d7 05 44 46 a0 02 46 84 a1 34 54 | 9b 75 dd f2 8f 73 4e a2 df 79 92 b3 5b 1a 59 7c | de 2e 4f 79 f0 82 7b fa 59 4c 2a 05 86 a4 1b fa | 1a 80 bd f6 b4 2e 9f ee 8f 76 4f 34 f1 60 69 ca | b6 7c db 42 69 a0 ba 39 00 e1 70 12 59 a4 42 a5 | 35 04 82 44 0b f5 c1 89 55 30 d6 74 b6 7d e5 ae | bd 20 09 88 7c 07 1b 1c 43 5d ad | sending 231 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 35 20 23 08 00 00 00 01 00 00 00 e7 00 00 00 cb | 00 05 00 05 d4 77 4e 9f 7a 22 ae 0d bb ee b4 07 | 59 28 63 9a f2 76 fe 05 86 0f b6 be 75 26 df 00 | 6d 29 28 c4 4b 6e 11 a6 dc ec ef 95 7c f2 08 36 | 23 86 08 f3 a9 26 d6 82 f7 db 85 db f2 7e 05 5f | 33 13 a2 cf ee 92 ea d5 b6 36 d4 57 88 ec 57 ec | 21 80 89 7c 4f 0b d0 3b e8 cc 2c dc 5e d9 4d d3 | 0e f8 81 c2 8f 04 d9 43 24 db ec fe 33 13 f3 28 | 33 e6 a3 45 aa ac 7a d2 30 6a 24 da 2c 85 8f ac | bf cb 27 b7 21 a5 cc e0 27 62 f3 2b 51 54 cd f7 | a7 f1 a0 2a d3 1f dc 10 24 87 8f c2 11 05 9e d1 | 15 f0 fa f3 b7 fe 3d fe 8f af 6c 63 2e 3b 30 e1 | f8 19 94 b0 97 37 5b ce 9a 63 67 ca c2 ee 9d 93 | 25 35 b1 c9 b3 b1 15 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-kuCritical" #20: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60c620 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f2080006170 size 128 | #20 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49002.906834 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 7 milliseconds in resume sending helper answer | stop processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2078006170 | spent 0.00213 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | bc 84 e7 d8 82 85 47 bd 63 2a 35 34 44 3f fc 53 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 61 df 65 2d d4 9b 77 55 a5 5c 45 2b 5a 1a b4 ea | ae 5a 8f 7a 17 5d d8 28 27 e0 78 f9 54 4e 2b 5f | b3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | bc 84 e7 d8 82 85 47 bd | responder cookie: | 63 2a 35 34 44 3f fc 53 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #19 in PARENT_I2 (find_v2_ike_sa) | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #20 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #20 is idle | #20 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #20 in state PARENT_I2: sent v2I2, expected v2R2 | #20 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-kuCritical" #20: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #19 ikev2.ike failed auth-failed "west-kuCritical" #20: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #20 fd@25 .st_dev=9 .st_ino=1705750 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #19 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2080006170 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60c620 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60c620 | inserting event EVENT_RETRANSMIT, timeout in 59.996774 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f2080006170 size 128 "west-kuCritical" #20: STATE_PARENT_I2: suppressing retransmits; will wait 59.996774 seconds for retry | #20 spent 0.0636 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.214 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.224 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-kuCritical" (in terminate_a_connection() at terminate.c:69) "west-kuCritical": terminating SAs using this connection | connection 'west-kuCritical' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #20 | suspend processing: connection "west-kuCritical" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #20 ikev2.child deleted other | #20 spent 0.0636 milliseconds in total | [RE]START processing: state #20 connection "west-kuCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-kuCritical" #20: deleting state (STATE_PARENT_I2) aged 0.070s and NOT sending notification | child state #20: PARENT_I2(open IKE SA) => delete | child state #20: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #20 requesting EVENT_RETRANSMIT to be deleted | #20 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2080006170 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60c620 | priority calculation of connection "west-kuCritical" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-kuCritical" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-kuCritical | State DB: deleting IKEv2 state #20 in CHILDSA_DEL | child state #20: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #19 | start processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #19 ikev2.ike deleted auth-failed | #19 spent 10.9 milliseconds in total | [RE]START processing: state #19 connection "west-kuCritical" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-kuCritical" #19: deleting state (STATE_PARENT_I2) aged 0.077s and NOT sending notification | parent state #19: PARENT_I2(open IKE SA) => delete | state #19 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f20840012f0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a5c9aa0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-kuCritical | State DB: deleting IKEv2 state #19 in PARENT_I2 | parent state #19: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #19 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-kuCritical" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-kuCritical' wasn't on the list | stop processing: connection "west-kuCritical" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.277 milliseconds in whack | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00516 milliseconds in global timer EVENT_SHUNT_SCAN | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-kuOmit" (in initiate_a_connection() at initiate.c:186) | connection 'west-kuOmit' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #21 at 0x56366a5a3770 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-kuOmit" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-kuOmit" IKE SA #21 "west-kuOmit" "west-kuOmit" #21: initiating v2 parent SA | constructing local IKE proposals for west-kuOmit (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-kuOmit": constructed local IKE proposals for west-kuOmit (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 21 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a60c620 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f2080006170 size 128 | #21 spent 0.149 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-kuOmit" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.218 milliseconds in whack | crypto helper 5 resuming | crypto helper 5 starting work-order 21 for state #21 | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 21 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 21 time elapsed 0.000847 seconds | (#21) spent 0.85 milliseconds in crypto helper computing work-order 21: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 21 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f207c001350 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 21 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #21 | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-kuOmit (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 8e 34 19 e9 4e 72 e7 8f 48 72 2a 42 e7 3b 05 f3 | ikev2 g^x 01 09 15 16 96 96 17 1d df ec 12 a3 87 56 58 d2 | ikev2 g^x 69 d1 64 e7 46 1f 6b 74 6c 45 55 1a eb 74 4e 44 | ikev2 g^x 85 65 5b 56 d6 5b f9 b2 ef 8d c4 dc ff e9 1f 90 | ikev2 g^x cd 49 31 40 f8 0d d3 5e a2 53 d7 8d 3b 01 1f 0d | ikev2 g^x f8 bf 02 5b ff 25 6b b2 0f 4c 4d a7 58 63 ab cb | ikev2 g^x 0b 16 b8 6f e7 a5 76 4c c1 cb e0 db cf 2c ff 12 | ikev2 g^x 2f d5 61 07 48 07 57 e9 02 d9 a4 b4 0c 30 83 f1 | ikev2 g^x 8b 28 9a 28 00 88 64 5e 2a 70 21 9d 9f bc fe 71 | ikev2 g^x 1f 20 e6 5a 2c 9d 61 c3 f2 04 87 7a 74 2c 9b 38 | ikev2 g^x e6 0b 52 81 e6 12 95 1e 3d c9 38 58 06 0b 2c dd | ikev2 g^x 54 d5 86 46 88 e2 4e 12 78 de 27 94 d7 f4 3f 33 | ikev2 g^x c8 26 20 64 9b 6e 29 89 0d fa 08 26 24 e2 22 1d | ikev2 g^x 2c db d4 1a fd db 76 78 42 cd 19 d8 fd 4d 83 80 | ikev2 g^x 4b ce 6d 3b e0 e4 91 f6 82 3c ec 2a f8 ef 53 17 | ikev2 g^x 07 97 b0 83 45 86 fa 2e e6 70 04 4e 69 02 88 82 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 33 4e ea 6a e5 30 d7 3c 0b 00 14 24 f4 90 20 ee | IKEv2 nonce fe 7f 64 18 71 e2 7b 64 67 f8 96 f5 50 6f 02 0e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ec 06 2d 4a 5f 55 a3 f0 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9d 2f da 56 ee 7b 2c c5 a7 7d d6 c0 1d 51 6b 2a | natd_hash: hash= d3 94 46 24 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9d 2f da 56 ee 7b 2c c5 a7 7d d6 c0 1d 51 6b 2a | Notify data d3 94 46 24 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ec 06 2d 4a 5f 55 a3 f0 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= ca 20 01 f7 6b c4 cf 83 43 8d 43 a9 63 a6 4e f0 | natd_hash: hash= f9 42 b7 3e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ca 20 01 f7 6b c4 cf 83 43 8d 43 a9 63 a6 4e f0 | Notify data f9 42 b7 3e | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #21: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #21 to 4294967295 after switching state | Message ID: IKE #21 skipping update_recv as MD is fake | Message ID: sent #21 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-kuOmit" #21: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | ec 06 2d 4a 5f 55 a3 f0 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 8e 34 19 e9 4e 72 e7 8f | 48 72 2a 42 e7 3b 05 f3 01 09 15 16 96 96 17 1d | df ec 12 a3 87 56 58 d2 69 d1 64 e7 46 1f 6b 74 | 6c 45 55 1a eb 74 4e 44 85 65 5b 56 d6 5b f9 b2 | ef 8d c4 dc ff e9 1f 90 cd 49 31 40 f8 0d d3 5e | a2 53 d7 8d 3b 01 1f 0d f8 bf 02 5b ff 25 6b b2 | 0f 4c 4d a7 58 63 ab cb 0b 16 b8 6f e7 a5 76 4c | c1 cb e0 db cf 2c ff 12 2f d5 61 07 48 07 57 e9 | 02 d9 a4 b4 0c 30 83 f1 8b 28 9a 28 00 88 64 5e | 2a 70 21 9d 9f bc fe 71 1f 20 e6 5a 2c 9d 61 c3 | f2 04 87 7a 74 2c 9b 38 e6 0b 52 81 e6 12 95 1e | 3d c9 38 58 06 0b 2c dd 54 d5 86 46 88 e2 4e 12 | 78 de 27 94 d7 f4 3f 33 c8 26 20 64 9b 6e 29 89 | 0d fa 08 26 24 e2 22 1d 2c db d4 1a fd db 76 78 | 42 cd 19 d8 fd 4d 83 80 4b ce 6d 3b e0 e4 91 f6 | 82 3c ec 2a f8 ef 53 17 07 97 b0 83 45 86 fa 2e | e6 70 04 4e 69 02 88 82 29 00 00 24 33 4e ea 6a | e5 30 d7 3c 0b 00 14 24 f4 90 20 ee fe 7f 64 18 | 71 e2 7b 64 67 f8 96 f5 50 6f 02 0e 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 9d 2f da 56 | ee 7b 2c c5 a7 7d d6 c0 1d 51 6b 2a d3 94 46 24 | 00 00 00 1c 00 00 40 05 ca 20 01 f7 6b c4 cf 83 | 43 8d 43 a9 63 a6 4e f0 f9 42 b7 3e | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2080006170 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a60c620 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-kuOmit" #21: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60c620 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f2080006170 size 128 | #21 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49005.115506 | resume sending helper answer for #21 suppresed complete_v2_state_transition() and stole MD | #21 spent 1.58 milliseconds in resume sending helper answer | stop processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f207c001350 | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 b4 03 77 92 | 75 2f 7f b3 0e e9 c0 3c 9e c0 62 2a 97 26 79 46 | 1f fd 36 05 ca fd 5b 67 c0 14 f8 ba 02 00 2b 18 | 13 86 7c 8a 5b 75 01 75 b6 00 1b 55 93 50 e6 8a | 31 4c 45 2a 00 47 4c d5 01 2e 94 8c c3 61 7a 91 | ad 6a 82 e3 f4 87 2c bc 3a dd 23 3d 6e e1 de 73 | 56 41 ae bf 63 6a 86 c7 03 f7 85 f7 8e 1d cd a7 | 1d 23 5c 1f 8e 0b 5f 08 41 90 b6 3e 1a 5e 75 19 | f9 70 56 4a a6 73 50 36 6c d3 fc f3 a6 db ab 95 | 86 15 0b 83 46 95 6a f1 09 1f a2 ce 82 5c 41 da | 7b f6 6c 7e fc fd 86 99 6a 88 d1 46 9b 6c 5c c7 | c1 37 fd 31 20 9d 6e 7e 2b e8 a2 de 04 17 36 ab | 19 53 2a 4d 20 8b 7d c1 8e fe fb 7b 7a 17 7c bd | fa fe e9 fc 2a 4b 86 96 3c da de 49 ee e2 07 5a | ce 6b b2 cb cf d9 76 a4 94 5c 8f 08 73 c1 24 eb | 69 19 70 31 73 b3 0f 52 ae 1c a2 ff 9a 2e e3 35 | dd f0 6b d7 7f b7 01 89 d5 e2 75 6d 29 00 00 24 | 7f d9 aa 1d 36 78 81 4d c4 17 32 e1 08 91 0e 1d | 19 2f 75 a5 c7 b1 70 82 df fd 36 e9 7a 6a d0 84 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | e3 b8 e5 02 e7 47 08 3d 4b 42 c3 8a 6c 71 19 a2 | ef 63 2e f6 26 00 00 1c 00 00 40 05 fa d5 2e cc | aa c9 2a 78 8c 02 fb be fd 01 26 13 11 c3 a0 97 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #21 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #21 is idle | #21 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #21 IKE SPIi and SPI[ir] | #21 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-kuOmit (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ec 06 2d 4a 5f 55 a3 f0 | natd_hash: rcookie= 3b dd cf fb 29 bb fb 55 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= fa d5 2e cc aa c9 2a 78 8c 02 fb be fd 01 26 13 | natd_hash: hash= 11 c3 a0 97 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= ec 06 2d 4a 5f 55 a3 f0 | natd_hash: rcookie= 3b dd cf fb 29 bb fb 55 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e3 b8 e5 02 e7 47 08 3d 4b 42 c3 8a 6c 71 19 a2 | natd_hash: hash= ef 63 2e f6 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 22 for state #21 | state #21 requesting EVENT_RETRANSMIT to be deleted | #21 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2080006170 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60c620 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a60c620 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f207c001350 size 128 | #21 spent 0.222 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-kuOmit" #21 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.481 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.494 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 22 for state #21 | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 time elapsed 0.001352 seconds | (#21) spent 1.35 milliseconds in crypto helper computing work-order 22: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 22 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 22 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #21: calculating g^{xy}, sending I2 | creating state object #22 at 0x56366a5c49b0 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "west-kuOmit" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.45:500 from #21.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #21.#22; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f207c001350 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a60c620 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a60c620 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f207c001350 size 128 | parent state #21: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 197 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 c2 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2a 30 28 06 03 55 04 03 0c 21 77 65 73 | my identity 74 2d 6b 75 4f 6d 69 74 2e 74 65 73 74 69 6e 67 | my identity 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 35 | my identity 30 33 06 09 2a 86 48 86 f7 0d 01 09 01 16 26 75 | my identity 73 65 72 2d 77 65 73 74 2d 6b 75 4f 6d 69 74 40 | my identity 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | my identity 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 205 | Sending [CERT] of certificate: E=user-west-kuOmit@testing.libreswan.org,CN=west-kuOmit.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1232 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 cc 30 82 04 35 a0 03 02 01 02 02 01 0f | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 c2 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 2a 30 28 06 03 55 04 03 0c 21 77 | CERT 65 73 74 2d 6b 75 4f 6d 69 74 2e 74 65 73 74 69 | CERT 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | CERT 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 01 16 | CERT 26 75 73 65 72 2d 77 65 73 74 2d 6b 75 4f 6d 69 | CERT 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f 00 30 | CERT 82 01 8a 02 82 01 81 00 ae de d9 0d d8 c7 06 eb | CERT ff 6b 8f 65 bf ea c3 98 c1 55 59 c6 6e 75 c4 41 | CERT 18 f1 15 3b 63 74 55 b5 6d 0e a5 ca d1 8c 9b d7 | CERT 37 8c 4b 6f 42 0c 49 6c 84 1c d5 c4 4a 43 fa 93 | CERT 14 4e 25 db 7b e7 44 a4 7b 99 4b 2f a9 65 e3 06 | CERT 80 97 71 da 45 c8 22 12 76 35 bb 69 51 15 56 30 | CERT b5 2c 35 87 48 83 a0 a7 d4 bb e8 f6 f7 13 7a 5b | CERT c1 67 13 55 8f d5 07 cc 85 6a b0 dd 51 e1 6c b3 | CERT 8a fc 1b de 7d ac 5a df 7f 88 90 3c be b5 86 65 | CERT 76 7e 7b ae be 22 1c 62 82 be 7b 6e 32 32 4d b4 | CERT 39 90 4a e8 91 b4 f7 e1 23 6d 1e bb 29 4e 13 46 | CERT 93 82 fb 12 01 0c fe 68 58 97 48 e9 ba 04 79 12 | CERT 07 45 68 86 0d 67 a0 35 37 a2 7d 8c ff 31 8e 05 | CERT 31 bf 7e 7b e5 d1 e0 a9 6c 85 99 41 b2 47 e5 f3 | CERT f2 4f a5 0a 4c 48 93 0f 90 2b 55 ca 35 02 5d 86 | CERT 98 60 b5 b9 66 8f 71 39 9b c1 55 43 dd b5 1a 36 | CERT 49 e3 41 8c da 16 48 ba 37 8d 61 29 b1 54 ae bc | CERT 0c ca ce e2 db d4 55 1d fb ea e2 cd 23 44 1f d0 | CERT 2a f9 a1 e2 93 26 76 3d 6c dc 1e ce 49 63 b1 6b | CERT d0 ac bd 59 7f 03 14 70 3d cb be 53 5c 0d 01 5a | CERT e5 a4 42 93 bc 31 52 5d 4a 9a b8 95 30 ac 5b 6b | CERT 3f 28 4e e4 bc 11 21 26 60 13 9a ae 65 1d 76 42 | CERT 60 49 3e e1 14 13 4f 1f cf 49 57 78 d7 21 ef aa | CERT 7c f5 a9 51 46 c4 bd 5a f4 da 8c a4 65 e2 57 a4 | CERT b9 d9 a5 cc 61 58 0c 6b 02 03 01 00 01 a3 81 dd | CERT 30 81 da 30 09 06 03 55 1d 13 04 02 30 00 30 2c | CERT 06 03 55 1d 11 04 25 30 23 82 21 77 65 73 74 2d | CERT 6b 75 4f 6d 69 74 2e 74 65 73 74 69 6e 67 2e 6c | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 1d 06 03 | CERT 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 | CERT 01 06 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b | CERT 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 2b | CERT 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f | CERT 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d | CERT 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 | CERT 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 | CERT 2b c0 1f f4 a3 cc 76 4b 73 7c bf e5 bc e6 3a 74 | CERT 87 6c f0 67 a7 96 87 5d ba 21 71 87 01 dc f7 23 | CERT 3e 08 99 96 9f 5d ff 54 73 10 13 e5 72 1a f0 b4 | CERT 8d b6 d1 af 92 ed f5 fc f3 4d 40 a7 03 f1 b7 22 | CERT bc f1 fb 56 87 71 20 c4 73 4c ac 72 a3 e6 8c 4e | CERT 39 13 77 43 40 4f aa e6 ce e2 a6 3e ef a7 0a eb | CERT bf 90 f1 95 95 7d c7 a6 52 36 dd 97 54 bc 98 e6 | CERT a0 61 6b 09 0f 91 dc d2 f2 6f ab e1 82 52 23 e4 | emitting length of IKEv2 Certificate Payload: 1237 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-kuOmit.testing.libreswan.org, E=user-west-kuOmit@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAdlAH vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAa7e2 | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAa7e2 | private key for cert west-kuOmit not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAa7e2 vs PKK_RSA:AwEAAa7e2 | #21 spent 9.84 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 5f bb 4b 36 d5 a7 7d 0f 55 ce 2c 25 c4 fd 9f d7 | rsa signature bc f7 3c 3f c1 db 8e 14 ab 58 6c bc d9 1f 23 25 | rsa signature 97 60 eb a5 ff 13 63 a7 2d dc 10 62 3d dc b9 a6 | rsa signature 68 f2 64 8b 2b 58 c6 f2 ac fc ea 4b 08 fe 2b 74 | rsa signature 43 62 7c 2d f4 4c 34 d9 58 25 30 7b 50 b3 e2 35 | rsa signature 37 46 c2 41 47 e6 51 54 b1 38 c0 e1 96 81 0e 67 | rsa signature 6c 1f 72 b5 ca ed fb 50 ac 52 5f 99 c4 6a 7d 1c | rsa signature 5d d4 7d 67 1d ac 7c e6 3c a1 ae 68 0c eb 28 ea | rsa signature bc ae a1 dc 9a a3 d1 70 59 fa 21 7c 00 69 e5 5d | rsa signature ed f0 20 5f cf be 5d ba da 87 81 e1 cd 8e 60 c4 | rsa signature 9c 22 ff 61 1a 04 8e fb 74 a6 81 9c de e6 49 49 | rsa signature 74 57 cf 09 ae ba 94 d2 ab f2 20 15 d5 01 fc 12 | rsa signature 79 1b 09 f2 fd 32 55 b9 a3 c6 71 c5 69 f9 b2 d8 | rsa signature 9c 1f 0a ed f6 27 eb 93 f5 fa 88 a8 3d 37 09 06 | rsa signature 86 77 83 5b a0 e0 5c 07 ad 29 87 a8 78 7f de 88 | rsa signature d3 50 b0 74 b3 df db 87 ce 4d 67 d6 fc 01 99 c8 | rsa signature 71 6c 1a b9 78 33 4c cb e3 82 a8 61 bc 39 ad d2 | rsa signature c1 84 9b 2c 4c 11 bc 6f 69 96 4f 9b c4 9d 20 84 | rsa signature ee 90 68 b0 a6 72 c8 49 82 aa 6e ac 9a f1 2e 97 | rsa signature 8d 53 c3 71 22 70 a5 e5 60 b5 52 46 3f 62 5f 0d | rsa signature fc db 80 ac f4 ab 15 0c 4f 1c e2 af 4e ca 77 c0 | rsa signature e1 df cf aa e1 dd 81 27 85 d7 35 1c 73 30 95 92 | rsa signature b4 9e 33 f5 e6 c4 e3 33 61 d4 69 93 c4 a9 f8 3f | rsa signature c5 77 e9 bd 41 a4 69 38 bb 45 ca 95 ae f9 a2 04 | #21 spent 10.2 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #21 | netlink_get_spi: allocated 0x159f30bb for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-kuOmit (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-kuOmit": constructed local ESP/AH proposals for west-kuOmit (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 9f 30 bb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 9f 30 bb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 9f 30 bb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 9f 30 bb | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2075 | emitting length of ISAKMP Message: 2103 | **parse ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2103 (0x837) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2075 (0x81b) | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 cd 09 00 00 00 30 81 c2 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2a 30 28 06 03 | cleartext fragment 55 04 03 0c 21 77 65 73 74 2d 6b 75 4f 6d 69 74 | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 31 35 30 33 06 09 2a 86 48 86 | cleartext fragment f7 0d 01 09 01 16 26 75 73 65 72 2d 77 65 73 74 | cleartext fragment 2d 6b 75 4f 6d 69 74 40 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 00 04 | cleartext fragment d5 04 30 82 04 cc 30 82 04 35 a0 03 02 01 02 02 | cleartext fragment 01 0f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 | cleartext fragment 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 | cleartext fragment 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 | cleartext fragment 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f | cleartext fragment 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 | cleartext fragment 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 | cleartext fragment 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d | cleartext fragment 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 | cleartext fragment 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 | cleartext fragment 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 | cleartext fragment 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 | cleartext fragment 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 | cleartext fragment 34 35 39 5a 30 81 c2 31 0b 30 09 06 03 55 04 06 | cleartext fragment 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 | cleartext fragment 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 | cleartext fragment 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 | cleartext fragment 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 | cleartext fragment 70 61 72 74 6d 65 6e 74 31 2a 30 28 06 03 55 04 | cleartext fragment 03 0c 21 77 65 73 74 2d 6b 75 4f 6d 69 74 2e 74 | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | cleartext fragment 2e 6f 72 67 31 35 30 33 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 09 01 16 26 75 73 65 72 2d 77 65 73 74 2d 6b | cleartext fragment 75 4f 6d 69 74 40 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | cleartext fragment 01 8f 00 30 82 01 8a 02 82 01 81 00 ae de d9 0d | cleartext fragment d8 c7 06 eb ff 6b 8f 65 bf ea c3 98 c1 55 59 c6 | cleartext fragment 6e 75 c4 41 18 f1 15 3b 63 74 55 b5 6d 0e a5 ca | cleartext fragment d1 8c 9b d7 37 8c 4b 6f 42 0c 49 6c 84 1c d5 c4 | cleartext fragment 4a 43 fa 93 14 4e 25 db 7b e7 44 a4 7b 99 4b 2f | cleartext fragment a9 65 e3 06 80 97 71 da 45 c8 22 12 76 35 bb 69 | cleartext fragment 51 15 56 30 b5 2c 35 87 48 83 a0 a7 d4 bb e8 f6 | cleartext fragment f7 13 7a 5b c1 67 13 55 8f d5 07 cc 85 6a b0 dd | cleartext fragment 51 e1 6c b3 8a fc 1b de 7d ac 5a df 7f 88 90 3c | cleartext fragment be b5 86 65 76 7e 7b ae be 22 1c 62 82 be 7b 6e | cleartext fragment 32 32 4d b4 39 90 4a e8 91 b4 f7 e1 23 6d 1e bb | cleartext fragment 29 4e 13 46 93 82 fb 12 01 0c fe 68 58 97 48 e9 | cleartext fragment ba 04 79 12 07 45 68 86 0d 67 a0 35 37 a2 7d 8c | cleartext fragment ff 31 8e 05 31 bf 7e 7b e5 d1 e0 a9 6c 85 99 41 | cleartext fragment b2 47 e5 f3 f2 4f a5 0a 4c 48 93 0f 90 2b 55 ca | cleartext fragment 35 02 5d 86 98 60 b5 b9 66 8f 71 39 9b c1 55 43 | cleartext fragment dd b5 1a 36 49 e3 41 8c da 16 48 ba 37 8d 61 29 | cleartext fragment b1 54 ae bc 0c ca ce e2 db d4 55 1d fb ea | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment e2 cd 23 44 1f d0 2a f9 a1 e2 93 26 76 3d 6c dc | cleartext fragment 1e ce 49 63 b1 6b d0 ac bd 59 7f 03 14 70 3d cb | cleartext fragment be 53 5c 0d 01 5a e5 a4 42 93 bc 31 52 5d 4a 9a | cleartext fragment b8 95 30 ac 5b 6b 3f 28 4e e4 bc 11 21 26 60 13 | cleartext fragment 9a ae 65 1d 76 42 60 49 3e e1 14 13 4f 1f cf 49 | cleartext fragment 57 78 d7 21 ef aa 7c f5 a9 51 46 c4 bd 5a f4 da | cleartext fragment 8c a4 65 e2 57 a4 b9 d9 a5 cc 61 58 0c 6b 02 03 | cleartext fragment 01 00 01 a3 81 dd 30 81 da 30 09 06 03 55 1d 13 | cleartext fragment 04 02 30 00 30 2c 06 03 55 1d 11 04 25 30 23 82 | cleartext fragment 21 77 65 73 74 2d 6b 75 4f 6d 69 74 2e 74 65 73 | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b | cleartext fragment 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 | cleartext fragment 02 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 | cleartext fragment 33 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 | cleartext fragment 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a | cleartext fragment 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 | cleartext fragment 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 | cleartext fragment 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e | cleartext fragment 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b | cleartext fragment 05 00 03 81 81 00 2b c0 1f f4 a3 cc 76 4b 73 7c | cleartext fragment bf e5 bc e6 3a 74 87 6c f0 67 a7 96 87 5d ba 21 | cleartext fragment 71 87 01 dc f7 23 3e 08 99 96 9f 5d ff 54 73 10 | cleartext fragment 13 e5 72 1a f0 b4 8d b6 d1 af 92 ed f5 fc f3 4d | cleartext fragment 40 a7 03 f1 b7 22 bc f1 fb 56 87 71 20 c4 73 4c | cleartext fragment ac 72 a3 e6 8c 4e 39 13 77 43 40 4f aa e6 ce e2 | cleartext fragment a6 3e ef a7 0a eb bf 90 f1 95 95 7d c7 a6 52 36 | cleartext fragment dd 97 54 bc 98 e6 a0 61 6b 09 0f 91 dc d2 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment f2 6f ab e1 82 52 23 e4 21 00 01 88 01 00 00 00 | cleartext fragment 5f bb 4b 36 d5 a7 7d 0f 55 ce 2c 25 c4 fd 9f d7 | cleartext fragment bc f7 3c 3f c1 db 8e 14 ab 58 6c bc d9 1f 23 25 | cleartext fragment 97 60 eb a5 ff 13 63 a7 2d dc 10 62 3d dc b9 a6 | cleartext fragment 68 f2 64 8b 2b 58 c6 f2 ac fc ea 4b 08 fe 2b 74 | cleartext fragment 43 62 7c 2d f4 4c 34 d9 58 25 30 7b 50 b3 e2 35 | cleartext fragment 37 46 c2 41 47 e6 51 54 b1 38 c0 e1 96 81 0e 67 | cleartext fragment 6c 1f 72 b5 ca ed fb 50 ac 52 5f 99 c4 6a 7d 1c | cleartext fragment 5d d4 7d 67 1d ac 7c e6 3c a1 ae 68 0c eb 28 ea | cleartext fragment bc ae a1 dc 9a a3 d1 70 59 fa 21 7c 00 69 e5 5d | cleartext fragment ed f0 20 5f cf be 5d ba da 87 81 e1 cd 8e 60 c4 | cleartext fragment 9c 22 ff 61 1a 04 8e fb 74 a6 81 9c de e6 49 49 | cleartext fragment 74 57 cf 09 ae ba 94 d2 ab f2 20 15 d5 01 fc 12 | cleartext fragment 79 1b 09 f2 fd 32 55 b9 a3 c6 71 c5 69 f9 b2 d8 | cleartext fragment 9c 1f 0a ed f6 27 eb 93 f5 fa 88 a8 3d 37 09 06 | cleartext fragment 86 77 83 5b a0 e0 5c 07 ad 29 87 a8 78 7f de 88 | cleartext fragment d3 50 b0 74 b3 df db 87 ce 4d 67 d6 fc 01 99 c8 | cleartext fragment 71 6c 1a b9 78 33 4c cb e3 82 a8 61 bc 39 ad d2 | cleartext fragment c1 84 9b 2c 4c 11 bc 6f 69 96 4f 9b c4 9d 20 84 | cleartext fragment ee 90 68 b0 a6 72 c8 49 82 aa 6e ac 9a f1 2e 97 | cleartext fragment 8d 53 c3 71 22 70 a5 e5 60 b5 52 46 3f 62 5f 0d | cleartext fragment fc db 80 ac f4 ab 15 0c 4f 1c e2 af 4e ca 77 c0 | cleartext fragment e1 df cf aa e1 dd 81 27 85 d7 35 1c 73 30 95 92 | cleartext fragment b4 9e 33 f5 e6 c4 e3 33 61 d4 69 93 c4 a9 f8 3f | cleartext fragment c5 77 e9 bd 41 a4 69 38 bb 45 ca 95 ae f9 a2 04 | cleartext fragment 2c 00 00 a4 02 00 00 20 01 03 04 02 15 9f 30 bb | cleartext fragment 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 | cleartext fragment 05 00 00 00 02 00 00 20 02 03 04 02 15 9f 30 bb | cleartext fragment 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 00 08 | cleartext fragment 05 00 00 00 02 00 00 30 03 03 04 04 15 9f | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 134 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 30 bb 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 15 9f | cleartext fragment 30 bb 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 | cleartext fragment 00 10 00 00 ff ff c0 01 02 2d c0 01 02 2d 00 00 | cleartext fragment 00 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 01 | cleartext fragment 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 167 | emitting length of ISAKMP Message: 195 | suspend processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #22: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #22 to 0 after switching state | Message ID: recv #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #21.#22 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-kuOmit" #22: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 86 cf 40 cf c1 c8 d7 bb a9 fa c1 fa | 07 86 a3 3b 71 78 96 03 0d 5d 04 dc 85 cf ce 93 | 69 25 c2 14 a1 04 17 2c 04 fd c7 32 3a 4a 09 b2 | b0 d5 b1 3c e9 f3 ce 28 7e 06 0c 23 ab 99 42 e2 | 69 05 04 c5 e9 5d 4e 35 4d 8a 3a cd ad 7d aa 31 | b7 0f 75 b5 50 77 18 78 05 20 b3 8b 30 df 22 e6 | a9 41 0c 6c c6 00 03 f6 98 28 88 4b dc 15 9a a4 | 07 2a 33 e2 f4 3d ad cc a9 58 dc c4 f9 89 51 bb | 0c 28 b0 12 74 14 f2 fe 52 b5 ab 77 5c f6 c2 97 | af ac 27 14 65 43 30 68 bc 74 44 cf 8e 4f 6b 82 | ea 73 5c 29 bc 88 49 e5 c4 89 ee d2 47 f3 02 c7 | ba 6c 10 fd f8 90 69 df e1 9d fb 30 9c f8 63 38 | db 4c e7 ee 4c b2 ca e9 2e 75 b2 9e 55 2b 0a f4 | c2 5f 5b 78 97 cd e4 bf 6c 8c 13 46 0b a7 ca 4d | 42 b7 fb b0 7e c5 46 ee ae 48 9f 20 bf b9 cc f6 | f8 ce 6b c6 6d 71 52 c4 81 33 09 fb a0 d2 b0 63 | d1 16 5d ce e4 13 37 ff 16 7b 41 31 95 c0 ad 12 | 9f 67 9d 24 87 a2 21 76 c2 45 61 a5 a2 66 c3 bf | 0d 30 81 79 a8 20 d5 cf 3a ce 84 31 58 a7 a1 6c | 3e 62 e1 23 de c4 f3 7f 75 1e 90 a0 69 c2 08 49 | 14 24 f8 6d 8c 33 3c 59 0d 01 7d 2e d6 56 0a 51 | 55 bf 09 b5 ca 02 c5 f6 3d 80 43 a5 a4 d2 2c 75 | 1d 93 41 fa 77 17 1d 9a c6 f3 9c f4 67 d4 1e 2d | 81 67 65 f9 1d 0e 86 12 e6 18 b5 08 70 d8 df 89 | 92 77 54 ad e6 ff 4d 6a 0d 3a 40 2b a7 0d 21 53 | 59 26 e8 80 8f 8b 0d 58 90 92 2b 53 b0 fe 91 55 | 79 8b 7f 0d 92 3b b6 1d 91 9e de 66 7d 5f b6 e7 | 0f bd f8 99 37 7f 59 cd 91 e9 08 ea 91 67 37 65 | b9 89 98 9a 8d 33 a8 46 e3 28 43 4e bf d0 c1 73 | 3a 32 e3 64 ad 43 d5 a8 b4 d6 e4 4f 98 39 23 f5 | 33 1d 8c 01 22 4b b5 72 39 44 65 91 05 f7 ac 87 | e0 e3 79 49 91 17 db ef 96 c1 b0 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 73 28 c3 ed 6d a6 ba 85 fd 7c 5d 48 | dc cc 06 0d ea 96 81 a0 b8 72 61 2d 0a 7c 9b 4b | b6 21 7b 53 66 2b fe 23 9d a5 2c 2b 91 f1 67 1d | 8a 25 42 13 f9 79 8e 22 66 52 7f 9e 4b 30 e8 ae | 23 1e be e4 4f cc 3d 72 9c fb cb 43 4a d8 6f 2f | 90 a0 2c 0b 44 ac 69 e6 d9 2b 25 06 e6 bc 75 21 | dc 3b 7b b6 6b 7e 83 70 f1 40 9b a5 4e 70 8d 1f | 1f 69 ae ac bd 18 21 6b d5 bc 30 ba 51 88 11 93 | 86 c6 ef 63 49 7d cf 2e 23 8a 03 4a b0 99 a2 c3 | 55 1e 88 2a 9e 17 ca f2 e9 1a 4d c6 66 26 9b e9 | 8c 20 ae 10 a2 79 e6 cf a2 87 fe 4d 1e c9 79 c1 | 3f 9a 2d 96 12 ae 53 f5 ab 0c e4 f9 3b d6 1e 10 | 16 63 2c a3 73 dd 31 1d 5a fd 55 81 c2 69 6d 88 | 05 b4 8b c0 0f 38 02 07 66 84 5a 10 2c c0 a2 ab | 5f 76 42 7e 61 2f 0c ff 07 6a 12 07 99 a4 d4 b2 | 92 15 7c 16 e8 3c aa 4d c9 fa 0c 3d 98 c8 bc 66 | 7b 5c f2 c6 17 c5 ef 4f 41 93 aa 26 fd 3b 6a d4 | a4 27 80 15 79 2f 61 a8 d7 f3 e0 70 ff 88 20 be | 0a fa 13 77 e4 27 3e 07 88 eb 79 fd 82 33 63 1f | 53 04 e1 ca 49 9a e5 a7 2f af 50 4e 0a c4 5d b3 | a2 d8 e2 6d e7 20 63 1e 50 e0 83 5f 87 94 69 6e | fd 9f 35 55 25 db 3d 25 46 b0 cf e0 d9 c8 ec 25 | 72 26 d4 9a e1 52 83 f0 c8 f8 d0 cc a0 d9 03 c8 | 83 56 4a e6 de 2c 97 76 f4 78 8c 5e 4a d9 00 1f | 24 3e f2 a8 d6 b9 cd a3 08 e2 91 83 92 7d 27 c8 | ef 05 dc a0 8b f1 d5 f1 19 32 dc 65 72 08 cd 18 | 13 e0 c6 c0 97 7c 64 b4 0c 61 51 ca f8 59 43 f0 | 83 53 b6 54 6e 39 da c6 19 9c cb 88 dd 87 a1 b7 | 6f b0 f2 85 78 5e 88 de 92 fc db f4 31 e4 75 ec | a0 ec d9 eb 78 cd 74 50 77 91 b0 08 c3 b2 f2 7d | 3a a3 f7 1a f8 43 32 f6 07 72 ab 72 68 49 cf f2 | 58 1d 40 59 4b 5b 97 3b e2 6e d1 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 a6 f9 02 93 72 c3 3f 4d c5 23 1e ee | bc 54 e6 0b 54 8e f0 6d f8 01 df 2e a2 f7 21 49 | dc a2 e5 eb 25 6f fa 16 12 00 03 0e 43 32 d2 11 | 64 cb 14 17 49 14 69 69 68 c0 ee 50 22 c3 7f 85 | 97 46 13 39 3f 72 5b 6c 3c 4a 12 cc fd ad 96 02 | b2 1c 82 ff 5c 24 7c 67 be b0 21 87 8e 7f 4f 5b | c6 6d 8c 87 7c da 9c cf 06 e5 d8 80 dd 50 d3 73 | 10 dc 13 8e f4 fa 03 b5 77 b4 86 14 26 70 29 0b | 2a 79 51 87 6a bf 46 6b ff 92 66 82 00 e0 17 2b | e5 23 49 c9 02 c1 49 1e 03 9a e4 2b 5a c6 3a b1 | c7 e3 32 90 90 30 55 f5 b1 be 7b 29 93 72 6d 94 | 54 0f e5 e8 2e 96 eb 3b ee 56 4e a1 7f ee 40 8c | 67 41 68 0c b0 01 f9 f1 27 bb cf ad cb b0 3e 63 | 92 45 bb f7 8c 76 bb 4d 0f c7 35 ab 4a b2 ba 27 | 37 f8 be 60 bd cf c4 e7 48 11 2e 45 da d3 88 81 | cb 33 ec 6d 07 62 7e 40 0d 57 ef d8 53 fa 10 6e | 43 71 6d ad fb 24 84 d7 57 00 b7 5d de 4d 3d 0b | 5b bf f9 57 69 bc b5 34 38 64 24 cd 55 e5 72 4d | 32 ab 99 f9 1b f1 e0 a5 00 a3 40 49 e3 5a a3 d9 | 79 a9 40 ac 88 13 34 c9 47 b4 93 84 37 3f 06 f0 | ea 96 0a bf 7c 89 40 ed b7 bf 27 b0 1f fa 60 53 | a3 66 1f 5e 81 8c c4 47 f6 af 44 43 93 19 bd 89 | 53 65 ce c3 51 b8 47 61 94 a1 db ba e3 b7 5b b1 | 90 28 ce 5c 1d 5f f7 c6 8b 67 87 87 73 d9 9d c4 | 6b da c1 35 a1 1c 76 48 4e 8f 5f 15 1c 8f 87 43 | e5 f4 23 86 41 07 63 21 cc 87 c8 ef 18 25 af 78 | 91 64 44 d5 09 07 7d 22 24 65 c6 77 6c ae 2a 15 | 33 59 ff 78 78 46 48 43 95 c9 06 10 5c 0a 75 f3 | db ae 9a 42 6a 17 0e f9 c0 a9 aa f2 33 b8 b5 0a | ea fd 3e 63 27 83 df bc 5b 1d 7d d8 69 9e d3 16 | 25 d6 56 f8 7b 42 0f 2f ac 69 9c 29 b1 96 3e 7d | 6e 07 33 5f ab 33 b4 d9 a8 e2 8d | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 fc 0d e4 c4 45 30 28 e4 17 03 f3 32 | 07 c2 8d a7 38 5c a8 07 dd ac 6d bc 01 c7 6d 8a | 89 0d 25 44 0f 15 ca 7e 6c 5f 02 c9 e8 87 ed 14 | 44 78 0c 26 3c 63 39 d8 11 aa b4 de cd 2c 96 91 | f2 08 15 2a 43 5e dd ee b2 90 8d a6 6a 7c 89 1e | fe f9 9d 68 6e bb bd df b5 20 5e 22 32 12 5f 03 | 99 2a 08 f6 bb 64 84 11 48 c9 5c 72 8c 27 e9 01 | 21 34 17 1f 1c 41 95 a9 3a ce 95 39 91 e5 c8 0f | d6 63 ba f1 f1 1d b0 23 1d 30 d4 4a 5d de 42 03 | 47 10 66 92 76 98 fa 80 8a 29 59 bb ea 95 a7 7f | ea ce 07 b9 72 d9 2b 7e 28 a8 f0 e1 d3 1d 2d 10 | 09 ca b3 9e d1 5e a2 93 60 5d 24 7e 46 17 96 b6 | 14 51 12 1d 60 a5 5b b0 08 6a fe 03 dc 90 66 ed | 5e 4d f6 be 1f 2d 1f b4 1f c5 4e 5f 98 af 42 68 | f7 27 9f 55 d0 1d 3a 1a 99 a5 12 e9 bb 99 cb 84 | 66 06 04 5f ae 55 0a bd ec 33 c1 b5 29 c1 7b dc | 19 b1 ff cc 52 e2 da e6 fd 07 a8 a8 a9 39 ad 02 | b7 79 26 b9 12 de b6 99 9c 14 58 90 98 fe ea 3f | 15 da 5d 9d 41 c5 ef b8 f7 ba cd 9c 70 79 22 ef | 84 a6 02 0a c2 9e 88 63 03 35 9f cf f3 86 ca b1 | 45 d5 73 9d e3 3f 77 9b 4f 16 f1 65 be dd 46 97 | db ad 42 fb e0 e9 26 06 70 15 21 96 e7 aa b3 12 | 64 82 66 1f 16 f3 b3 e4 e6 f2 cf d9 8c 2d 2c 57 | 27 ad 50 f0 57 fc 28 94 3d 11 05 42 83 5d 0c 99 | df 8a c0 0d 14 45 48 2a 89 fb 4b 11 78 c4 3b ee | 4e 8b 9b 4d aa 75 de 7f 4e 80 ef 29 c5 b7 b0 2d | bf 61 c6 b0 71 27 d7 b1 98 3e 26 7f 13 10 1e af | 98 2f da 75 2c 97 6c f4 ae 80 27 6f fc c6 31 44 | 45 a9 1b 01 62 6c 74 f2 28 eb 22 4e 71 74 fe be | 60 13 20 9b 03 ce 35 e6 a0 bf 8e 40 15 2e 88 14 | 20 91 6b da 7f 3e 11 53 af 48 d4 38 99 05 de 78 | 7c 73 9d 38 47 ab 27 96 af 82 da | sending 195 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 35 20 23 08 00 00 00 01 00 00 00 c3 00 00 00 a7 | 00 05 00 05 e5 37 f6 20 87 e1 4f f5 b6 b4 14 b7 | 19 1b 1e da b1 e4 f7 f7 22 11 4c e9 2d de a9 d5 | 31 8b 6e 1a 74 4c 43 d2 04 2b ad 2a 00 1b f2 e4 | ad fb a4 5f 95 e8 38 c3 7c d9 b5 c2 2d 91 e9 68 | e0 55 3e cc 42 c0 5d cf 9a 67 aa cf f5 77 25 fb | 79 ee fd 16 50 89 80 83 47 2b bd ac 4a 70 e3 43 | 18 aa f1 7e 01 ab 65 12 fe fa c4 a5 27 95 81 7a | 8c 92 7e 33 78 ca 4c 7c 3c ab a5 36 cf 42 2c 6b | 8c 68 14 4d 4a 24 e6 bf 91 44 32 e2 ea 21 03 56 | bc e3 b5 bf 34 38 a7 da 4b c7 0e f6 9c 0a 80 db | 4c 58 eb | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-kuOmit" #22: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60d4b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f2078006170 size 128 | #22 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49005.133722 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 1.51 milliseconds | #21 spent 12.1 milliseconds in resume sending helper answer | stop processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2090001350 | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ec 06 2d 4a 5f 55 a3 f0 3b dd cf fb 29 bb fb 55 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | bf 72 8c c5 b8 18 84 b1 f8 f5 45 13 d8 78 2c a8 | 90 9c 8d f0 2e c5 64 ef 87 ea 50 50 1e d1 77 89 | 00 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ec 06 2d 4a 5f 55 a3 f0 | responder cookie: | 3b dd cf fb 29 bb fb 55 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #21 in PARENT_I2 (find_v2_ike_sa) | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #22 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #22 is idle | #22 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #22 in state PARENT_I2: sent v2I2, expected v2R2 | #22 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-kuOmit" #22: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #21 ikev2.ike failed auth-failed "west-kuOmit" #22: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #22 fd@25 .st_dev=9 .st_ino=1716703 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #21 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2078006170 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60d4b0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60d4b0 | inserting event EVENT_RETRANSMIT, timeout in 59.995799 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f2078006170 size 128 "west-kuOmit" #22: STATE_PARENT_I2: suppressing retransmits; will wait 59.995799 seconds for retry | #22 spent 0.071 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.222 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.234 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-kuOmit" (in terminate_a_connection() at terminate.c:69) "west-kuOmit": terminating SAs using this connection | connection 'west-kuOmit' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #22 | suspend processing: connection "west-kuOmit" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #22 ikev2.child deleted other | #22 spent 0.071 milliseconds in total | [RE]START processing: state #22 connection "west-kuOmit" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-kuOmit" #22: deleting state (STATE_PARENT_I2) aged 0.080s and NOT sending notification | child state #22: PARENT_I2(open IKE SA) => delete | child state #22: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #22 requesting EVENT_RETRANSMIT to be deleted | #22 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2078006170 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60d4b0 | priority calculation of connection "west-kuOmit" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-kuOmit" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-kuOmit | State DB: deleting IKEv2 state #22 in CHILDSA_DEL | child state #22: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #21 | start processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #21 ikev2.ike deleted auth-failed | #21 spent 16.7 milliseconds in total | [RE]START processing: state #21 connection "west-kuOmit" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-kuOmit" #21: deleting state (STATE_PARENT_I2) aged 0.087s and NOT sending notification | parent state #21: PARENT_I2(open IKE SA) => delete | state #21 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f207c001350 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a60c620 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-kuOmit | State DB: deleting IKEv2 state #21 in PARENT_I2 | parent state #21: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #21 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-kuOmit" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-kuOmit' wasn't on the list | stop processing: connection "west-kuOmit" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.284 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-clientAuth" (in initiate_a_connection() at initiate.c:186) | connection 'west-eku-clientAuth' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #23 at 0x56366a5a3770 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-eku-clientAuth" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-eku-clientAuth" IKE SA #23 "west-eku-clientAuth" "west-eku-clientAuth" #23: initiating v2 parent SA | constructing local IKE proposals for west-eku-clientAuth (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-eku-clientAuth": constructed local IKE proposals for west-eku-clientAuth (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 23 for state #23 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a60d4b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f2078006170 size 128 | #23 spent 0.148 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-eku-clientAuth" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.21 milliseconds in whack | crypto helper 1 resuming | crypto helper 1 starting work-order 23 for state #23 | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 23 | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 23 time elapsed 0.000966 seconds | (#23) spent 0.971 milliseconds in crypto helper computing work-order 23: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 23 for state #23 to event queue | scheduling resume sending helper answer for #23 | libevent_malloc: new ptr-libevent@0x7f2088004f00 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #23 | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 23 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #23 | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-eku-clientAuth (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 23 d7 bc 76 af 90 90 99 11 92 07 86 a8 aa 01 0e | ikev2 g^x 4d e2 99 14 d9 75 12 ba 19 75 a0 59 19 d0 ae e5 | ikev2 g^x 90 cb fd fc 1a 8b d0 4a 51 5a 7c 58 d0 e0 bb 4f | ikev2 g^x 6d 85 7e 93 94 ee e5 ea d7 4f 43 86 cb 22 f7 0e | ikev2 g^x 1d 74 69 ad c6 84 83 f7 2f 15 5f b2 fd ce a6 9d | ikev2 g^x b3 a6 79 b0 a4 dc 75 fa a1 d7 78 2e f5 1c f6 ef | ikev2 g^x 31 0d ba 5d 6f 1f 1c b1 d0 34 75 4f 03 3e 9e 4f | ikev2 g^x 95 d7 30 2f e5 23 a2 5d 07 88 5a f1 23 77 e0 e0 | ikev2 g^x 85 6e ee e1 37 12 c6 2a fb 51 4c 2f a6 51 7f e4 | ikev2 g^x 13 49 1d 61 95 58 41 bc 95 d8 0b ea 71 56 32 5b | ikev2 g^x c9 01 c0 89 81 2a ef 18 5c 26 34 3e 32 f5 bf 2d | ikev2 g^x 9d 68 19 d7 86 1e af 61 22 e9 f5 d5 9c c1 ad fa | ikev2 g^x d0 fd e1 51 96 81 7f 39 55 d4 ba 0d 30 86 7c 32 | ikev2 g^x 26 33 41 2b d9 8f 78 19 28 b8 ce 72 f2 10 cf b7 | ikev2 g^x 79 93 06 b5 a5 36 d4 93 35 4f 67 1e 1d 0a ff 3f | ikev2 g^x 85 58 c3 b1 44 9f 3a 4b b9 69 22 be 60 5a 76 13 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 9e ab 8c c6 48 20 62 75 0e 7a 89 ad d9 4e 41 7b | IKEv2 nonce 26 c7 9f f4 d1 ac 4a cc 1c 45 b5 42 5e a0 64 58 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 3e 0a 8e 5e 73 bb 81 10 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f6 fe 3e 53 bb 8a 9b 5c c2 ae cb 96 a8 d5 38 79 | natd_hash: hash= 1f 5d 56 92 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f6 fe 3e 53 bb 8a 9b 5c c2 ae cb 96 a8 d5 38 79 | Notify data 1f 5d 56 92 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 3e 0a 8e 5e 73 bb 81 10 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 69 6d 04 73 38 e1 bb c5 4d c0 87 e2 57 74 81 ea | natd_hash: hash= d1 ef 74 b4 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 69 6d 04 73 38 e1 bb c5 4d c0 87 e2 57 74 81 ea | Notify data d1 ef 74 b4 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #23: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #23 to 4294967295 after switching state | Message ID: IKE #23 skipping update_recv as MD is fake | Message ID: sent #23 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-eku-clientAuth" #23: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 3e 0a 8e 5e 73 bb 81 10 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 23 d7 bc 76 af 90 90 99 | 11 92 07 86 a8 aa 01 0e 4d e2 99 14 d9 75 12 ba | 19 75 a0 59 19 d0 ae e5 90 cb fd fc 1a 8b d0 4a | 51 5a 7c 58 d0 e0 bb 4f 6d 85 7e 93 94 ee e5 ea | d7 4f 43 86 cb 22 f7 0e 1d 74 69 ad c6 84 83 f7 | 2f 15 5f b2 fd ce a6 9d b3 a6 79 b0 a4 dc 75 fa | a1 d7 78 2e f5 1c f6 ef 31 0d ba 5d 6f 1f 1c b1 | d0 34 75 4f 03 3e 9e 4f 95 d7 30 2f e5 23 a2 5d | 07 88 5a f1 23 77 e0 e0 85 6e ee e1 37 12 c6 2a | fb 51 4c 2f a6 51 7f e4 13 49 1d 61 95 58 41 bc | 95 d8 0b ea 71 56 32 5b c9 01 c0 89 81 2a ef 18 | 5c 26 34 3e 32 f5 bf 2d 9d 68 19 d7 86 1e af 61 | 22 e9 f5 d5 9c c1 ad fa d0 fd e1 51 96 81 7f 39 | 55 d4 ba 0d 30 86 7c 32 26 33 41 2b d9 8f 78 19 | 28 b8 ce 72 f2 10 cf b7 79 93 06 b5 a5 36 d4 93 | 35 4f 67 1e 1d 0a ff 3f 85 58 c3 b1 44 9f 3a 4b | b9 69 22 be 60 5a 76 13 29 00 00 24 9e ab 8c c6 | 48 20 62 75 0e 7a 89 ad d9 4e 41 7b 26 c7 9f f4 | d1 ac 4a cc 1c 45 b5 42 5e a0 64 58 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 f6 fe 3e 53 | bb 8a 9b 5c c2 ae cb 96 a8 d5 38 79 1f 5d 56 92 | 00 00 00 1c 00 00 40 05 69 6d 04 73 38 e1 bb c5 | 4d c0 87 e2 57 74 81 ea d1 ef 74 b4 | state #23 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2078006170 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a60d4b0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-eku-clientAuth" #23: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a60d4b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f2078006170 size 128 | #23 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49007.344397 | resume sending helper answer for #23 suppresed complete_v2_state_transition() and stole MD | #23 spent 1.2 milliseconds in resume sending helper answer | stop processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2088004f00 | spent 0.00224 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 e5 f0 3c 59 | 2d 90 1a 2b 69 08 96 ba 5d 8c fd 3f d6 f7 a1 b7 | 14 fd a6 07 57 e6 bc c0 1e c0 0a 98 5f 66 f3 fc | 73 6e fb fd f1 32 69 78 a5 fd ed 95 96 51 bb 1d | bc c0 48 b8 35 a2 4d 0d 8b 78 81 2e 3b 17 e7 58 | db 53 22 31 c0 71 66 f7 59 c4 f2 85 9e 16 a4 2a | cf d8 98 37 2a 7f 08 6a 4a ca d5 32 67 da 43 c8 | c3 33 a3 df 3c 50 c7 e8 c4 51 a5 e8 61 ac e6 cc | bf aa 38 fb e8 6f 48 80 0f 67 ef 64 22 67 81 e5 | 39 4a a8 d8 85 5e 2d 49 bd fe c5 62 6c c4 0b ea | 6c 09 87 eb a9 58 59 c8 e7 a0 3c 64 29 cd 49 e8 | 9e 29 4c 96 d0 7b 57 fb 15 12 ad 32 93 ba 9a 38 | 68 ce ff 23 2c 29 8a a3 75 fc 04 0f 0f 6b 07 ea | 66 37 79 bd 63 b8 63 a0 ff ce 7f 5b bc d0 f5 f7 | 6c 23 4e 83 7e 66 70 29 54 f3 b7 bf 47 2c 02 ae | 3b 9a 73 46 68 fd a1 c7 f8 76 50 2f ab 31 bb c9 | 7d b3 06 e6 9f 80 46 2b 8a 76 25 06 29 00 00 24 | 24 86 82 3c a2 6c 6f 68 11 07 a2 87 d1 f5 fd cb | c0 d4 dd 2a 07 87 69 a1 11 60 cf d3 07 1e e6 a6 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | db 91 03 ae a2 63 fa 34 29 bb bb b1 0b 87 74 4c | aa f8 2f b7 26 00 00 1c 00 00 40 05 0b 59 69 a1 | 09 ea 05 e0 a8 0c e5 e4 76 f7 e4 32 15 7f 58 ff | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #23 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #23 is idle | #23 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #23 IKE SPIi and SPI[ir] | #23 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-eku-clientAuth (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 3e 0a 8e 5e 73 bb 81 10 | natd_hash: rcookie= 35 79 87 d7 23 ef ba 11 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 0b 59 69 a1 09 ea 05 e0 a8 0c e5 e4 76 f7 e4 32 | natd_hash: hash= 15 7f 58 ff | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 3e 0a 8e 5e 73 bb 81 10 | natd_hash: rcookie= 35 79 87 d7 23 ef ba 11 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= db 91 03 ae a2 63 fa 34 29 bb bb b1 0b 87 74 4c | natd_hash: hash= aa f8 2f b7 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 24 for state #23 | state #23 requesting EVENT_RETRANSMIT to be deleted | #23 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2078006170 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a60d4b0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2088000c20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f2088004f00 size 128 | #23 spent 0.218 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #23 and saving MD | #23 is busy; has a suspended MD | [RE]START processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-eku-clientAuth" #23 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #23 spent 0.463 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.474 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 resuming | crypto helper 4 starting work-order 24 for state #23 | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 24 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 24 time elapsed 0.001417 seconds | (#23) spent 1.36 milliseconds in crypto helper computing work-order 24: ikev2_inR1outI2 KE (pcr) | crypto helper 4 sending results from work-order 24 for state #23 to event queue | scheduling resume sending helper answer for #23 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #23 | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 24 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #23: calculating g^{xy}, sending I2 | creating state object #24 at 0x56366a5c49b0 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.child started | duplicating state object #23 "west-eku-clientAuth" as #24 for IPSEC SA | #24 setting local endpoint to 192.1.2.45:500 from #23.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #23.#24; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #23 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #23.#24 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #23 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2088004f00 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2088000c20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2088000c20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f2088004f00 size 128 | parent state #23: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 213 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 32 30 30 06 03 55 04 03 0c 29 77 65 73 | my identity 74 2d 65 6b 75 2d 63 6c 69 65 6e 74 41 75 74 68 | my identity 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | my identity 61 6e 2e 6f 72 67 31 3d 30 3b 06 09 2a 86 48 86 | my identity f7 0d 01 09 01 16 2e 75 73 65 72 2d 77 65 73 74 | my identity 2d 65 6b 75 2d 63 6c 69 65 6e 74 41 75 74 68 40 | my identity 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | my identity 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 221 | Sending [CERT] of certificate: E=user-west-eku-clientAuth@testing.libreswan.org,CN=west-eku-clientAuth.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1259 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 e7 30 82 04 50 a0 03 02 01 02 02 01 09 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 32 30 30 06 03 55 04 03 0c 29 77 | CERT 65 73 74 2d 65 6b 75 2d 63 6c 69 65 6e 74 41 75 | CERT 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | CERT 73 77 61 6e 2e 6f 72 67 31 3d 30 3b 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 2e 75 73 65 72 2d 77 65 | CERT 73 74 2d 65 6b 75 2d 63 6c 69 65 6e 74 41 75 74 | CERT 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f 00 30 | CERT 82 01 8a 02 82 01 81 00 c3 18 90 ca 70 c2 f0 72 | CERT b6 f3 6e bf 2f c2 1e 74 fb b3 c6 fa 41 8f 96 d1 | CERT 27 4c c5 d4 8c ed 25 50 d6 e9 03 1f 1f 66 0b b9 | CERT d2 17 f8 bd 52 aa b7 8d 5d 3f 22 90 81 ec 05 50 | CERT 50 24 24 72 f5 22 95 a7 0c e6 52 f7 95 53 83 8a | CERT 0d 65 3d ca 92 2a f8 83 d3 09 03 ef 97 f1 ea 07 | CERT f9 17 3f d3 e3 4c 3b f0 bf b7 fc 7b e3 6f 5c 93 | CERT 7d 09 80 95 24 44 6d 74 fa 7f 02 92 08 16 cf 9f | CERT 44 a4 e9 17 97 13 72 cd 44 61 df ec ca 77 9d 0e | CERT 82 f9 b4 24 8b 25 42 17 b0 bc 80 69 38 1c b5 45 | CERT 61 ed 28 0f df d7 76 3b 6e 0b f9 38 3a bb a9 bc | CERT 7d e2 84 77 13 be cf 30 84 a3 fd a8 6d 50 83 40 | CERT f5 b3 bf e5 8e 04 d7 07 07 00 02 b1 3d c8 1f 2a | CERT b3 2b cc 34 18 a4 dd 87 55 9d 13 c3 cf ec 2b 90 | CERT 7e 82 ba 06 55 53 57 56 06 22 1d 75 ce a7 45 0e | CERT be 00 0c 68 35 10 f2 58 10 0c 17 2a 20 3c 9c c1 | CERT 33 c4 9b ba f7 31 de 46 00 7d 84 4a 61 05 61 01 | CERT 49 d4 e8 07 69 59 0b fe 89 f1 48 60 62 a5 57 35 | CERT 9d f6 ef c9 90 cb 5d 14 4f 99 6f 0b 19 e9 df 5b | CERT ff 04 64 aa 0a 9c fb ad 57 67 e9 6d 1a a0 fa eb | CERT 7b 81 d5 9d e6 7f d6 00 3d 4c d4 64 58 58 23 a4 | CERT 99 19 b6 17 f5 18 41 e0 73 2a 13 f9 4c bf 42 29 | CERT 17 28 0c 88 65 98 69 eb f7 f9 ce e2 02 6c 23 fc | CERT d0 47 04 95 be 8c 2e d0 5c 39 e4 28 49 9f d8 87 | CERT 91 6c 60 ab 93 b1 56 a5 02 03 01 00 01 a3 81 e8 | CERT 30 81 e5 30 09 06 03 55 1d 13 04 02 30 00 30 34 | CERT 06 03 55 1d 11 04 2d 30 2b 82 29 77 65 73 74 2d | CERT 65 6b 75 2d 63 6c 69 65 6e 74 41 75 74 68 2e 74 | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | CERT 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 | CERT 80 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 | CERT f7 0d 01 01 0b 05 00 03 81 81 00 48 08 9f 00 fb | CERT fd 64 84 df 0e 4f 47 df d8 13 21 ae a4 be 78 1c | CERT f7 29 7f 00 81 e5 b1 e9 e5 7e 09 cd a1 ce f0 89 | CERT a2 da bf bc 8d 45 f3 dc 16 37 d9 ba 61 92 4c 1e | CERT 84 8f 99 b6 c0 f3 49 68 a1 e4 56 e1 8c 92 58 07 | CERT 6d 05 97 d6 cf 3e ac b3 e4 55 c8 0b 66 2a 70 f2 | CERT b0 f5 29 07 fd 94 06 36 e7 d4 c7 32 f1 3f 05 1d | CERT cb f0 1a e2 71 01 2a 42 46 d1 b7 08 13 08 2c 3a | CERT 06 56 76 78 b1 b1 4b 67 b5 f7 27 | emitting length of IKEv2 Certificate Payload: 1264 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-clientAuth.testing.libreswan.org, E=user-west-eku-clientAuth@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAa7e2 vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAdlAH vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAcMYk | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAcMYk | private key for cert west-eku-clientAuth not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAcMYk vs PKK_RSA:AwEAAcMYk | #23 spent 9.65 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 7a 81 51 fa ba 6d 48 f0 37 cb 08 3e 1b 4a b2 aa | rsa signature 4e a3 e5 ea cc d3 60 31 8c 61 c1 49 0c 9d e9 07 | rsa signature f1 99 01 b2 cf d8 5a 0f 23 6c d2 d4 f9 68 ce 5e | rsa signature f8 3e 67 14 71 32 49 b8 82 06 67 86 26 ff 0a e8 | rsa signature a7 2e 64 b8 10 60 40 a5 b8 8d 04 c8 fb 67 6a b1 | rsa signature e6 03 49 7f bf dd 63 76 37 cc 3b 2a de d2 c2 65 | rsa signature 43 69 19 e1 a1 c9 c7 94 76 f5 5e 80 68 bf 4f ba | rsa signature ab f5 9e 3a e3 07 f2 61 88 c5 ea c1 86 61 55 40 | rsa signature 8d 6b 0d 26 d5 fc 62 70 42 d8 cc e2 cf 86 ec 7b | rsa signature 0b e7 64 a2 63 bc e0 f6 5a 6a 02 01 58 01 14 22 | rsa signature 85 db 2a b6 5b 85 8a 42 40 4b 8f 3a 4a c2 d5 5b | rsa signature 34 3b b4 86 09 08 9d c5 03 00 cf 5c 01 0f 12 45 | rsa signature a4 d2 6e 44 48 20 8c bf c3 11 e9 cb fb bf d1 b2 | rsa signature 65 55 5f bc 4e 0d 1c 15 59 ab bb c8 89 41 db a0 | rsa signature d4 01 c2 59 aa a5 0d 59 1c e9 97 f7 10 7b 72 23 | rsa signature 51 26 2f de 8a 5d 3d d8 31 35 40 9e 92 d0 07 9a | rsa signature b8 d2 b1 c9 38 59 23 39 fa 36 29 99 c0 88 b6 ae | rsa signature b3 32 0b 16 0b 8a 6a a7 b3 0c 2f 41 fa 6f 02 1f | rsa signature a0 fd b3 1f 9e 49 05 f3 32 d8 28 bc c3 43 42 87 | rsa signature b6 94 44 36 3b 16 f2 a3 a1 03 76 3c 2d 75 d7 96 | rsa signature 46 ca 0a 6e fe a8 7f dc cb 4e 7d 0c b1 bd e1 de | rsa signature 8d ea d4 a7 2a 58 41 09 15 63 4f 5f 21 97 66 10 | rsa signature 0b 43 cf de e0 a7 5d a2 70 e8 59 01 0a d8 71 c8 | rsa signature 2e f1 bd d0 dd 1f 9d 86 21 41 82 9e 3e 67 05 2d | #23 spent 10.1 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #23 | netlink_get_spi: allocated 0x9e3adb47 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-eku-clientAuth (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-eku-clientAuth": constructed local ESP/AH proposals for west-eku-clientAuth (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9e 3a db 47 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9e 3a db 47 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9e 3a db 47 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 9e 3a db 47 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2118 | emitting length of ISAKMP Message: 2146 | **parse ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2146 (0x862) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2118 (0x846) | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 dd 09 00 00 00 30 81 d2 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 32 30 30 06 03 | cleartext fragment 55 04 03 0c 29 77 65 73 74 2d 65 6b 75 2d 63 6c | cleartext fragment 69 65 6e 74 41 75 74 68 2e 74 65 73 74 69 6e 67 | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 3d | cleartext fragment 30 3b 06 09 2a 86 48 86 f7 0d 01 09 01 16 2e 75 | cleartext fragment 73 65 72 2d 77 65 73 74 2d 65 6b 75 2d 63 6c 69 | cleartext fragment 65 6e 74 41 75 74 68 40 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 00 04 | cleartext fragment f0 04 30 82 04 e7 30 82 04 50 a0 03 02 01 02 02 | cleartext fragment 01 09 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 | cleartext fragment 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 | cleartext fragment 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 | cleartext fragment 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f | cleartext fragment 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 | cleartext fragment 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 | cleartext fragment 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d | cleartext fragment 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 | cleartext fragment 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 | cleartext fragment 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 | cleartext fragment 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 | cleartext fragment 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 | cleartext fragment 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 | cleartext fragment 34 35 39 5a 30 81 d2 31 0b 30 09 06 03 55 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 | cleartext fragment 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 | cleartext fragment 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 | cleartext fragment 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 | cleartext fragment 70 61 72 74 6d 65 6e 74 31 32 30 30 06 03 55 04 | cleartext fragment 03 0c 29 77 65 73 74 2d 65 6b 75 2d 63 6c 69 65 | cleartext fragment 6e 74 41 75 74 68 2e 74 65 73 74 69 6e 67 2e 6c | cleartext fragment 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 3d 30 3b | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 2e 75 73 65 | cleartext fragment 72 2d 77 65 73 74 2d 65 6b 75 2d 63 6c 69 65 6e | cleartext fragment 74 41 75 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 | cleartext fragment 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | cleartext fragment 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | cleartext fragment 01 8f 00 30 82 01 8a 02 82 01 81 00 c3 18 90 ca | cleartext fragment 70 c2 f0 72 b6 f3 6e bf 2f c2 1e 74 fb b3 c6 fa | cleartext fragment 41 8f 96 d1 27 4c c5 d4 8c ed 25 50 d6 e9 03 1f | cleartext fragment 1f 66 0b b9 d2 17 f8 bd 52 aa b7 8d 5d 3f 22 90 | cleartext fragment 81 ec 05 50 50 24 24 72 f5 22 95 a7 0c e6 52 f7 | cleartext fragment 95 53 83 8a 0d 65 3d ca 92 2a f8 83 d3 09 03 ef | cleartext fragment 97 f1 ea 07 f9 17 3f d3 e3 4c 3b f0 bf b7 fc 7b | cleartext fragment e3 6f 5c 93 7d 09 80 95 24 44 6d 74 fa 7f 02 92 | cleartext fragment 08 16 cf 9f 44 a4 e9 17 97 13 72 cd 44 61 df ec | cleartext fragment ca 77 9d 0e 82 f9 b4 24 8b 25 42 17 b0 bc 80 69 | cleartext fragment 38 1c b5 45 61 ed 28 0f df d7 76 3b 6e 0b f9 38 | cleartext fragment 3a bb a9 bc 7d e2 84 77 13 be cf 30 84 a3 fd a8 | cleartext fragment 6d 50 83 40 f5 b3 bf e5 8e 04 d7 07 07 00 02 b1 | cleartext fragment 3d c8 1f 2a b3 2b cc 34 18 a4 dd 87 55 9d 13 c3 | cleartext fragment cf ec 2b 90 7e 82 ba 06 55 53 57 56 06 22 1d 75 | cleartext fragment ce a7 45 0e be 00 0c 68 35 10 f2 58 10 0c | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 17 2a 20 3c 9c c1 33 c4 9b ba f7 31 de 46 00 7d | cleartext fragment 84 4a 61 05 61 01 49 d4 e8 07 69 59 0b fe 89 f1 | cleartext fragment 48 60 62 a5 57 35 9d f6 ef c9 90 cb 5d 14 4f 99 | cleartext fragment 6f 0b 19 e9 df 5b ff 04 64 aa 0a 9c fb ad 57 67 | cleartext fragment e9 6d 1a a0 fa eb 7b 81 d5 9d e6 7f d6 00 3d 4c | cleartext fragment d4 64 58 58 23 a4 99 19 b6 17 f5 18 41 e0 73 2a | cleartext fragment 13 f9 4c bf 42 29 17 28 0c 88 65 98 69 eb f7 f9 | cleartext fragment ce e2 02 6c 23 fc d0 47 04 95 be 8c 2e d0 5c 39 | cleartext fragment e4 28 49 9f d8 87 91 6c 60 ab 93 b1 56 a5 02 03 | cleartext fragment 01 00 01 a3 81 e8 30 81 e5 30 09 06 03 55 1d 13 | cleartext fragment 04 02 30 00 30 34 06 03 55 1d 11 04 2d 30 2b 82 | cleartext fragment 29 77 65 73 74 2d 65 6b 75 2d 63 6c 69 65 6e 74 | cleartext fragment 41 75 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d | cleartext fragment 0f 04 04 03 02 07 80 30 13 06 03 55 1d 25 04 0c | cleartext fragment 30 0a 06 08 2b 06 01 05 05 07 03 02 30 41 06 08 | cleartext fragment 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 | cleartext fragment 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f | cleartext fragment 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 | cleartext fragment 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e | cleartext fragment 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 | cleartext fragment 00 48 08 9f 00 fb fd 64 84 df 0e 4f 47 df d8 13 | cleartext fragment 21 ae a4 be 78 1c f7 29 7f 00 81 e5 b1 e9 e5 7e | cleartext fragment 09 cd a1 ce f0 89 a2 da bf bc 8d 45 f3 dc 16 37 | cleartext fragment d9 ba 61 92 4c 1e 84 8f 99 b6 c0 f3 49 68 a1 e4 | cleartext fragment 56 e1 8c 92 58 07 6d 05 97 d6 cf 3e ac b3 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment e4 55 c8 0b 66 2a 70 f2 b0 f5 29 07 fd 94 06 36 | cleartext fragment e7 d4 c7 32 f1 3f 05 1d cb f0 1a e2 71 01 2a 42 | cleartext fragment 46 d1 b7 08 13 08 2c 3a 06 56 76 78 b1 b1 4b 67 | cleartext fragment b5 f7 27 21 00 01 88 01 00 00 00 7a 81 51 fa ba | cleartext fragment 6d 48 f0 37 cb 08 3e 1b 4a b2 aa 4e a3 e5 ea cc | cleartext fragment d3 60 31 8c 61 c1 49 0c 9d e9 07 f1 99 01 b2 cf | cleartext fragment d8 5a 0f 23 6c d2 d4 f9 68 ce 5e f8 3e 67 14 71 | cleartext fragment 32 49 b8 82 06 67 86 26 ff 0a e8 a7 2e 64 b8 10 | cleartext fragment 60 40 a5 b8 8d 04 c8 fb 67 6a b1 e6 03 49 7f bf | cleartext fragment dd 63 76 37 cc 3b 2a de d2 c2 65 43 69 19 e1 a1 | cleartext fragment c9 c7 94 76 f5 5e 80 68 bf 4f ba ab f5 9e 3a e3 | cleartext fragment 07 f2 61 88 c5 ea c1 86 61 55 40 8d 6b 0d 26 d5 | cleartext fragment fc 62 70 42 d8 cc e2 cf 86 ec 7b 0b e7 64 a2 63 | cleartext fragment bc e0 f6 5a 6a 02 01 58 01 14 22 85 db 2a b6 5b | cleartext fragment 85 8a 42 40 4b 8f 3a 4a c2 d5 5b 34 3b b4 86 09 | cleartext fragment 08 9d c5 03 00 cf 5c 01 0f 12 45 a4 d2 6e 44 48 | cleartext fragment 20 8c bf c3 11 e9 cb fb bf d1 b2 65 55 5f bc 4e | cleartext fragment 0d 1c 15 59 ab bb c8 89 41 db a0 d4 01 c2 59 aa | cleartext fragment a5 0d 59 1c e9 97 f7 10 7b 72 23 51 26 2f de 8a | cleartext fragment 5d 3d d8 31 35 40 9e 92 d0 07 9a b8 d2 b1 c9 38 | cleartext fragment 59 23 39 fa 36 29 99 c0 88 b6 ae b3 32 0b 16 0b | cleartext fragment 8a 6a a7 b3 0c 2f 41 fa 6f 02 1f a0 fd b3 1f 9e | cleartext fragment 49 05 f3 32 d8 28 bc c3 43 42 87 b6 94 44 36 3b | cleartext fragment 16 f2 a3 a1 03 76 3c 2d 75 d7 96 46 ca 0a 6e fe | cleartext fragment a8 7f dc cb 4e 7d 0c b1 bd e1 de 8d ea d4 a7 2a | cleartext fragment 58 41 09 15 63 4f 5f 21 97 66 10 0b 43 cf de e0 | cleartext fragment a7 5d a2 70 e8 59 01 0a d8 71 c8 2e f1 bd d0 dd | cleartext fragment 1f 9d 86 21 41 82 9e 3e 67 05 2d 2c 00 00 a4 02 | cleartext fragment 00 00 20 01 03 04 02 9e 3a db 47 03 00 00 0c 01 | cleartext fragment 00 00 14 80 0e 01 00 00 00 00 08 05 00 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 177 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 02 00 00 20 02 03 04 02 9e 3a db 47 03 00 00 | cleartext fragment 0c 01 00 00 14 80 0e 00 80 00 00 00 08 05 00 00 | cleartext fragment 00 02 00 00 30 03 03 04 04 9e 3a db 47 03 00 00 | cleartext fragment 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 03 00 00 | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 | cleartext fragment 00 00 00 00 30 04 03 04 04 9e 3a db 47 03 00 00 | cleartext fragment 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 03 00 00 | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 | cleartext fragment 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff | cleartext fragment ff c0 01 02 2d c0 01 02 2d 00 00 00 18 01 00 00 | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 01 02 17 c0 01 02 | cleartext fragment 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 210 | emitting length of ISAKMP Message: 238 | suspend processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #24: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #24 to 0 after switching state | Message ID: recv #23.#24 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #23.#24 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-eku-clientAuth" #24: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 33 7a b7 a5 25 ee e0 5d 11 14 be 98 | 65 9e 4a 00 bf df 68 91 02 28 d4 3c 38 e8 79 e9 | 8e 70 61 26 e2 42 6e 46 15 4b 9a 26 6d ea d0 a5 | 1d b5 04 ad 5c 82 fd c6 1f 62 f1 9c 8b d8 1f e6 | 60 30 cf ce 47 37 c7 96 0b f0 01 f5 61 af fb 73 | c7 f0 fd 67 10 bc 4b 70 fe 88 ea c2 36 e0 85 2e | e8 b8 4d af 83 2d e8 5b 2f c2 cd 36 97 3e 8f 0f | 1f 6b e6 ad 24 1f 18 a3 cc e0 59 bf c9 4d 35 36 | 8b d8 9c c7 ca 4d 7e 56 e7 db 8a ce a5 6e b0 d5 | 02 79 b0 19 9f ad 3d ce c4 2c 2e 77 13 fb 65 cd | 0b 28 9f 55 7e 4b 5e 54 cd 27 35 1b ca 51 70 0f | a4 f6 63 06 45 c3 f8 91 6d 94 68 57 71 16 18 7e | 60 c5 00 22 6a 6c 9a 19 db 38 57 17 9f 67 ee f6 | 97 71 83 9a 04 bf b6 35 f9 b4 81 8c 1b 0b 35 05 | a2 21 33 52 72 d2 3b 7a 81 8d e5 74 7d 46 a0 83 | 40 97 ae ca 17 b8 44 cb e8 3b 91 64 1e 8a 1d c8 | f7 b4 1a 93 94 ff 2a e9 6e b2 7f 18 f8 a1 c7 ed | 59 d6 e3 44 f7 ee b3 40 d3 ff 70 35 53 1a e7 95 | 71 7c 7a c1 58 e6 57 cb 17 12 1f 8e 67 e5 96 45 | d2 f0 5e cf 74 53 3b fe c0 bf da a3 7f 83 37 c1 | 8c ef 6e 00 17 64 7e 05 eb 76 03 85 78 b2 06 fe | ed 92 99 b1 01 50 29 d1 4c 87 cd 99 a2 23 5f a8 | 01 7f 22 23 79 fc 6b 71 c6 48 31 df c3 e7 9f e7 | 92 5b d3 77 cf 2b 89 8a 84 03 f4 a5 6a 07 54 fb | e2 b4 56 a9 5e ea 8f a9 55 1b 3c d5 ae 36 8e f9 | 08 9d 5d d1 8b 83 73 96 9c 0b d7 5d 37 3a 6c 9a | 06 fd 30 c9 0f 57 41 5d 42 c0 d9 b2 91 e1 3d 78 | f9 59 91 c2 3a ee ca 97 ad b5 70 6c d2 4f d9 d3 | c3 d5 c4 5d 13 ba 24 76 34 c1 a3 74 d5 dc 36 8a | a5 8a 01 24 c7 8b 32 43 d8 24 3b 5f 06 3c 99 f1 | 34 ed 3b 28 6e 53 60 14 52 91 05 fa d6 73 6c ff | a2 b7 a5 3a 0e 01 41 2d cb 52 1b | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 45 d2 4e a7 da dd 26 43 17 36 3b cd | fb 14 9d 7c 11 f6 bc 1c db 41 f4 a0 6b 26 47 c3 | ed b7 6c 33 d2 fe dd f8 d1 c7 26 45 f6 f2 05 2f | 87 51 f5 26 77 3b d2 29 4b 48 a4 76 7f b7 a3 60 | d3 f3 f4 52 97 a2 d2 3d 3f cf 35 cf 8d ae 25 6f | 4d 91 53 a7 09 a4 99 2d a9 9d 08 49 6f ed c1 37 | e9 b7 b3 68 0a 58 4a 6c e0 d0 3b 9f 30 62 e4 84 | 09 34 9f cb b1 e0 66 1c fc b1 d6 d2 9f 20 6d 9d | 39 0e 53 8e 74 cb 9a d3 a8 5c 7f ec 4f c9 35 34 | 94 e3 4f 41 57 6e 62 ba f0 1f 5a 1d f9 f6 61 10 | 1b f1 61 2d 99 f5 49 06 9a f8 35 41 9b 65 5f 7b | e8 08 b0 fa e6 7b cd e4 4b 45 90 86 b0 97 d7 05 | ce b3 82 05 3f 0e ae d3 f6 2d ab fa 8e 9b b2 1a | 86 46 81 ab 81 10 3d 47 db 9a 1b ee b1 e3 63 1a | 77 bc f0 d7 6a e5 7c db f2 b3 97 4a 24 04 a5 6b | 54 b0 58 e4 a0 72 d8 44 ae 1f 8c 3c 85 9d c9 1f | cf 06 d2 1b bc e9 2f 6d 08 f3 a7 f2 c6 f9 3c cc | 17 ea 79 93 a1 9d ef 23 36 5e 2b ce c3 b0 f0 3c | f8 13 58 ce 92 86 a9 cd 56 f1 07 40 7b 45 1b 5d | 0d 36 0f 8e a4 78 bf c6 87 2d f6 c9 40 58 33 9e | 0c 21 91 2d df f2 d2 82 94 da 6e 4a cd 01 2f c3 | 09 28 75 e1 e1 72 c4 8a e6 4b 66 76 a2 b4 f0 23 | 74 78 cf f0 e6 9d fd 13 4e 02 67 de 1c b0 b1 9a | 58 4a aa 7f 1d ab 2d 5b e8 34 48 01 d0 3b 89 47 | 16 6c 99 b6 cc 91 3e 44 26 e6 b9 78 7a b5 4a 2a | 5b ab c7 7a 46 8c 6c 55 49 ee 02 bf fb be f6 25 | 62 97 82 94 3f 21 a3 fd 79 60 3e e8 1a 82 b3 8a | 70 94 be b3 5d e9 40 7a 46 d0 86 88 64 b9 9d 89 | 0b 3f 74 23 35 83 4a 07 f5 45 74 c6 4c 59 cb 99 | 58 62 e0 f9 ec ec 9e 87 2d f7 7b 6a 0e 00 0d ca | ec 8e aa 0b 86 4b 85 bc b2 21 36 f2 e5 da 75 ad | 77 c2 94 80 5e 09 25 e7 6f 98 3f | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 23 96 00 39 65 a6 0a d1 16 81 41 9e | 44 58 a4 a0 2e d6 94 7b d0 6a 76 b9 61 51 e8 9b | 02 7b 19 75 81 4f eb e9 49 c9 10 ac fe e7 da 79 | 3e 06 57 43 53 b3 91 2c fb 0a 1a 80 02 23 41 ab | ae 08 a2 2b 50 a2 16 29 d5 78 a1 64 65 bd 51 b4 | 97 dc 1d 89 d9 7e 05 86 a9 1b 99 e6 ca ca 8a 29 | 2a 71 5f 47 eb e1 52 14 69 96 45 d9 2b 22 af 8d | f2 7a 15 5e 7c 3a f5 bc d2 4d f3 12 07 a9 a0 95 | a5 bf 9c f2 62 36 d0 b1 db 08 1e ff 92 bc 84 86 | 95 df f4 ae 3b 82 f0 1f c5 a4 42 57 73 b3 a9 6b | 77 66 05 ac b4 28 b3 6f 7d 62 92 c3 c6 83 37 8e | 1a 9a 72 ab c4 91 42 4b 2f 84 c4 bb c9 b6 ed c8 | b2 f0 33 e3 10 e0 7a 51 e2 0f a4 c6 d6 78 ac 0a | 7a 38 de ad 8a 53 d1 d2 3b 22 91 4a 23 cc 43 df | 61 9e 25 34 21 e4 ca 50 31 37 f3 0b a9 d2 6a 87 | 9c 61 3a 5d eb 2c b7 7a af 34 99 74 12 45 81 ec | 88 87 95 a6 0e 2a 46 29 7b ea 09 32 f6 10 28 d5 | 99 70 ee b4 31 c5 b2 69 76 a0 14 8b aa ee 0f 02 | 65 e5 cd 34 d3 2e 79 cc d5 a2 ae c8 cc ce 5c a7 | d1 15 95 4e d9 bb 66 e0 96 3f 46 2a 5a 7d ff 18 | 77 19 b5 c5 c1 60 e6 94 7c 89 b7 75 af 98 23 0f | 55 79 44 59 7b 57 7d 03 aa 1c 0e 8c 86 7f 13 e6 | 75 26 a4 66 ed ac 8f e3 ab e8 2e 22 fc bf 2d 36 | 7f 43 9e b9 80 53 a6 2f 94 f7 c3 43 89 16 92 0e | c6 ab a4 24 4c af 11 d7 9c 95 7f 6d ea c3 89 e8 | 5f fd 6c bb 6b d7 00 79 9d 65 d6 99 10 f8 ee 13 | 12 8c 74 b7 16 14 4d 3d 5e 07 88 2f e6 6d 84 bd | b5 87 67 f3 9f 3c 1d b9 ae ef 34 be b2 15 ab 39 | f9 97 9e 04 42 98 e5 36 ee c8 7a 76 f8 be b9 1d | 21 b3 29 80 a6 46 02 36 45 ad f2 c8 bb ed 86 8c | 54 cd e9 32 28 7f 7e 68 3a 7f e4 b8 a1 b4 34 f0 | 36 4e a6 19 ff 44 54 7e fb 8c e0 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 7d aa b8 4f 6b f8 34 29 a9 b1 f9 0e | cc 83 f4 90 27 61 d0 f4 7b 63 d9 7d cd 7b 54 4f | bb 4d 8a 21 24 14 15 b6 26 09 57 21 37 32 57 3a | 98 b9 b4 a6 b9 d0 91 5c db bf 0c aa e3 80 7e 93 | a6 19 e0 91 02 c3 74 e4 b7 27 b4 e7 a0 98 a3 cc | 23 a1 ef be 45 02 3c 1c 8e 06 a5 89 48 b2 44 b4 | 8b ca 90 56 5b e1 bc bf 57 21 82 50 3c 60 e8 fa | 03 65 22 ae 63 0f e2 94 3e 21 c8 35 0a 55 95 3e | 2f b7 70 ea 17 ba 4f bb d8 3a 97 f7 98 ae 1c d7 | 24 b1 2a 86 ad 1b ea f0 34 fc 00 ca 14 21 53 e8 | 75 b7 38 40 3a 30 99 0a 0e 44 5a 11 4e 85 60 10 | c8 9e dc b1 5c e2 d6 3d 87 86 d3 cb 28 a5 e2 24 | 86 a8 f9 5a b8 6c aa ed 4c b7 27 2d 11 3c 0b 27 | 7e a5 61 b3 4f dd fe 6a 41 bb db 42 8d 10 c4 cd | af a8 3e 26 08 b7 52 f9 c3 36 3b dc 0f f0 65 0e | da d8 f2 b9 a2 5c b9 9a bd cd d6 1b 83 e9 8e 25 | d1 f9 aa 68 f1 f5 f3 c8 87 49 fb 1c 6b 7d bd 42 | c1 dd c9 fe 56 3d 8e 8c 45 17 95 a9 98 5c 90 c5 | 50 f7 fa d3 5b cd 3a cf 5c bf ab 06 4c 8c fa 47 | 5d 4e 96 db 20 33 10 e2 1a 55 39 e8 e0 16 95 31 | 21 7f 97 f8 a0 64 13 b8 aa 48 4d fb 7d da 75 e9 | f3 5c 8f 4f 59 69 a9 06 a1 23 9c b9 66 4c 66 ce | 2b 58 ed a1 84 7e 9d 56 53 2a 1b 65 05 d3 79 74 | e7 7f 2a ad 28 6e f9 38 33 61 37 6f 1e f6 99 29 | dc be ee af f6 fe 98 67 5e 1f fa cc 9d d8 28 22 | 80 a9 41 8e 6c be be a1 28 7d 90 9c 48 3b e1 65 | 7c e6 53 48 06 e7 55 63 50 41 73 f1 34 57 c0 7b | 03 0e f1 5b b4 93 8e 4d 7e ed 44 1b 40 12 9b 0f | 42 34 68 22 94 91 b8 24 c9 10 b9 5b 64 7d 6f 55 | 1d 29 fc 5b 93 99 8e 75 6e cb 81 45 5b 7a 65 81 | 13 56 28 7e 31 af ae 7c fb 81 ab a3 83 66 26 fa | 2c 0d 9c 52 a1 ae 6f 3b 6a 0a ed | sending 238 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 35 20 23 08 00 00 00 01 00 00 00 ee 00 00 00 d2 | 00 05 00 05 ca 37 fe 7e 63 62 f1 7c f9 0f 55 55 | e3 44 df 94 f3 3e 4a 8f 07 62 b7 1c 8e 1f 21 fe | 04 03 ad f5 ed 8a 13 cc 91 f1 c9 5f 41 e0 c1 f4 | c6 d3 fe 59 af 2e 0f 59 91 2f a1 ce 6b aa 6e 39 | aa 69 f4 ca ee 51 93 28 30 03 22 46 74 7e 56 75 | 81 53 d6 4b cc 8b f6 de 20 b8 dd 26 b3 0e b5 ff | 2e e9 a1 c7 b0 27 47 02 6d 34 69 3b 88 70 8f 5b | 98 c9 62 d7 2a 21 8b 30 a7 c2 5d 40 cb 58 84 44 | 8b 0e cd bc d8 86 7e 59 ed 6e 6e 53 3d 2c aa a2 | 94 63 a9 76 d3 68 e9 68 55 47 77 5c 38 4d ae b3 | bf 96 ca 9b 95 04 74 77 32 7b 23 d5 7c fb dd f6 | 81 30 43 3f 17 fc f9 b7 6a e1 52 23 67 80 53 7f | 0c d1 05 b9 45 e1 1c 6b 17 c5 c5 0a e2 76 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-eku-clientAuth" #24: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | #24 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49007.363308 | resume sending helper answer for #23 suppresed complete_v2_state_transition() | #23 spent 1.41 milliseconds | #23 spent 11.8 milliseconds in resume sending helper answer | stop processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f208c001350 | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3e 0a 8e 5e 73 bb 81 10 35 79 87 d7 23 ef ba 11 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 6e c5 06 97 68 2b cc 1c 0a 54 29 70 87 03 ae 6f | 3c 79 be 1d 8e af 62 31 a4 f2 b6 38 79 9c 2a 08 | dc | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3e 0a 8e 5e 73 bb 81 10 | responder cookie: | 35 79 87 d7 23 ef ba 11 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #23 in PARENT_I2 (find_v2_ike_sa) | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #24 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #24 is idle | #24 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #24 in state PARENT_I2: sent v2I2, expected v2R2 | #24 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-eku-clientAuth" #24: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #23 ikev2.ike failed auth-failed "west-eku-clientAuth" #24: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #24 fd@25 .st_dev=9 .st_ino=1720735 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #23 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f2090001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | inserting event EVENT_RETRANSMIT, timeout in 59.996946 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 "west-eku-clientAuth" #24: STATE_PARENT_I2: suppressing retransmits; will wait 59.996946 seconds for retry | #24 spent 0.0535 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #23 spent 0.201 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.213 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-clientAuth" (in terminate_a_connection() at terminate.c:69) "west-eku-clientAuth": terminating SAs using this connection | connection 'west-eku-clientAuth' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #24 | suspend processing: connection "west-eku-clientAuth" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #24 ikev2.child deleted other | #24 spent 0.0535 milliseconds in total | [RE]START processing: state #24 connection "west-eku-clientAuth" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-eku-clientAuth" #24: deleting state (STATE_PARENT_I2) aged 0.083s and NOT sending notification | child state #24: PARENT_I2(open IKE SA) => delete | child state #24: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #24 requesting EVENT_RETRANSMIT to be deleted | #24 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2090001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | priority calculation of connection "west-eku-clientAuth" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-eku-clientAuth" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-eku-clientAuth | State DB: deleting IKEv2 state #24 in CHILDSA_DEL | child state #24: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #24 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #23 | start processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #23 ikev2.ike deleted auth-failed | #23 spent 16.2 milliseconds in total | [RE]START processing: state #23 connection "west-eku-clientAuth" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-eku-clientAuth" #23: deleting state (STATE_PARENT_I2) aged 0.095s and NOT sending notification | parent state #23: PARENT_I2(open IKE SA) => delete | state #23 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2088004f00 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2088000c20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-eku-clientAuth | State DB: deleting IKEv2 state #23 in PARENT_I2 | parent state #23: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #23 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-clientAuth" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-eku-clientAuth' wasn't on the list | stop processing: connection "west-eku-clientAuth" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.273 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-ipsecIKE" (in initiate_a_connection() at initiate.c:186) | connection 'west-eku-ipsecIKE' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #25 at 0x56366a5a3770 | State DB: adding IKEv2 state #25 in UNDEFINED | pstats #25 ikev2.ike started | Message ID: init #25: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #25: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #25; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-eku-ipsecIKE" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-eku-ipsecIKE" IKE SA #25 "west-eku-ipsecIKE" "west-eku-ipsecIKE" #25: initiating v2 parent SA | constructing local IKE proposals for west-eku-ipsecIKE (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-eku-ipsecIKE": constructed local IKE proposals for west-eku-ipsecIKE (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 25 for state #25 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #25 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | #25 spent 0.179 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-eku-ipsecIKE" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.251 milliseconds in whack | crypto helper 2 resuming | crypto helper 2 starting work-order 25 for state #25 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 25 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 25 time elapsed 0.000548 seconds | (#25) spent 0.552 milliseconds in crypto helper computing work-order 25: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 25 for state #25 to event queue | scheduling resume sending helper answer for #25 | libevent_malloc: new ptr-libevent@0x7f2080004f00 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #25 | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 25 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #25 | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-eku-ipsecIKE (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 5b 0c a3 95 a1 1b 42 1c f7 d2 5f 82 a5 6c 56 ce | ikev2 g^x 10 73 15 13 ef 02 3a 4b b1 c5 ea de 42 3b 75 cb | ikev2 g^x d9 1b c9 6e ac 70 a9 9c b1 34 b5 bd cc b1 38 7a | ikev2 g^x e3 72 47 68 b6 52 fc 3b 07 b4 e7 9c da 16 23 af | ikev2 g^x 1c 30 89 7d cc 23 d3 de 01 ea 4e 19 d0 61 ec 65 | ikev2 g^x 8c 10 76 d0 f1 56 da 89 e2 ad 1b f4 5b 33 75 62 | ikev2 g^x 02 a6 97 c1 71 22 80 09 50 37 05 85 d3 62 e2 21 | ikev2 g^x ed f0 ef 70 cc da bf b5 77 35 af 50 2b b7 48 34 | ikev2 g^x 87 cc f4 9d 0e a0 72 38 8a 6c 5e c8 a1 24 83 6d | ikev2 g^x 4f 79 a5 51 14 d4 c4 a3 6a e4 ae c7 e2 4e 99 b8 | ikev2 g^x e7 bd 6d 25 14 2f 7a dc 66 3d d8 01 d4 8d 26 d7 | ikev2 g^x 85 73 d5 a1 da 4b 89 9e 4b 97 4d 17 22 2d 9d bc | ikev2 g^x 39 a7 32 33 a2 e0 bb 3f 12 bc 76 d0 8a bd 9f 25 | ikev2 g^x 75 d8 a5 50 72 52 1b 89 d1 53 e2 ec 0e 4c 7f 15 | ikev2 g^x 6d e2 0e 82 66 13 7c b1 e4 f9 f4 91 fb 13 a7 5d | ikev2 g^x b2 98 42 c3 ee 75 d5 a5 23 06 11 f7 d3 f0 87 7b | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 78 11 11 d9 85 ce 43 35 75 c8 40 a9 45 5c 13 93 | IKEv2 nonce 56 fd f8 16 7b 7f a5 ab c6 45 94 7d 4c db ad db | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 4e 71 10 4b b2 3a 8a ea | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 74 fb 2b f2 9e a3 ea ab 64 2a 59 9a 8f aa 19 2d | natd_hash: hash= ae ef 34 86 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 74 fb 2b f2 9e a3 ea ab 64 2a 59 9a 8f aa 19 2d | Notify data ae ef 34 86 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 4e 71 10 4b b2 3a 8a ea | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= ae 2c 6a 18 85 a9 48 99 64 49 f2 6f f5 00 61 41 | natd_hash: hash= 28 aa 6b 0e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ae 2c 6a 18 85 a9 48 99 64 49 f2 6f f5 00 61 41 | Notify data 28 aa 6b 0e | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #25 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #25: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #25 to 4294967295 after switching state | Message ID: IKE #25 skipping update_recv as MD is fake | Message ID: sent #25 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-eku-ipsecIKE" #25: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #25) | 4e 71 10 4b b2 3a 8a ea 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 5b 0c a3 95 a1 1b 42 1c | f7 d2 5f 82 a5 6c 56 ce 10 73 15 13 ef 02 3a 4b | b1 c5 ea de 42 3b 75 cb d9 1b c9 6e ac 70 a9 9c | b1 34 b5 bd cc b1 38 7a e3 72 47 68 b6 52 fc 3b | 07 b4 e7 9c da 16 23 af 1c 30 89 7d cc 23 d3 de | 01 ea 4e 19 d0 61 ec 65 8c 10 76 d0 f1 56 da 89 | e2 ad 1b f4 5b 33 75 62 02 a6 97 c1 71 22 80 09 | 50 37 05 85 d3 62 e2 21 ed f0 ef 70 cc da bf b5 | 77 35 af 50 2b b7 48 34 87 cc f4 9d 0e a0 72 38 | 8a 6c 5e c8 a1 24 83 6d 4f 79 a5 51 14 d4 c4 a3 | 6a e4 ae c7 e2 4e 99 b8 e7 bd 6d 25 14 2f 7a dc | 66 3d d8 01 d4 8d 26 d7 85 73 d5 a1 da 4b 89 9e | 4b 97 4d 17 22 2d 9d bc 39 a7 32 33 a2 e0 bb 3f | 12 bc 76 d0 8a bd 9f 25 75 d8 a5 50 72 52 1b 89 | d1 53 e2 ec 0e 4c 7f 15 6d e2 0e 82 66 13 7c b1 | e4 f9 f4 91 fb 13 a7 5d b2 98 42 c3 ee 75 d5 a5 | 23 06 11 f7 d3 f0 87 7b 29 00 00 24 78 11 11 d9 | 85 ce 43 35 75 c8 40 a9 45 5c 13 93 56 fd f8 16 | 7b 7f a5 ab c6 45 94 7d 4c db ad db 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 74 fb 2b f2 | 9e a3 ea ab 64 2a 59 9a 8f aa 19 2d ae ef 34 86 | 00 00 00 1c 00 00 40 05 ae 2c 6a 18 85 a9 48 99 | 64 49 f2 6f f5 00 61 41 28 aa 6b 0e | state #25 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2090001350 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-eku-ipsecIKE" #25: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #25 | libevent_malloc: new ptr-libevent@0x7f2090001350 size 128 | #25 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49009.59013 | resume sending helper answer for #25 suppresed complete_v2_state_transition() and stole MD | #25 spent 1.48 milliseconds in resume sending helper answer | stop processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2080004f00 | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 f9 ee 5c d4 | d9 7d 84 ce 26 ba af 08 cf 9b d6 06 51 4f 7d 63 | 43 19 5a c2 81 93 8b 19 94 4c 2f 5e d9 5c 04 d0 | 90 76 79 f8 c6 ab 7d c6 af 6b 2e c0 2f 0b e9 de | 0b f4 3c a7 54 01 0a 90 12 72 9a e7 d4 b1 2b 48 | d2 a3 73 b8 fa 14 fc 21 55 71 9a 91 0f 08 9b 86 | 75 8c a9 54 9b 33 dc 55 cd e7 16 ad f1 9a 01 40 | 3b 11 66 9c da cb 5b 6f f4 dd 00 f9 3c d1 90 bf | 88 16 4b b7 12 8b 9e 23 4d 88 ef 8d 09 29 25 af | 7b 48 3a 75 e7 16 36 a6 66 66 26 d8 e6 6b 4c 0e | 7f b4 02 7b ad ef 26 1b fe 56 cc fe ab 0e 74 7e | e0 31 51 c8 9e 18 bf c1 8a 9e d3 6a 5a 2e e4 a1 | 5a 62 0f 74 55 f5 a3 ef 99 7b bd 52 4e de 33 dd | 00 0d cf 43 30 e3 51 a7 70 bb 58 51 ef 6b fd bf | 18 e7 be f5 a7 be 4d 26 39 41 11 e6 f8 6d 09 78 | 4c dc 3b 92 78 22 de 34 cf 19 a9 a2 3a 5c 7f 4d | 20 2e 8c ac 60 d3 b1 9c 3c 6b 99 d4 29 00 00 24 | c3 90 d8 6a 50 0c b3 6f 98 df f4 17 02 10 9a 09 | c2 84 08 7f 1b cb d7 4f 99 eb 14 0f 1a f5 02 8f | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | f0 0a 63 07 76 62 49 d5 95 09 4a d1 02 92 d7 c2 | 1c b9 e8 f1 26 00 00 1c 00 00 40 05 cb 0f 6a b7 | be d5 30 ef d7 4b d9 d0 d2 a0 e4 25 4c 76 4b 38 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #25 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #25 is idle | #25 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #25 IKE SPIi and SPI[ir] | #25 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-eku-ipsecIKE (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 4e 71 10 4b b2 3a 8a ea | natd_hash: rcookie= 40 72 db f2 a7 57 b4 10 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= cb 0f 6a b7 be d5 30 ef d7 4b d9 d0 d2 a0 e4 25 | natd_hash: hash= 4c 76 4b 38 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 4e 71 10 4b b2 3a 8a ea | natd_hash: rcookie= 40 72 db f2 a7 57 b4 10 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= f0 0a 63 07 76 62 49 d5 95 09 4a d1 02 92 d7 c2 | natd_hash: hash= 1c b9 e8 f1 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 26 for state #25 | state #25 requesting EVENT_RETRANSMIT to be deleted | #25 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f2090001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c9aa0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #25 | libevent_malloc: new ptr-libevent@0x7f2080004f00 size 128 | #25 spent 0.267 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #25 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #25 and saving MD | #25 is busy; has a suspended MD | [RE]START processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-eku-ipsecIKE" #25 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #25 spent 0.567 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.581 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 resuming | crypto helper 6 starting work-order 26 for state #25 | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 26 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 26 time elapsed 0.001345 seconds | (#25) spent 1.35 milliseconds in crypto helper computing work-order 26: ikev2_inR1outI2 KE (pcr) | crypto helper 6 sending results from work-order 26 for state #25 to event queue | scheduling resume sending helper answer for #25 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #25 | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 26 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #25: calculating g^{xy}, sending I2 | creating state object #26 at 0x56366a5c49b0 | State DB: adding IKEv2 state #26 in UNDEFINED | pstats #26 ikev2.child started | duplicating state object #25 "west-eku-ipsecIKE" as #26 for IPSEC SA | #26 setting local endpoint to 192.1.2.45:500 from #25.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #25.#26; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #25 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #25.#26 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #25 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2080004f00 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c9aa0 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a5c9aa0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #25 | libevent_malloc: new ptr-libevent@0x7f2080004f00 size 128 | parent state #25: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 209 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 ce 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 30 30 2e 06 03 55 04 03 0c 27 77 65 73 | my identity 74 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 2e 74 | my identity 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e | my identity 2e 6f 72 67 31 3b 30 39 06 09 2a 86 48 86 f7 0d | my identity 01 09 01 16 2c 75 73 65 72 2d 77 65 73 74 2d 65 | my identity 6b 75 2d 69 70 73 65 63 49 4b 45 40 74 65 73 74 | my identity 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | my identity 67 | emitting length of IKEv2 Identification - Initiator - Payload: 217 | Sending [CERT] of certificate: E=user-west-eku-ipsecIKE@testing.libreswan.org,CN=west-eku-ipsecIKE.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1263 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 eb 30 82 04 54 a0 03 02 01 02 02 01 25 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 ce 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 30 30 2e 06 03 55 04 03 0c 27 77 | CERT 65 73 74 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 | CERT 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | CERT 61 6e 2e 6f 72 67 31 3b 30 39 06 09 2a 86 48 86 | CERT f7 0d 01 09 01 16 2c 75 73 65 72 2d 77 65 73 74 | CERT 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 40 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 | CERT 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 | CERT 82 01 81 00 a9 e8 02 2a ae b1 27 ba d1 8b 6e ec | CERT 73 99 2f 00 38 6f cf 1c 2d a9 47 dc ca 67 d0 b3 | CERT 80 78 fd 16 cf d2 2b 1d c5 bd bc 77 f2 58 e4 a7 | CERT b8 9b ad 5c ad 9f 5e 5b b4 1c a7 c7 48 47 2d 6e | CERT 84 2b 6d dc c8 37 f2 de b6 d9 30 5c a8 b0 07 aa | CERT 98 dd 17 32 6b 9f fd 93 d7 b8 c9 d8 a7 da 74 44 | CERT 40 3b cc 72 c5 f9 ee a6 30 56 5b 28 98 8d a7 2d | CERT 47 b1 48 b7 50 16 be a2 39 fd 15 39 71 f8 af ad | CERT fd 57 e9 60 c5 81 25 4c 66 ae f9 59 f2 63 87 08 | CERT eb 6d 0a e0 f7 f9 52 a0 cc 1b 77 08 8f c0 0a 8a | CERT 3e ff 7e fc 8f a3 1d ed d1 ba f0 ef f4 89 29 eb | CERT 88 6c 57 74 04 26 ca 86 f7 a8 bb 57 d5 f5 3a dd | CERT ab 83 d9 74 ba 58 5a 5e e7 25 0e 49 41 a2 d2 88 | CERT fc 07 18 5e d4 05 02 57 c6 ac 54 38 1b 53 5f 44 | CERT 51 e0 a3 a0 7f 64 f0 ec 2f 77 ab af 42 84 8f 10 | CERT c3 9d 10 a1 f2 15 cc 37 f5 51 5b df 8f 63 8e 3b | CERT c4 88 92 9b e9 8b 09 cb 9f d7 85 e4 9b 4f 75 d9 | CERT e0 74 19 9a 36 a2 01 27 c5 27 0e 0f ef cd 09 0a | CERT 9c 53 b7 a6 6f 22 18 42 b9 68 29 d7 dd ad f0 ea | CERT c1 01 c4 42 c2 84 d6 f8 2a 16 e1 d6 73 e4 ec 55 | CERT fa bc ff c1 d9 c0 02 22 8b 86 5a dd e8 e7 a5 73 | CERT 73 16 4c 44 fb 83 a1 0c e0 ab 73 85 5f 69 2f e0 | CERT c6 b4 30 3c 85 2b 77 5e 83 03 cc 01 61 36 bb fc | CERT ac 53 31 9f f4 be c6 1f 65 67 45 78 0c ea c6 17 | CERT e7 97 ba d3 02 03 01 00 01 a3 81 f0 30 81 ed 30 | CERT 09 06 03 55 1d 13 04 02 30 00 30 32 06 03 55 1d | CERT 11 04 2b 30 29 82 27 77 65 73 74 2d 65 6b 75 2d | CERT 69 70 73 65 63 49 4b 45 2e 74 65 73 74 69 6e 67 | CERT 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 0b | CERT 06 03 55 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 | CERT 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 11 | CERT 06 08 2b 06 01 05 05 07 03 11 30 41 06 08 2b 06 | CERT 01 05 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 | CERT 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e | CERT 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | CERT 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 | CERT 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c | CERT 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 | CERT 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | CERT 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 | CERT 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 50 | CERT dd f7 08 b2 49 a4 a8 2f 49 3c 04 73 f9 10 55 e4 | CERT 99 07 88 08 a4 b5 59 9b 36 1c 01 7b ec 72 d7 9a | CERT 89 18 56 bb e4 f8 9a d7 4c 23 83 e0 7a 9e 12 87 | CERT 64 48 39 83 51 93 73 8e 09 f5 b1 3e 02 74 8e c3 | CERT 9a e4 dc 17 98 a9 65 53 07 ce 7d 1a 11 a4 13 d7 | CERT 51 06 76 88 ad 46 13 f7 4a 99 1f e1 92 51 10 51 | CERT aa 52 5e 0d ab cb 41 3e 0f 81 2d 31 39 d3 03 20 | CERT 42 4f f0 8d 23 e9 ad 53 f9 ec a4 07 cb 4b 33 | emitting length of IKEv2 Certificate Payload: 1268 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku-ipsecIKE.testing.libreswan.org, E=user-west-eku-ipsecIKE@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAcMYk vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAa7e2 vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAdlAH vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAanoA | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAanoA | private key for cert west-eku-ipsecIKE not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAanoA vs PKK_RSA:AwEAAanoA | #25 spent 9.73 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 4b 6a 2f c0 5a f4 80 ca f1 72 6b 59 b7 e6 93 17 | rsa signature 59 73 b9 42 b7 e6 bb 65 62 2a 3d 4c 8a 74 86 87 | rsa signature 15 d2 1d 5f 1b 8a 5f f5 14 cc ea 3b ce 06 05 38 | rsa signature f7 a6 30 c3 9e a4 55 c0 6a 91 d5 b1 5c ce 8d ad | rsa signature e2 05 06 51 a8 79 53 6f 73 dd a2 eb 9f 04 9b d2 | rsa signature 39 e7 45 76 3b 9e 0d fa c4 3d ef 46 a1 d3 a4 f3 | rsa signature 49 c6 d8 7b 9e 22 67 eb ae d5 b1 c2 97 d8 0b b2 | rsa signature c4 d6 e5 86 c1 44 9e 56 21 31 f7 e6 54 76 3b 1d | rsa signature 20 c1 08 71 7a 26 e5 cb 2a e8 5f 50 98 2c 55 9a | rsa signature 1c 92 e5 6e 61 73 bc 6c 8f e3 e1 d0 bf c0 84 8a | rsa signature 14 50 5a 66 98 b3 63 ad 3f c6 c9 b8 4b bc 1c f6 | rsa signature d5 1a 42 3f 8e 86 9b 42 65 75 04 7d 7d 4b b8 28 | rsa signature 07 64 99 a3 11 3c 96 8a 24 ee 5a f2 f2 48 69 86 | rsa signature fd b2 81 ff 92 97 b2 b2 96 8b be 1d bd f9 27 bc | rsa signature c3 58 92 e4 17 72 6a 2f e2 79 34 3f 4f 02 ad 13 | rsa signature 13 c7 38 58 6e 71 13 67 88 40 f0 7d 65 20 47 e4 | rsa signature 86 2c 3f 9f 44 68 89 f0 e4 dc a1 e5 6a d0 ab df | rsa signature cc 53 14 d9 cb 43 a9 ac 06 94 53 ba 29 5b c2 7a | rsa signature 12 92 f9 d5 5d 2e 38 93 b0 cf 5b 5f 50 50 a1 d5 | rsa signature 90 fa 99 b0 4d f5 b0 8b ee 2e e2 1a 3c 3f 93 87 | rsa signature a1 6c 5b df ae 67 00 f6 f9 16 9b 5d e6 0b 81 20 | rsa signature b4 3b 21 47 52 6c 8d b8 87 83 06 13 51 f1 2a d7 | rsa signature 61 a1 3f 93 f7 62 4a 49 48 b3 69 81 2d 16 cd 37 | rsa signature 35 4d 2f 85 1c 2d 23 11 52 3f d3 8e 5e 83 cb cc | #25 spent 10.2 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #25 | netlink_get_spi: allocated 0x93e7043 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-eku-ipsecIKE (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-eku-ipsecIKE": constructed local ESP/AH proposals for west-eku-ipsecIKE (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 09 3e 70 43 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 09 3e 70 43 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 09 3e 70 43 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 09 3e 70 43 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2118 | emitting length of ISAKMP Message: 2146 | **parse ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2146 (0x862) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2118 (0x846) | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 d9 09 00 00 00 30 81 ce 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 30 30 2e 06 03 | cleartext fragment 55 04 03 0c 27 77 65 73 74 2d 65 6b 75 2d 69 70 | cleartext fragment 73 65 63 49 4b 45 2e 74 65 73 74 69 6e 67 2e 6c | cleartext fragment 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 3b 30 39 | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 2c 75 73 65 | cleartext fragment 72 2d 77 65 73 74 2d 65 6b 75 2d 69 70 73 65 63 | cleartext fragment 49 4b 45 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | cleartext fragment 65 73 77 61 6e 2e 6f 72 67 27 00 04 f4 04 30 82 | cleartext fragment 04 eb 30 82 04 54 a0 03 02 01 02 02 01 25 30 0d | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 ac | cleartext fragment 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 30 | cleartext fragment 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 | cleartext fragment 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 | cleartext fragment 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 | cleartext fragment 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f | cleartext fragment 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 | cleartext fragment 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 65 73 | cleartext fragment 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f 72 20 | cleartext fragment 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 48 86 | cleartext fragment f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 40 6c | cleartext fragment 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f | cleartext fragment 32 30 31 39 30 39 31 35 31 39 34 34 35 39 5a 18 | cleartext fragment 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 39 5a | cleartext fragment 30 81 ce 31 0b 30 09 06 03 55 04 06 13 02 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | cleartext fragment 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | cleartext fragment 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | cleartext fragment 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | cleartext fragment 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | cleartext fragment 6d 65 6e 74 31 30 30 2e 06 03 55 04 03 0c 27 77 | cleartext fragment 65 73 74 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 31 3b 30 39 06 09 2a 86 48 86 | cleartext fragment f7 0d 01 09 01 16 2c 75 73 65 72 2d 77 65 73 74 | cleartext fragment 2d 65 6b 75 2d 69 70 73 65 63 49 4b 45 40 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 | cleartext fragment 82 01 81 00 a9 e8 02 2a ae b1 27 ba d1 8b 6e ec | cleartext fragment 73 99 2f 00 38 6f cf 1c 2d a9 47 dc ca 67 d0 b3 | cleartext fragment 80 78 fd 16 cf d2 2b 1d c5 bd bc 77 f2 58 e4 a7 | cleartext fragment b8 9b ad 5c ad 9f 5e 5b b4 1c a7 c7 48 47 2d 6e | cleartext fragment 84 2b 6d dc c8 37 f2 de b6 d9 30 5c a8 b0 07 aa | cleartext fragment 98 dd 17 32 6b 9f fd 93 d7 b8 c9 d8 a7 da 74 44 | cleartext fragment 40 3b cc 72 c5 f9 ee a6 30 56 5b 28 98 8d a7 2d | cleartext fragment 47 b1 48 b7 50 16 be a2 39 fd 15 39 71 f8 af ad | cleartext fragment fd 57 e9 60 c5 81 25 4c 66 ae f9 59 f2 63 87 08 | cleartext fragment eb 6d 0a e0 f7 f9 52 a0 cc 1b 77 08 8f c0 0a 8a | cleartext fragment 3e ff 7e fc 8f a3 1d ed d1 ba f0 ef f4 89 29 eb | cleartext fragment 88 6c 57 74 04 26 ca 86 f7 a8 bb 57 d5 f5 3a dd | cleartext fragment ab 83 d9 74 ba 58 5a 5e e7 25 0e 49 41 a2 d2 88 | cleartext fragment fc 07 18 5e d4 05 02 57 c6 ac 54 38 1b 53 5f 44 | cleartext fragment 51 e0 a3 a0 7f 64 f0 ec 2f 77 ab af 42 84 8f 10 | cleartext fragment c3 9d 10 a1 f2 15 cc 37 f5 51 5b df 8f 63 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 8e 3b c4 88 92 9b e9 8b 09 cb 9f d7 85 e4 9b 4f | cleartext fragment 75 d9 e0 74 19 9a 36 a2 01 27 c5 27 0e 0f ef cd | cleartext fragment 09 0a 9c 53 b7 a6 6f 22 18 42 b9 68 29 d7 dd ad | cleartext fragment f0 ea c1 01 c4 42 c2 84 d6 f8 2a 16 e1 d6 73 e4 | cleartext fragment ec 55 fa bc ff c1 d9 c0 02 22 8b 86 5a dd e8 e7 | cleartext fragment a5 73 73 16 4c 44 fb 83 a1 0c e0 ab 73 85 5f 69 | cleartext fragment 2f e0 c6 b4 30 3c 85 2b 77 5e 83 03 cc 01 61 36 | cleartext fragment bb fc ac 53 31 9f f4 be c6 1f 65 67 45 78 0c ea | cleartext fragment c6 17 e7 97 ba d3 02 03 01 00 01 a3 81 f0 30 81 | cleartext fragment ed 30 09 06 03 55 1d 13 04 02 30 00 30 32 06 03 | cleartext fragment 55 1d 11 04 2b 30 29 82 27 77 65 73 74 2d 65 6b | cleartext fragment 75 2d 69 70 73 65 63 49 4b 45 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 1d 06 | cleartext fragment 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 | cleartext fragment 03 11 06 08 2b 06 01 05 05 07 03 11 30 41 06 08 | cleartext fragment 2b 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 | cleartext fragment 2b 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f | cleartext fragment 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | cleartext fragment 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 | cleartext fragment 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e | cleartext fragment 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 | cleartext fragment 00 50 dd f7 08 b2 49 a4 a8 2f 49 3c 04 73 f9 10 | cleartext fragment 55 e4 99 07 88 08 a4 b5 59 9b 36 1c 01 7b ec 72 | cleartext fragment d7 9a 89 18 56 bb e4 f8 9a d7 4c 23 83 e0 7a 9e | cleartext fragment 12 87 64 48 39 83 51 93 73 8e 09 f5 b1 3e 02 74 | cleartext fragment 8e c3 9a e4 dc 17 98 a9 65 53 07 ce 7d 1a | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 11 a4 13 d7 51 06 76 88 ad 46 13 f7 4a 99 1f e1 | cleartext fragment 92 51 10 51 aa 52 5e 0d ab cb 41 3e 0f 81 2d 31 | cleartext fragment 39 d3 03 20 42 4f f0 8d 23 e9 ad 53 f9 ec a4 07 | cleartext fragment cb 4b 33 21 00 01 88 01 00 00 00 4b 6a 2f c0 5a | cleartext fragment f4 80 ca f1 72 6b 59 b7 e6 93 17 59 73 b9 42 b7 | cleartext fragment e6 bb 65 62 2a 3d 4c 8a 74 86 87 15 d2 1d 5f 1b | cleartext fragment 8a 5f f5 14 cc ea 3b ce 06 05 38 f7 a6 30 c3 9e | cleartext fragment a4 55 c0 6a 91 d5 b1 5c ce 8d ad e2 05 06 51 a8 | cleartext fragment 79 53 6f 73 dd a2 eb 9f 04 9b d2 39 e7 45 76 3b | cleartext fragment 9e 0d fa c4 3d ef 46 a1 d3 a4 f3 49 c6 d8 7b 9e | cleartext fragment 22 67 eb ae d5 b1 c2 97 d8 0b b2 c4 d6 e5 86 c1 | cleartext fragment 44 9e 56 21 31 f7 e6 54 76 3b 1d 20 c1 08 71 7a | cleartext fragment 26 e5 cb 2a e8 5f 50 98 2c 55 9a 1c 92 e5 6e 61 | cleartext fragment 73 bc 6c 8f e3 e1 d0 bf c0 84 8a 14 50 5a 66 98 | cleartext fragment b3 63 ad 3f c6 c9 b8 4b bc 1c f6 d5 1a 42 3f 8e | cleartext fragment 86 9b 42 65 75 04 7d 7d 4b b8 28 07 64 99 a3 11 | cleartext fragment 3c 96 8a 24 ee 5a f2 f2 48 69 86 fd b2 81 ff 92 | cleartext fragment 97 b2 b2 96 8b be 1d bd f9 27 bc c3 58 92 e4 17 | cleartext fragment 72 6a 2f e2 79 34 3f 4f 02 ad 13 13 c7 38 58 6e | cleartext fragment 71 13 67 88 40 f0 7d 65 20 47 e4 86 2c 3f 9f 44 | cleartext fragment 68 89 f0 e4 dc a1 e5 6a d0 ab df cc 53 14 d9 cb | cleartext fragment 43 a9 ac 06 94 53 ba 29 5b c2 7a 12 92 f9 d5 5d | cleartext fragment 2e 38 93 b0 cf 5b 5f 50 50 a1 d5 90 fa 99 b0 4d | cleartext fragment f5 b0 8b ee 2e e2 1a 3c 3f 93 87 a1 6c 5b df ae | cleartext fragment 67 00 f6 f9 16 9b 5d e6 0b 81 20 b4 3b 21 47 52 | cleartext fragment 6c 8d b8 87 83 06 13 51 f1 2a d7 61 a1 3f 93 f7 | cleartext fragment 62 4a 49 48 b3 69 81 2d 16 cd 37 35 4d 2f 85 1c | cleartext fragment 2d 23 11 52 3f d3 8e 5e 83 cb cc 2c 00 00 a4 02 | cleartext fragment 00 00 20 01 03 04 02 09 3e 70 43 03 00 00 0c 01 | cleartext fragment 00 00 14 80 0e 01 00 00 00 00 08 05 00 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 177 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 02 00 00 20 02 03 04 02 09 3e 70 43 03 00 00 | cleartext fragment 0c 01 00 00 14 80 0e 00 80 00 00 00 08 05 00 00 | cleartext fragment 00 02 00 00 30 03 03 04 04 09 3e 70 43 03 00 00 | cleartext fragment 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 03 00 00 | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 | cleartext fragment 00 00 00 00 30 04 03 04 04 09 3e 70 43 03 00 00 | cleartext fragment 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 03 00 00 | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 | cleartext fragment 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff | cleartext fragment ff c0 01 02 2d c0 01 02 2d 00 00 00 18 01 00 00 | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 01 02 17 c0 01 02 | cleartext fragment 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 210 | emitting length of ISAKMP Message: 238 | suspend processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #26 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #26: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #26 to 0 after switching state | Message ID: recv #25.#26 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #25.#26 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-eku-ipsecIKE" #26: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #25) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 2f 40 df 3a 1d 4c 3b 1f c9 56 0a b2 | 50 4a bb 50 30 2f 28 a3 de 29 39 ee 87 3d 58 3d | 69 eb 22 ee 1b 42 b7 6c 51 74 75 98 eb 80 78 f2 | a6 f2 1d df 51 d9 d3 bc 29 2a 2d 13 49 12 10 37 | 65 23 84 79 9b 48 51 1b 24 6f be ad 38 a3 d4 7c | 49 9a 89 e8 1c bb 33 b4 ab 2f 4c 2e 90 80 f6 15 | fd f6 4a 69 4e d8 00 d9 57 ff 62 37 1a 84 aa 7b | 10 d8 7b c4 63 19 5c a7 e7 3b 1f b7 47 04 ce 82 | 05 1a 08 4d de ba 0c 7c 46 78 9e 6d 34 f9 0a 60 | 1b a3 e2 0c 25 3c 88 3a e5 4e 2a 80 47 24 e3 99 | 00 1d 87 f9 c9 f3 25 cf 1e 6f fb 11 84 b3 5f 28 | f1 04 61 6c 98 6f cc 1c 86 d9 24 b0 3b cf ff 02 | 0c 4b 6b 62 f2 f8 ac 3a fe e9 90 b1 2a 9f ca 8f | d3 7e ab 45 90 57 5d 87 d0 e2 78 44 92 db c2 98 | 6d 5e 5c ab 7d a8 27 fe 3e 62 75 3b da 10 c0 35 | 40 4d ab 02 b2 2b be e8 c7 d3 1c 6c 7e 5c 7b 7a | f2 6c 20 bd 96 f0 22 74 0f 4a 0b 08 c2 c4 ff 71 | f4 45 7e aa 7a 7e 6a 7a 84 f8 0c 9b 83 5a 0a 34 | 75 89 ef 7b 9a 81 56 3c 05 67 8b 7c 09 f3 df fc | 90 b3 d5 c5 44 13 f9 9a de e4 1c 91 24 55 2c 37 | 5a 6a 6e b8 56 62 6c be 5a 04 cf 80 58 de 8e c5 | 54 1d a9 38 f6 0c 85 b5 95 8f a4 f3 86 74 80 78 | 73 7d 1a bf d3 cc 7c 3c c5 b6 2e 74 6a 62 e6 b5 | 1a d0 46 98 1e 32 8c af 81 e1 75 ae f0 de dd a4 | 63 f7 df 1f 48 8d ca af 02 a1 90 3e 01 cf be 01 | d0 b6 92 86 86 7f 70 98 a6 6a 97 d7 55 2f fe 83 | 7e 84 47 c5 84 61 fe 53 91 f1 4e 01 99 34 dd 59 | d0 93 cb 64 30 51 e9 fd 7b c6 18 87 b2 a5 04 2e | 19 5b 3c e8 9c 48 b3 ab 1b 7d 04 1b 37 2e 9b 0c | 22 90 f9 f3 1e 33 7d 51 63 cb 4e ed 0e 06 83 d8 | 05 c0 88 0f c5 05 4b 99 82 6c 78 33 b2 fa a2 6d | 77 ec 7d 60 60 10 03 94 ad 88 8f | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #25) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 8e a0 2e e6 bb b5 59 c3 57 6c 36 d0 | cc 5c f2 c6 71 c1 fd 4d 05 d8 6a 11 c4 7d 57 0c | 3c 88 99 6a c5 73 48 59 87 dc 49 25 5e 49 e9 50 | 7e 81 0f 2b dd 37 5c c2 51 d0 00 dd 1a dd 88 42 | 89 4e d5 7d 00 cd c2 d1 08 34 ae b8 a3 56 c3 14 | 70 47 6c 6e f4 4c fe 74 3f 89 2b ca 82 b2 49 2a | 73 d0 33 bb 94 d2 41 ef 8b 0b 52 32 7e 04 0c 1a | 6b b3 01 51 e8 13 84 5e 26 2e 28 93 83 5d 37 eb | 8a e6 36 14 73 26 55 e1 17 54 18 e4 6e ce 3a 2b | ff 31 11 de 3c 7e 9c 48 43 2b ca 1d b7 d2 7c a0 | bb 2c b1 88 0c 16 b1 ed 73 7e 9f 8a e6 3f a5 67 | d9 8b fd 55 21 18 c5 9b 18 5e a2 eb 5c 6d c5 44 | 70 62 99 8f be 7c 97 37 89 37 ca fc a6 8d 14 98 | ba 40 c9 ab 21 26 ec 29 51 de 8f 16 ca 18 47 94 | 9b e5 14 62 2f e4 f6 2b 2d 76 c0 e3 79 fe e0 3f | 32 81 d7 1e 67 03 43 ff 3e d7 81 f5 f0 8c e4 cc | 3e 63 3c ff 19 63 da 90 6a df dd ce b7 6a 3b be | 09 27 af 81 ed cd 5d 02 d7 a3 d1 04 1f 20 22 d8 | fe 85 91 cf 83 9a 2e 66 6a 62 84 20 19 d1 b9 b6 | 1e 41 6f 4a ca 01 3f b8 b0 cb 22 c5 e6 8d 87 c0 | 39 0b df 1d 38 e5 db 2c f1 fd 2c 58 f9 ef b5 59 | fb 7f 53 b9 cc d6 d1 9c 9e 97 04 9b 95 3d 7f b5 | af 38 0a 89 5e c3 09 53 0c 7e a3 a0 c6 29 d3 a5 | 63 13 e5 26 c6 12 2a 3a ff 70 77 ca 79 c8 e9 a0 | e8 e5 6c e4 64 5a 8a 7d 8a 08 c1 e1 b4 78 36 b9 | cc a6 0c d8 b0 1f e2 8a 56 70 05 90 1b b5 63 b6 | 3e 96 e5 bd af 42 ed 36 bf 81 aa 6e 0a 63 2f ce | 37 eb 64 a1 43 a0 07 85 05 b3 06 96 9d 40 56 e8 | bc 60 1d 49 96 4f 52 b0 f2 08 ff a3 30 ed ca e8 | 60 41 42 d7 47 80 d5 55 10 16 83 b6 a7 6c e1 4f | e6 b8 c6 18 76 5b bc d4 00 fb 6f 39 d5 a0 01 b1 | 12 66 9c 05 3d 99 b8 ef db c7 7c | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #25) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 95 e4 4a 89 5c 83 43 67 fd 86 f2 ab | 1c ff b5 a0 69 00 a5 35 22 8e a2 50 1c 67 30 29 | da d1 42 0f 36 be 89 99 e5 cf d9 65 14 de a6 0d | 3f f1 30 6a da cf cc 96 76 98 5c 0c 88 c3 f3 7d | f9 8d 07 c0 a7 73 57 4a 3d 75 48 9c 8f 31 96 48 | ee 78 37 15 c8 99 91 76 3f a6 66 8c 41 78 1c 82 | 2a aa 68 5e 46 29 1f e6 ae f1 ed 03 e4 d9 32 6a | e9 6b 18 f3 42 cd 6d d6 be fa 18 c0 e7 41 1c b9 | 56 f3 c8 4e 2f 6f 8e bc ca be 53 20 6c e5 6a 99 | 0e 2d b1 fd 52 af 43 27 7d 20 25 c8 c1 03 91 7f | 1c aa 02 23 52 7e 05 67 f6 e7 e6 1b c1 c0 c6 19 | 2e b5 ee fd 28 ac 80 0f 7d 81 e5 e3 4e da 57 05 | 9b 5b 19 96 de 64 bf e5 8f fb ab 97 a9 00 6b e8 | 77 33 b6 20 32 80 5a 53 42 ef 9d 80 0e 6d cd ad | a7 d8 db 8b d5 72 9c 0e 64 3e cc 7f f2 3f 4e 8c | 58 a0 4a d5 b0 ef 28 0a df 8e bd 79 de e8 1f 00 | 8b ac 62 72 a8 65 c9 65 3d dd 79 7a 64 3b 74 84 | 80 d9 5a 4d 4d 42 8a d8 5f 83 c9 7c d4 61 8c df | fc a6 6c 3c 7f cf e0 90 50 fa 5f 27 94 80 cb ef | b0 0b 11 57 24 e1 22 ff 3e 8e 99 1c b5 d9 38 60 | 15 e9 f6 66 93 4e ab 1a 4c 9a 3b 74 4a f3 bb 80 | a7 8b 7d b3 b7 48 71 6c 85 3f 9f 08 74 83 77 8c | 7e eb 7b 92 fd 84 a9 e2 fb da 31 5f 98 26 93 0a | a9 63 16 46 84 ac f2 dd 0e 68 be 3d 0a fb 91 12 | e9 aa d9 bb 3a 37 1f 02 4b 28 29 13 06 35 0e ff | 48 dc a5 92 3e 34 cf f8 dc 03 a2 66 a2 fb 6f 05 | 63 3c c5 43 b2 d0 0f f0 82 46 e8 ce 4d cd bd 76 | f6 f0 de 22 77 7f 49 4d 23 38 68 21 bf 1e c3 31 | 4f d8 45 6b f5 e3 94 6f 7c 18 68 68 0a 89 e6 d3 | ba 21 d4 9d b8 3a 72 a0 6e 21 a5 a1 65 fb 00 af | ad 45 32 af 39 7e 8b 65 7c 31 ce c0 6e a2 84 8f | e8 7a 89 e2 79 a1 0e ce ac 4e c2 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #25) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 57 2b 56 8d 25 b7 a6 63 68 63 44 36 | 7e d1 a3 b1 9a fc 86 fc 52 52 a2 c7 82 83 d7 43 | ee 48 f6 c9 40 a3 d6 9a 38 f2 54 f5 b4 8d 9f c9 | 93 0a e3 7a 24 f8 81 92 94 82 08 46 a6 b6 f9 bf | 1b b4 e1 45 ad a9 09 7f de 1c cf 5c b4 52 e5 45 | 61 c4 5d 86 44 14 6c a2 52 c9 f3 ce 36 20 f1 16 | 29 59 1a 02 fe 71 eb 87 81 aa e1 13 2d 70 30 28 | 15 f9 ce 5f 78 5f 69 67 83 5f a0 33 0f cb d1 2f | 81 54 3f 56 04 18 e5 09 33 c9 96 d7 51 73 52 de | 37 26 e8 ca cc 5d 68 67 fd ce 65 03 57 de 74 9f | e7 09 54 79 c2 6c 14 eb 26 d3 28 f4 74 e7 00 fb | 60 e3 55 22 1d f0 4e f1 8f 47 c0 51 5d 46 16 d0 | 1a a3 54 86 9b 02 e7 e0 99 18 75 b3 bf 1e 17 aa | 1e ad f1 71 87 93 15 ca 34 89 6a c7 35 6f bf 56 | 1e 4e 11 5a 6d 6a f0 e7 ed e8 04 60 a3 e0 48 91 | aa a3 5b 12 02 e7 d1 a5 fa fb 2b 64 1a 95 0f 14 | 94 7d b6 19 32 44 7a 96 0c 11 64 d3 ef f6 f1 35 | 55 dc 3e 3c 39 44 89 67 65 11 f4 54 6e 22 0e d4 | 27 5c d5 49 47 17 52 40 e6 5d f0 af 22 08 6c bc | d6 ff 02 6c 61 5d ed 2f 65 27 0b 63 1f 81 c6 f1 | 34 30 be e1 34 26 f0 28 05 3d 25 7b 38 a4 2e ec | 30 35 34 09 a6 d3 b6 38 3f ec ea 78 46 90 a1 c7 | 5c 16 e6 24 b9 4a 9c a7 a1 8c f8 e4 6c 46 fa bd | 78 ff d0 42 68 09 6f 0b 41 48 07 b5 b2 2f 7b 0e | 86 0e 4d 7d 3a f2 56 0c 9a 05 41 f0 51 98 b2 b8 | b0 52 f6 e0 6e ea 5b 1b 86 61 41 1b f7 60 93 96 | b0 a4 ec b0 e6 81 8f eb 52 21 e3 46 ee bb 87 d7 | fa 66 0f 3f 68 72 48 dc 1b 03 b4 9b 85 2b ae 83 | f6 40 da 97 e5 9f 01 f2 7d 40 9d 58 c5 a6 50 a7 | dd cd 01 88 d6 5e 52 eb 9f 6b 5a cf 61 bb 91 b8 | 00 f5 a4 13 a0 37 9b 79 b9 65 05 ff 36 94 cd b2 | 07 1f aa 7f d9 86 b9 3c e2 58 ce | sending 238 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #25) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 35 20 23 08 00 00 00 01 00 00 00 ee 00 00 00 d2 | 00 05 00 05 56 39 6c f2 f9 02 3a 49 20 da 22 da | 9e 3a a1 4c fb 11 11 e6 f5 4f 8e 3c 90 54 94 69 | 99 c4 bf 48 83 76 9e eb e6 24 86 cd 0a c4 ce bb | 29 3e 43 67 68 de d2 5b 7d 66 27 b0 a3 d8 22 3a | 97 69 5b ce a8 83 d2 59 e5 c6 b2 2d d6 f5 52 ea | 08 c8 0d ae a3 e3 33 99 6c 67 8e a7 4f 43 30 12 | 38 12 21 90 a8 5f 16 d6 49 f3 01 fa e8 e1 be b2 | d7 d3 e5 ed f4 50 4b cb 49 bf 8f 96 e4 1f f4 47 | aa 2e 14 bf df 93 91 5e e4 d8 c7 bf d0 80 a5 d6 | 00 2b 47 b6 67 fe 3a 15 79 2b 53 df 49 19 67 8b | 98 9c 1b 93 f2 53 04 42 a7 b7 9d 3e e2 88 12 9f | 30 2a 97 25 c3 4f 80 8e a6 9d 8d 47 12 a6 8f a8 | fd c2 34 e9 d3 6c 8b ad 8c 1b 47 44 8e c2 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-eku-ipsecIKE" #26: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c81b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #26 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | #26 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49009.609014 | resume sending helper answer for #25 suppresed complete_v2_state_transition() | #25 spent 1.82 milliseconds | #25 spent 12.4 milliseconds in resume sending helper answer | stop processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f20840012f0 | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 4e 71 10 4b b2 3a 8a ea 40 72 db f2 a7 57 b4 10 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 27 63 cc b5 2e 85 20 e7 84 ec 23 6d 01 82 e1 77 | 4c b1 57 79 a0 a6 0d 9c 93 03 41 b1 1d e2 d0 9c | c2 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4e 71 10 4b b2 3a 8a ea | responder cookie: | 40 72 db f2 a7 57 b4 10 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #25 in PARENT_I2 (find_v2_ike_sa) | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #26 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #26 is idle | #26 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #26 in state PARENT_I2: sent v2I2, expected v2R2 | #26 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-eku-ipsecIKE" #26: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #25 ikev2.ike failed auth-failed "west-eku-ipsecIKE" #26: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #26 fd@25 .st_dev=9 .st_ino=1728040 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #25 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f208c001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c81b0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c81b0 | inserting event EVENT_RETRANSMIT, timeout in 59.996262 seconds for #26 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 "west-eku-ipsecIKE" #26: STATE_PARENT_I2: suppressing retransmits; will wait 59.996262 seconds for retry | #26 spent 0.0639 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #26 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #25 spent 0.244 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.257 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-ipsecIKE" (in terminate_a_connection() at terminate.c:69) "west-eku-ipsecIKE": terminating SAs using this connection | connection 'west-eku-ipsecIKE' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #26 | suspend processing: connection "west-eku-ipsecIKE" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #26 ikev2.child deleted other | #26 spent 0.0639 milliseconds in total | [RE]START processing: state #26 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-eku-ipsecIKE" #26: deleting state (STATE_PARENT_I2) aged 0.084s and NOT sending notification | child state #26: PARENT_I2(open IKE SA) => delete | child state #26: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #26 requesting EVENT_RETRANSMIT to be deleted | #26 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f208c001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c81b0 | priority calculation of connection "west-eku-ipsecIKE" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-eku-ipsecIKE" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-eku-ipsecIKE | State DB: deleting IKEv2 state #26 in CHILDSA_DEL | child state #26: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #26 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #25 | start processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #25 ikev2.ike deleted auth-failed | #25 spent 16.8 milliseconds in total | [RE]START processing: state #25 connection "west-eku-ipsecIKE" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-eku-ipsecIKE" #25: deleting state (STATE_PARENT_I2) aged 0.092s and NOT sending notification | parent state #25: PARENT_I2(open IKE SA) => delete | state #25 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2080004f00 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a5c9aa0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-eku-ipsecIKE | State DB: deleting IKEv2 state #25 in PARENT_I2 | parent state #25: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #25 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-eku-ipsecIKE" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-eku-ipsecIKE' wasn't on the list | stop processing: connection "west-eku-ipsecIKE" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.329 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ku-keyAgreement-digitalSignature" (in initiate_a_connection() at initiate.c:186) | connection 'west-ku-keyAgreement-digitalSignature' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #27 at 0x56366a5a3770 | State DB: adding IKEv2 state #27 in UNDEFINED | pstats #27 ikev2.ike started | Message ID: init #27: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #27: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #27; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-ku-keyAgreement-digitalSignature" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-ku-keyAgreement-digitalSignature" IKE SA #27 "west-ku-keyAgreement-digitalSignature" "west-ku-keyAgreement-digitalSignature" #27: initiating v2 parent SA | constructing local IKE proposals for west-ku-keyAgreement-digitalSignature (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-ku-keyAgreement-digitalSignature": constructed local IKE proposals for west-ku-keyAgreement-digitalSignature (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 27 for state #27 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #27 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | #27 spent 0.155 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-ku-keyAgreement-digitalSignature" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.22 milliseconds in whack | crypto helper 3 resuming | crypto helper 3 starting work-order 27 for state #27 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 27 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 27 time elapsed 0.000969 seconds | (#27) spent 0.977 milliseconds in crypto helper computing work-order 27: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 27 for state #27 to event queue | scheduling resume sending helper answer for #27 | libevent_malloc: new ptr-libevent@0x7f2078004f00 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #27 | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 27 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #27 | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-ku-keyAgreement-digitalSignature (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 11 b4 a2 1b 98 f0 e2 3d 08 df c9 8d e6 0d 39 03 | ikev2 g^x 2c 1a 37 75 c3 ff 6a 8d c0 8d 13 07 db a0 da be | ikev2 g^x a9 2c be 49 37 4d ed a0 96 61 98 f7 17 1a 06 b9 | ikev2 g^x 5f 91 36 39 f0 4c 5c 8d 27 bd 27 f2 5c 1b a2 4b | ikev2 g^x a9 e7 cf 72 69 70 95 fa 3e 64 84 4c 6b f9 24 4e | ikev2 g^x 35 c4 6a 40 a7 e2 9c 90 b1 ce c5 c5 e3 e8 61 85 | ikev2 g^x 9d c5 bd f5 c8 12 9e e7 6f f5 e7 c5 5a e0 cc af | ikev2 g^x 06 b8 6f 1c db 2e 3b 7e 69 9d ed f7 47 71 d0 33 | ikev2 g^x 14 54 77 23 2c ff 6f a7 16 a8 fe a2 b3 9e 2f b8 | ikev2 g^x 45 23 0e 67 59 5d d0 11 f8 6d be 0c f4 c7 9c 6e | ikev2 g^x d6 17 82 cd 22 8f 18 2e e3 08 43 c4 b2 aa e7 53 | ikev2 g^x d8 a2 9b 6e c0 f8 97 7f f8 c8 b1 8f 57 da ad 93 | ikev2 g^x fb 5a 8b 91 26 7f 94 80 af a8 aa ee 50 9d 99 9a | ikev2 g^x 43 4a 3a c6 7c fe 62 bb 89 ef 4e af 70 65 7f e1 | ikev2 g^x f2 ee 88 a4 82 87 9b 0f 02 61 db b1 88 b7 66 d4 | ikev2 g^x 3c 62 9a 7f ec cf 36 a6 22 0e e3 8b 82 35 cf 89 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce d0 3b aa c0 97 a5 17 0e 4e 73 b8 a4 bf 2a 2e 09 | IKEv2 nonce 9b 1e e1 2f b7 06 9f b5 39 5d f7 1a e8 26 2c de | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= f1 d0 28 f7 c3 96 e0 99 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 9c d0 03 8b 85 cb 5c eb 49 25 ff c0 73 aa d0 02 | natd_hash: hash= 3e 89 3d 0b | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9c d0 03 8b 85 cb 5c eb 49 25 ff c0 73 aa d0 02 | Notify data 3e 89 3d 0b | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= f1 d0 28 f7 c3 96 e0 99 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= fd 12 11 7a 81 4b 02 cd 0a 8d e7 46 71 d8 60 bb | natd_hash: hash= 64 5c 15 ab | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data fd 12 11 7a 81 4b 02 cd 0a 8d e7 46 71 d8 60 bb | Notify data 64 5c 15 ab | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #27 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #27: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #27 to 4294967295 after switching state | Message ID: IKE #27 skipping update_recv as MD is fake | Message ID: sent #27 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-ku-keyAgreement-digitalSignature" #27: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #27) | f1 d0 28 f7 c3 96 e0 99 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 11 b4 a2 1b 98 f0 e2 3d | 08 df c9 8d e6 0d 39 03 2c 1a 37 75 c3 ff 6a 8d | c0 8d 13 07 db a0 da be a9 2c be 49 37 4d ed a0 | 96 61 98 f7 17 1a 06 b9 5f 91 36 39 f0 4c 5c 8d | 27 bd 27 f2 5c 1b a2 4b a9 e7 cf 72 69 70 95 fa | 3e 64 84 4c 6b f9 24 4e 35 c4 6a 40 a7 e2 9c 90 | b1 ce c5 c5 e3 e8 61 85 9d c5 bd f5 c8 12 9e e7 | 6f f5 e7 c5 5a e0 cc af 06 b8 6f 1c db 2e 3b 7e | 69 9d ed f7 47 71 d0 33 14 54 77 23 2c ff 6f a7 | 16 a8 fe a2 b3 9e 2f b8 45 23 0e 67 59 5d d0 11 | f8 6d be 0c f4 c7 9c 6e d6 17 82 cd 22 8f 18 2e | e3 08 43 c4 b2 aa e7 53 d8 a2 9b 6e c0 f8 97 7f | f8 c8 b1 8f 57 da ad 93 fb 5a 8b 91 26 7f 94 80 | af a8 aa ee 50 9d 99 9a 43 4a 3a c6 7c fe 62 bb | 89 ef 4e af 70 65 7f e1 f2 ee 88 a4 82 87 9b 0f | 02 61 db b1 88 b7 66 d4 3c 62 9a 7f ec cf 36 a6 | 22 0e e3 8b 82 35 cf 89 29 00 00 24 d0 3b aa c0 | 97 a5 17 0e 4e 73 b8 a4 bf 2a 2e 09 9b 1e e1 2f | b7 06 9f b5 39 5d f7 1a e8 26 2c de 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 9c d0 03 8b | 85 cb 5c eb 49 25 ff c0 73 aa d0 02 3e 89 3d 0b | 00 00 00 1c 00 00 40 05 fd 12 11 7a 81 4b 02 cd | 0a 8d e7 46 71 d8 60 bb 64 5c 15 ab | state #27 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f208c001350 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ku-keyAgreement-digitalSignature" #27: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5c81b0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #27 | libevent_malloc: new ptr-libevent@0x7f208c001350 size 128 | #27 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49011.822883 | resume sending helper answer for #27 suppresed complete_v2_state_transition() and stole MD | #27 spent 1.23 milliseconds in resume sending helper answer | stop processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2078004f00 | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 56 80 fb 68 | 6d 69 22 91 c6 1b 51 93 79 0c e5 34 71 1e 8c 64 | 3d f0 34 c9 3e 36 cb a8 72 6e b3 34 33 bf 9b ab | 24 75 bd 13 36 85 33 66 fc 39 d0 c6 31 9a 5d 6a | 50 2e d3 4f d1 e4 49 cf 96 bb 56 65 66 86 e9 15 | 6c 3d 84 e9 f2 df eb 04 04 32 e4 f1 c5 17 ae 9c | f8 7d a4 28 a6 f8 62 1e 50 7f c7 fd fc df b1 16 | 89 c3 4c d9 e4 a0 fa dd dc 31 a9 58 3c 65 15 da | cf 96 e9 64 0f 44 a7 26 0f 0f 39 00 90 58 f7 ae | 58 90 53 82 66 2e 71 94 90 fd a7 89 30 c8 e1 a7 | a8 c6 9d be 58 91 e7 f1 37 19 95 63 3f 96 e0 67 | fe 30 0a 94 47 15 49 94 e5 cd f0 0f da 94 34 9a | b9 a0 08 8a 8f be ba 44 14 ae e4 3e d1 7d 6f 48 | a8 c2 b0 51 ee df 78 8b 78 43 bd 65 ad 2d 7f 9a | 20 2a 84 fb 75 6f 60 da f2 7f 4c 4d 9d 47 6f c6 | ee 08 c7 91 fd 07 f9 a8 fc fc 47 99 11 5d 12 a0 | 40 d9 9a 50 f8 d0 3c b2 41 fe 1d f4 29 00 00 24 | 50 47 c9 20 45 18 32 81 94 c2 b7 a9 82 65 f7 a5 | 21 5d 99 48 c9 2c 17 55 56 69 ff 9e b8 9f eb f4 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 27 4a 1e af 12 cc 01 df 85 44 13 cf ae 3c 41 57 | 14 97 f5 cf 26 00 00 1c 00 00 40 05 f2 11 bd e8 | 27 1c c8 bb 16 84 74 2f 61 20 f7 86 34 5d 40 bf | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #27 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #27 is idle | #27 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #27 IKE SPIi and SPI[ir] | #27 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-ku-keyAgreement-digitalSignature (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= f1 d0 28 f7 c3 96 e0 99 | natd_hash: rcookie= e8 60 c7 03 59 e3 21 70 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f2 11 bd e8 27 1c c8 bb 16 84 74 2f 61 20 f7 86 | natd_hash: hash= 34 5d 40 bf | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= f1 d0 28 f7 c3 96 e0 99 | natd_hash: rcookie= e8 60 c7 03 59 e3 21 70 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 27 4a 1e af 12 cc 01 df 85 44 13 cf ae 3c 41 57 | natd_hash: hash= 14 97 f5 cf | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 28 for state #27 | state #27 requesting EVENT_RETRANSMIT to be deleted | #27 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f208c001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5c81b0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #27 | libevent_malloc: new ptr-libevent@0x7f2078004f00 size 128 | #27 spent 0.233 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #27 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #27 and saving MD | #27 is busy; has a suspended MD | [RE]START processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "west-ku-keyAgreement-digitalSignature" #27 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #27 spent 0.481 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.493 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 28 for state #27 | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 28 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 28 time elapsed 0.001291 seconds | (#27) spent 1.29 milliseconds in crypto helper computing work-order 28: ikev2_inR1outI2 KE (pcr) | crypto helper 5 sending results from work-order 28 for state #27 to event queue | scheduling resume sending helper answer for #27 | libevent_malloc: new ptr-libevent@0x7f207c001350 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #27 | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 28 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #27: calculating g^{xy}, sending I2 | creating state object #28 at 0x56366a5c49b0 | State DB: adding IKEv2 state #28 in UNDEFINED | pstats #28 ikev2.child started | duplicating state object #27 "west-ku-keyAgreement-digitalSignature" as #28 for IPSEC SA | #28 setting local endpoint to 192.1.2.45:500 from #27.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #27.#28; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #27 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #27.#28 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #27 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2078004f00 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5c81b0 | event_schedule: new EVENT_SA_REPLACE-pe@0x56366a5c81b0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #27 | libevent_malloc: new ptr-libevent@0x7f2078004f00 size 128 | parent state #27: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 249 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 f6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 44 30 42 06 03 55 04 03 0c 3b 77 65 73 | my identity 74 2d 6b 75 2d 6b 65 79 41 67 72 65 65 6d 65 6e | my identity 74 2d 64 69 67 69 74 61 6c 53 69 67 6e 61 74 75 | my identity 72 65 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | my identity 73 77 61 6e 2e 6f 72 67 31 4f 30 4d 06 09 2a 86 | my identity 48 86 f7 0d 01 09 01 16 40 75 73 65 72 2d 77 65 | my identity 73 74 2d 6b 75 2d 6b 65 79 41 67 72 65 65 6d 65 | my identity 6e 74 2d 64 69 67 69 74 61 6c 53 69 67 6e 61 74 | my identity 75 72 65 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | my identity 65 73 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 257 | Sending [CERT] of certificate: E=user-west-ku-keyAgreement-digitalSignature@testing.libreswan.org,CN=west-ku-keyAgreement-digitalSignature.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1325 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 05 29 30 82 04 92 a0 03 02 01 02 02 01 1d | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 f6 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 44 30 42 06 03 55 04 03 0c 3b 77 | CERT 65 73 74 2d 6b 75 2d 6b 65 79 41 67 72 65 65 6d | CERT 65 6e 74 2d 64 69 67 69 74 61 6c 53 69 67 6e 61 | CERT 74 75 72 65 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 4f 30 4d 06 09 | CERT 2a 86 48 86 f7 0d 01 09 01 16 40 75 73 65 72 2d | CERT 77 65 73 74 2d 6b 75 2d 6b 65 79 41 67 72 65 65 | CERT 6d 65 6e 74 2d 64 69 67 69 74 61 6c 53 69 67 6e | CERT 61 74 75 72 65 40 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 9d fd 94 73 | CERT 54 c3 30 16 60 6f 81 77 58 6c de de d3 a2 03 2e | CERT a0 8e 9e a3 b3 62 ca a9 f5 86 3b 54 3d 68 8a 85 | CERT 32 ed f3 2f b5 28 c8 fe 21 47 e6 d4 5b ab 9a 6b | CERT b3 a4 50 b3 74 ec 22 a0 b1 b3 8e 61 27 c4 79 d2 | CERT b8 0c 4d d0 85 39 3d 2b 7e 0f 95 63 bf c9 27 d9 | CERT 8e 97 66 ef 1f fe 5b 06 6c 7c 34 4d 5a cc 39 b6 | CERT 73 e4 1d 61 0f 8a 9d 8e 89 ca e7 a4 5d 96 f5 4d | CERT c7 94 99 8d c4 00 64 4b 5d 87 d8 3e f7 01 7d dc | CERT 71 a8 b9 e8 ad 08 91 3a 6a 9c d6 8c 81 2a be 71 | CERT 68 b6 90 ad d5 3a 2e 05 d9 30 fe b9 cf f8 ad e1 | CERT 9d f4 5a aa 89 ea 45 a7 7e c6 e1 8e ea ce 7c aa | CERT 37 f9 36 47 4d 4b 5f dd 03 62 b5 f2 5f 31 25 11 | CERT 78 00 36 ea d1 aa db 37 08 59 e8 32 69 ab 99 be | CERT 51 fb b9 34 c9 17 61 1d d7 04 12 eb 47 a5 a8 26 | CERT 18 31 b3 a4 e7 67 5d 9d 5b 8c 0b 62 43 e3 0d 62 | CERT 04 03 19 51 09 a1 2e 5c 90 3d b4 9f e3 98 5e 78 | CERT 37 c4 b9 84 e8 08 28 ff 33 f4 e6 fd c2 75 e1 04 | CERT 1e 9c cc 95 4d e3 64 1d eb 30 5e cb 01 bd c5 61 | CERT 78 2e 91 1c 4a 10 81 b7 f5 32 45 ab fa fc df 09 | CERT 5a dd e2 6d 5e 61 79 38 e5 d2 15 4b c7 25 b7 3a | CERT fe 14 06 29 9c 52 cd 8a 21 a8 0f 2f 77 46 13 e0 | CERT f3 98 82 cb 18 c5 b7 5d 98 7f 03 03 55 50 e4 cf | CERT 1f fb 55 ab 9d d5 ff 6a 47 6e bf 01 6b 98 74 f9 | CERT c3 ba f0 a5 c3 a8 a8 58 b0 22 25 71 02 03 01 00 | CERT 01 a3 82 01 05 30 82 01 01 30 09 06 03 55 1d 13 | CERT 04 02 30 00 30 46 06 03 55 1d 11 04 3f 30 3d 82 | CERT 3b 77 65 73 74 2d 6b 75 2d 6b 65 79 41 67 72 65 | CERT 65 6d 65 6e 74 2d 64 69 67 69 74 61 6c 53 69 67 | CERT 6e 61 74 75 72 65 2e 74 65 73 74 69 6e 67 2e 6c | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 | CERT 55 1d 0f 04 04 03 02 03 88 30 1d 06 03 55 1d 25 | CERT 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 | CERT 2b 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 | CERT 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 | CERT 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 | CERT 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | CERT 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 | CERT 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 | CERT 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 | CERT 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 | CERT 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 | CERT 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 7c 86 68 | CERT ed 6e e3 81 c6 8a 43 2b b5 94 b8 e0 03 e0 c1 aa | CERT 2c 95 49 73 d2 44 24 ee 84 02 e9 1c f2 b5 97 d1 | CERT c0 70 4d 85 e3 dc b0 cf 96 b4 3a 2f 77 50 ef 0d | CERT 8c 8f 64 af 39 81 04 17 f3 06 7d b0 be 91 0b f5 | CERT 62 89 c9 f4 70 63 db 88 3a eb ab 9a da 0d be 31 | CERT 34 b4 1c 6c 13 2f 9e 0d f3 a2 9e d9 08 0d b9 9e | CERT 64 6a 73 cb a1 09 2b 13 0b 70 af 7b b7 40 b5 20 | CERT 5f 64 12 1f cb 3e 72 ab 7d 28 d6 9f b2 | emitting length of IKEv2 Certificate Payload: 1330 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ku-keyAgreement-digitalSignature.testing.libreswan.org, E=user-west-ku-keyAgreement-digitalSignature@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAanoA vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAcMYk vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAa7e2 vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAdlAH vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAZ39l | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAZ39l | private key for cert west-ku-keyAgreement-digitalSignature not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAZ39l vs PKK_RSA:AwEAAZ39l | #27 spent 9.15 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 1e 71 7d f6 a6 6a 71 37 b5 8d 0d 0c 0a 5c 2a d8 | rsa signature 0e 89 7f 6a 51 a3 85 b9 61 c2 a3 02 1a 01 19 17 | rsa signature f0 a7 42 77 98 fd 00 59 bf 00 7f 6d 3a 97 99 6d | rsa signature 04 d0 3a 1d 6c 3e ce 21 45 66 ec 2c 7c 20 b3 1b | rsa signature 61 73 ca 36 77 d3 b7 28 84 e7 9d c3 35 59 53 81 | rsa signature 45 e8 3d a0 5a 8a 5b 49 ba dc dd b7 3f 08 66 4c | rsa signature c5 38 85 d7 3d 50 99 2c 69 b2 1f 59 c5 8b 92 d8 | rsa signature d2 05 52 de c4 18 3b a8 67 b4 4d 20 ef 6a 03 cf | rsa signature 56 3c 0e f9 5d cc 3d 25 43 78 39 c6 3b 5a 32 96 | rsa signature dd df c9 f8 03 00 bb 12 aa 5a 0a b3 f6 94 bc fd | rsa signature 94 a6 a9 ca 26 0c 07 5f 4e a1 d6 f1 d3 18 24 2f | rsa signature 12 b1 17 78 76 fd 8f fb 0a 1c 42 e7 6c 28 46 61 | rsa signature e7 15 7e 2f 64 e6 74 eb e1 ae 1a a6 35 64 06 45 | rsa signature c5 fe 62 0b af b0 18 53 3a a1 32 f3 76 0f aa ac | rsa signature 13 16 69 3e fa f4 84 2a 05 ab 50 76 12 4b 3d 11 | rsa signature ca 88 97 46 71 50 79 f2 cc b8 20 4b a0 f8 c9 c4 | rsa signature 42 3a 23 59 c5 c1 53 f5 95 18 b0 50 34 ce d9 7d | rsa signature 17 1c e6 cf 87 c4 3c 86 35 8a 71 c7 30 30 4d 3e | rsa signature a3 12 ce 02 24 5e 4a 80 42 60 4f 3d 13 f7 a5 2d | rsa signature b0 29 b8 7c fd 4f 5d 79 f3 5d 2c 94 55 a0 6f eb | rsa signature 88 41 2e e2 80 85 c7 49 68 4b 2a 5b 3b 90 2f 39 | rsa signature dc 5c 92 8d e5 df e6 c5 ec 35 86 85 fd 07 f2 28 | rsa signature d6 c0 b8 f8 84 91 9c 8e 08 38 60 b5 bc fa 8b 66 | rsa signature 0a 05 37 6d b0 41 46 7e 81 c7 79 95 dc 3d c3 c5 | #27 spent 9.61 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #27 | netlink_get_spi: allocated 0x150f2804 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-ku-keyAgreement-digitalSignature (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-ku-keyAgreement-digitalSignature": constructed local ESP/AH proposals for west-ku-keyAgreement-digitalSignature (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 0f 28 04 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 0f 28 04 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 0f 28 04 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 15 0f 28 04 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2220 | emitting length of ISAKMP Message: 2248 | **parse ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2248 (0x8c8) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2220 (0x8ac) | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 01 01 09 00 00 00 30 81 f6 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 44 30 42 06 03 | cleartext fragment 55 04 03 0c 3b 77 65 73 74 2d 6b 75 2d 6b 65 79 | cleartext fragment 41 67 72 65 65 6d 65 6e 74 2d 64 69 67 69 74 61 | cleartext fragment 6c 53 69 67 6e 61 74 75 72 65 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 31 4f 30 4d 06 09 2a 86 48 86 f7 0d 01 09 01 16 | cleartext fragment 40 75 73 65 72 2d 77 65 73 74 2d 6b 75 2d 6b 65 | cleartext fragment 79 41 67 72 65 65 6d 65 6e 74 2d 64 69 67 69 74 | cleartext fragment 61 6c 53 69 67 6e 61 74 75 72 65 40 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 27 00 05 32 04 30 82 05 29 30 82 04 92 a0 03 | cleartext fragment 02 01 02 02 01 1d 30 0d 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 39 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 31 35 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 | cleartext fragment 39 31 34 31 39 34 34 35 39 5a 30 81 f6 31 0b 30 | cleartext fragment 09 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 | cleartext fragment 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 44 30 42 | cleartext fragment 06 03 55 04 03 0c 3b 77 65 73 74 2d 6b 75 2d 6b | cleartext fragment 65 79 41 67 72 65 65 6d 65 6e 74 2d 64 69 67 69 | cleartext fragment 74 61 6c 53 69 67 6e 61 74 75 72 65 2e 74 65 73 | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 31 4f 30 4d 06 09 2a 86 48 86 f7 0d 01 09 | cleartext fragment 01 16 40 75 73 65 72 2d 77 65 73 74 2d 6b 75 2d | cleartext fragment 6b 65 79 41 67 72 65 65 6d 65 6e 74 2d 64 69 67 | cleartext fragment 69 74 61 6c 53 69 67 6e 61 74 75 72 65 40 74 65 | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 | cleartext fragment 82 01 81 00 9d fd 94 73 54 c3 30 16 60 6f 81 77 | cleartext fragment 58 6c de de d3 a2 03 2e a0 8e 9e a3 b3 62 ca a9 | cleartext fragment f5 86 3b 54 3d 68 8a 85 32 ed f3 2f b5 28 c8 fe | cleartext fragment 21 47 e6 d4 5b ab 9a 6b b3 a4 50 b3 74 ec 22 a0 | cleartext fragment b1 b3 8e 61 27 c4 79 d2 b8 0c 4d d0 85 39 3d 2b | cleartext fragment 7e 0f 95 63 bf c9 27 d9 8e 97 66 ef 1f fe 5b 06 | cleartext fragment 6c 7c 34 4d 5a cc 39 b6 73 e4 1d 61 0f 8a 9d 8e | cleartext fragment 89 ca e7 a4 5d 96 f5 4d c7 94 99 8d c4 00 64 4b | cleartext fragment 5d 87 d8 3e f7 01 7d dc 71 a8 b9 e8 ad 08 91 3a | cleartext fragment 6a 9c d6 8c 81 2a be 71 68 b6 90 ad d5 3a 2e 05 | cleartext fragment d9 30 fe b9 cf f8 ad e1 9d f4 5a aa 89 ea | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 45 a7 7e c6 e1 8e ea ce 7c aa 37 f9 36 47 4d 4b | cleartext fragment 5f dd 03 62 b5 f2 5f 31 25 11 78 00 36 ea d1 aa | cleartext fragment db 37 08 59 e8 32 69 ab 99 be 51 fb b9 34 c9 17 | cleartext fragment 61 1d d7 04 12 eb 47 a5 a8 26 18 31 b3 a4 e7 67 | cleartext fragment 5d 9d 5b 8c 0b 62 43 e3 0d 62 04 03 19 51 09 a1 | cleartext fragment 2e 5c 90 3d b4 9f e3 98 5e 78 37 c4 b9 84 e8 08 | cleartext fragment 28 ff 33 f4 e6 fd c2 75 e1 04 1e 9c cc 95 4d e3 | cleartext fragment 64 1d eb 30 5e cb 01 bd c5 61 78 2e 91 1c 4a 10 | cleartext fragment 81 b7 f5 32 45 ab fa fc df 09 5a dd e2 6d 5e 61 | cleartext fragment 79 38 e5 d2 15 4b c7 25 b7 3a fe 14 06 29 9c 52 | cleartext fragment cd 8a 21 a8 0f 2f 77 46 13 e0 f3 98 82 cb 18 c5 | cleartext fragment b7 5d 98 7f 03 03 55 50 e4 cf 1f fb 55 ab 9d d5 | cleartext fragment ff 6a 47 6e bf 01 6b 98 74 f9 c3 ba f0 a5 c3 a8 | cleartext fragment a8 58 b0 22 25 71 02 03 01 00 01 a3 82 01 05 30 | cleartext fragment 82 01 01 30 09 06 03 55 1d 13 04 02 30 00 30 46 | cleartext fragment 06 03 55 1d 11 04 3f 30 3d 82 3b 77 65 73 74 2d | cleartext fragment 6b 75 2d 6b 65 79 41 67 72 65 65 6d 65 6e 74 2d | cleartext fragment 64 69 67 69 74 61 6c 53 69 67 6e 61 74 75 72 65 | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 | cleartext fragment 02 03 88 30 1d 06 03 55 1d 25 04 16 30 14 06 08 | cleartext fragment 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 | cleartext fragment 03 02 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 | cleartext fragment 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 | cleartext fragment 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 | cleartext fragment 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e | cleartext fragment 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | cleartext fragment 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d | cleartext fragment 01 01 0b 05 00 03 81 81 00 7c 86 68 ed 6e e3 81 | cleartext fragment c6 8a 43 2b b5 94 b8 e0 03 e0 c1 aa 2c 95 49 73 | cleartext fragment d2 44 24 ee 84 02 e9 1c f2 b5 97 d1 c0 70 4d 85 | cleartext fragment e3 dc b0 cf 96 b4 3a 2f 77 50 ef 0d 8c 8f 64 af | cleartext fragment 39 81 04 17 f3 06 7d b0 be 91 0b f5 62 89 c9 f4 | cleartext fragment 70 63 db 88 3a eb ab 9a da 0d be 31 34 b4 1c 6c | cleartext fragment 13 2f 9e 0d f3 a2 9e d9 08 0d b9 9e 64 6a 73 cb | cleartext fragment a1 09 2b 13 0b 70 af 7b b7 40 b5 20 5f 64 12 1f | cleartext fragment cb 3e 72 ab 7d 28 d6 9f b2 21 00 01 88 01 00 00 | cleartext fragment 00 1e 71 7d f6 a6 6a 71 37 b5 8d 0d 0c 0a 5c 2a | cleartext fragment d8 0e 89 7f 6a 51 a3 85 b9 61 c2 a3 02 1a 01 19 | cleartext fragment 17 f0 a7 42 77 98 fd 00 59 bf 00 7f 6d 3a 97 99 | cleartext fragment 6d 04 d0 3a 1d 6c 3e ce 21 45 66 ec 2c 7c 20 b3 | cleartext fragment 1b 61 73 ca 36 77 d3 b7 28 84 e7 9d c3 35 59 53 | cleartext fragment 81 45 e8 3d a0 5a 8a 5b 49 ba dc dd b7 3f 08 66 | cleartext fragment 4c c5 38 85 d7 3d 50 99 2c 69 b2 1f 59 c5 8b 92 | cleartext fragment d8 d2 05 52 de c4 18 3b a8 67 b4 4d 20 ef 6a 03 | cleartext fragment cf 56 3c 0e f9 5d cc 3d 25 43 78 39 c6 3b 5a 32 | cleartext fragment 96 dd df c9 f8 03 00 bb 12 aa 5a 0a b3 f6 94 bc | cleartext fragment fd 94 a6 a9 ca 26 0c 07 5f 4e a1 d6 f1 d3 18 24 | cleartext fragment 2f 12 b1 17 78 76 fd 8f fb 0a 1c 42 e7 6c 28 46 | cleartext fragment 61 e7 15 7e 2f 64 e6 74 eb e1 ae 1a a6 35 64 06 | cleartext fragment 45 c5 fe 62 0b af b0 18 53 3a a1 32 f3 76 0f aa | cleartext fragment ac 13 16 69 3e fa f4 84 2a 05 ab 50 76 12 4b 3d | cleartext fragment 11 ca 88 97 46 71 50 79 f2 cc b8 20 4b a0 f8 c9 | cleartext fragment c4 42 3a 23 59 c5 c1 53 f5 95 18 b0 50 34 ce d9 | cleartext fragment 7d 17 1c e6 cf 87 c4 3c 86 35 8a 71 c7 30 30 4d | cleartext fragment 3e a3 12 ce 02 24 5e 4a 80 42 60 4f 3d 13 f7 a5 | cleartext fragment 2d b0 29 b8 7c fd 4f 5d 79 f3 5d 2c 94 55 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 279 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment a0 6f eb 88 41 2e e2 80 85 c7 49 68 4b 2a 5b 3b | cleartext fragment 90 2f 39 dc 5c 92 8d e5 df e6 c5 ec 35 86 85 fd | cleartext fragment 07 f2 28 d6 c0 b8 f8 84 91 9c 8e 08 38 60 b5 bc | cleartext fragment fa 8b 66 0a 05 37 6d b0 41 46 7e 81 c7 79 95 dc | cleartext fragment 3d c3 c5 2c 00 00 a4 02 00 00 20 01 03 04 02 15 | cleartext fragment 0f 28 04 03 00 00 0c 01 00 00 14 80 0e 01 00 00 | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 15 | cleartext fragment 0f 28 04 03 00 00 0c 01 00 00 14 80 0e 00 80 00 | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 15 | cleartext fragment 0f 28 04 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 15 | cleartext fragment 0f 28 04 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 07 | cleartext fragment 00 00 10 00 00 ff ff c0 01 02 2d c0 01 02 2d 00 | cleartext fragment 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 | cleartext fragment 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 312 | emitting length of ISAKMP Message: 340 | suspend processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #28 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #28: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #28 to 0 after switching state | Message ID: recv #27.#28 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #27.#28 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-ku-keyAgreement-digitalSignature" #28: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #27) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 93 2c 1a 8a 68 0a d2 eb 26 a1 0f e1 | 46 a4 9c 2f 93 b1 86 55 88 96 dc 9a ea df a0 9d | 58 b5 11 c1 ff 71 32 3d 25 ff 08 69 fc 35 0b b8 | 59 a0 ef 2d 8c cf 54 11 40 ab a1 e7 8d 86 ed ec | 68 cd 3e c5 f3 13 ad f3 63 02 57 be f3 9c f6 b2 | d9 9f b7 71 55 c9 a6 58 20 24 3a ed 11 52 a9 59 | f8 c1 9b 39 6b 9c 76 60 88 e4 d9 83 85 9b fd 86 | de 00 07 85 63 30 6f 4c b8 10 c9 47 82 57 bf 0e | 24 26 75 96 82 92 ae 57 6c 90 cf 6e b9 d3 ba 69 | 18 ae 2d 33 f9 c4 99 da 13 b3 a9 65 3c 3b d1 cc | 61 98 93 2d ef 35 15 73 47 d9 0f f8 f4 a6 e3 f8 | 5c 26 e6 fb 39 20 f8 05 9a 37 a4 44 d8 42 50 fd | ef fb c1 e9 f9 72 dc 2e 2d 4a 8a 56 8c 74 aa a6 | 70 24 e7 88 bf 7b 70 ae dc 1c 1a 34 f2 4f 87 c6 | a1 5c 6c 00 87 ff ee 32 57 d9 64 21 d8 45 9a 45 | a3 4e 2e 9c dd ef 1a 96 e1 89 7a 69 8e 12 bc df | c6 6b 37 11 c9 59 3c 22 75 41 54 28 6b 6b bc 5d | 3d 43 2c 94 67 e9 70 e0 69 ba 7e db 39 25 79 a5 | ad 78 08 55 84 98 0a 78 44 4f 2e 35 04 a7 98 55 | 5d ec aa 71 b7 17 85 4c 3d d0 58 4b 3a 29 c4 10 | 47 8f 10 c8 d3 09 47 fb b0 ac 07 21 f7 c2 42 15 | 6a 0a d7 ff 1b 50 ab 2e e6 a7 84 5a f3 5e 3b 83 | 62 51 ce 5a b0 5d a0 92 d8 b7 44 3c e4 23 9e 8b | 36 ff 42 21 ec 0d 6d 12 77 eb 93 c5 28 b0 eb eb | 47 98 72 63 8a ac 7b 1c 20 8b f8 8f ea f3 fe 05 | 32 5c 4e 1d 28 40 2f d9 e0 5b 1b b6 db d0 f6 a9 | 63 b2 a8 0d 21 40 19 86 5f d9 fa 80 22 0b 31 2c | f3 e2 e3 42 58 5a 2e 60 59 e7 32 da 64 5e 99 57 | 49 15 68 2a 31 c3 d0 b8 9b 71 a6 e1 5b b3 09 03 | 40 69 7f bd 13 cc 98 15 35 1c 45 70 02 9e c5 85 | 4a a5 6e 17 d6 d7 86 49 6a d6 a1 67 f3 24 1d 3e | 01 e2 30 a3 9f ab 66 20 33 ce c2 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #27) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 41 41 b9 f1 c1 97 5f 22 3b 03 d2 ef | a6 24 10 e6 b1 93 20 9e 9e 3c 92 e6 87 7d 2b ac | b7 4d 7e 37 42 87 db d4 7a 0f 2d 47 ba bd 19 54 | 9a 92 6e d2 fb 3e 39 a8 a1 14 62 e2 2f 15 31 fc | 44 78 7b a0 c2 34 dc 87 22 9c 6e 99 dc 03 e2 5d | 93 1a 7d 59 df fa 01 2e 06 be 51 64 85 a3 c8 a9 | c3 21 ca 43 13 35 0f aa 6d a2 26 0e 62 11 cc 8b | 47 dc 49 8b c9 e5 bb 92 92 44 b2 bd 1c 9f d8 2c | 94 43 71 97 6b ad 47 e3 89 68 91 d7 9c fe 7d 67 | 54 a8 a0 25 01 f0 af d3 92 48 25 7a 1f af 2d af | a4 b7 99 a5 36 ce 65 64 05 16 5c 84 13 56 8c a6 | 9e b0 17 19 23 48 36 9e c5 18 21 85 bf da c7 2b | cc 55 b6 41 93 5f 3b 36 dc 00 48 80 b8 37 4b a9 | 8b 6a 97 a1 12 3d cf 0d 35 aa 11 70 db e6 ca 66 | 72 5a 83 3d b8 a3 5d 56 bf 6a a3 90 dd 2e ea 03 | 1f db c8 a8 ab 26 c0 4e 4f dc bd d1 f9 59 e1 c2 | 5f b5 f8 90 7a 04 d6 cf d2 75 3c 16 a0 1d 9e 9b | 44 d1 ef c5 11 b9 3e de be 66 c4 d0 24 8e e7 6d | 8f 43 90 8c 5c cc a4 bf bf b7 59 84 4e 56 3d ac | 8a 68 34 71 f7 a9 e6 8a 22 85 2c 14 ad a3 a8 7a | f8 84 77 39 d6 ac 9d 3a c1 cc 19 53 7e f0 38 f5 | b1 d3 05 26 13 73 22 a9 bc 46 9d 66 91 fc c4 eb | e2 51 ca 22 3f 11 49 3f 3b 02 49 72 8c 1e 91 b0 | 79 0e 07 51 4b 2a 6c 46 3b fc c1 5a e6 4c c1 d8 | 3d c2 12 2c 01 61 1f 2b 12 41 76 d0 3f b8 0e ff | b8 cb 6d 9e 1a b3 7f 39 05 7a 48 37 66 8a f0 f7 | 91 59 e7 c0 cd 5e ee 4e cc 4f 61 2b 4a ee 53 da | de 99 89 0c 63 a8 74 36 f9 dc 2c 5a 1d a0 13 fb | fa f7 5a 32 51 f9 7b ab 90 9d a6 2b c2 ea d8 ec | 96 62 98 56 01 2c 62 ca 96 89 f9 1d 65 39 53 69 | 64 b2 11 7d bb 57 fa a7 0b 23 36 e8 96 c3 01 ac | a1 04 be cd 75 72 68 ef 0f 26 11 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #27) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 6b 45 4b 03 fb aa 18 15 9a 91 9a 0f | 0c 41 30 16 99 1c 4a 38 d9 1a 0f 68 1e 2f 29 40 | bf 83 a0 1c 67 db ce 4e 4b dd 77 ba 95 28 60 99 | 42 50 b4 70 3d 81 58 f9 be d1 04 5a 72 a4 24 84 | d6 f1 03 ab 7d 05 97 29 07 3d 43 33 2b ef c0 d3 | 81 2d 43 9c 09 65 30 68 02 16 23 53 31 97 46 00 | 9a eb af 55 06 61 49 e2 c9 52 3c a5 07 6c 6e 6c | bd d5 39 48 9f 68 46 10 bd 49 0d a2 e5 a3 be 7a | d2 f1 35 52 51 7a a8 26 60 91 2a 01 04 91 97 8f | eb 8a 27 65 e9 c3 ad 5f 4b ba c0 7c f6 09 eb 25 | 43 17 a5 87 95 bd eb 16 56 9c 49 6d 58 0b 78 02 | 5b 58 25 04 0c cc 75 01 07 a1 b3 e2 07 96 9d c3 | 6a bf a4 cc af af 76 46 7b 60 b0 33 7d 6a be 21 | f3 a6 7b 85 41 dc 68 e8 96 79 2c e1 f6 7b f7 96 | 11 41 39 63 89 1e d1 75 93 e7 5a df ee dc 1a a8 | e4 fd 8e a6 22 3d 62 62 4f e3 5f 95 f6 1a 90 2a | 2e a3 24 7a c4 20 be 23 57 71 3c 6c bc cd 4f b3 | 79 43 df 16 1b 79 88 52 9f 76 92 51 f3 b5 18 47 | 2e 30 34 58 b2 f2 ca 7a a3 59 0f 62 ec a5 fa 6a | 0e da 0d 02 c8 a9 30 4d 78 6f a6 58 e6 49 9a e5 | e0 15 4a 48 8c ca 7b 23 01 c6 4f a3 91 18 93 32 | 45 02 5a c1 7f 4d 9d e5 0d 8c bb ae 47 34 37 35 | f5 6d 3c 33 37 6a 1f 7b cb 3b 5d a2 31 62 aa 8e | 11 5c a7 4f 51 2d 9d bd 97 99 71 46 40 03 0b 3e | 0f 74 ed 32 0f 27 8d 26 3e 6d e0 e7 8d ac 47 bb | c5 49 f7 29 f5 ad 61 a7 cb 03 45 eb 5b 7b 17 ac | c6 e6 83 70 6e b8 fa 5f 82 0f 74 d4 f6 23 51 45 | 28 19 4f 0b 7f 1f 26 2e e8 81 6d fe 1f b8 f7 ed | 1e 4a a8 b8 76 ab e3 3a d7 45 fa bd 15 9a 7b 9f | 1e 73 c0 8e 6d fd ed 14 9b 6c 81 ab d7 af d7 1d | 0f 0e 5d 78 fe 9f 89 4e 46 8b 20 ca de 67 e6 bf | 2b e0 e0 40 7f 40 26 ee c6 e5 54 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #27) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 ed c0 08 25 dc a3 51 de e5 95 fc 01 | 6e 59 df ec 26 25 d4 c5 c5 b1 7b ae ad b5 4d 75 | 50 31 e5 15 1d 1a d6 ef a3 cb f8 4a 91 89 a6 75 | 62 5e ba 65 bb 62 8e 1c e3 64 9b c9 5e 0d 5e f4 | ad 0a b8 fa 54 be b9 74 5a 04 c7 45 1b 2a 30 e9 | 31 22 5b 02 0b 69 da e0 11 88 33 f2 30 30 42 a5 | 9e 97 e5 18 bf 16 a4 47 98 3a c0 c5 66 b4 b7 b4 | ab 3c c1 42 35 4b ec a9 1e ce 41 be 0c 6f c2 d2 | ec 36 ac 2d 63 b3 d6 1e 9b f4 e8 31 89 79 2b 71 | 21 54 dc fd 9e 80 d5 c7 96 d4 ab 43 78 f9 43 f3 | 4e fa 9f 23 f4 0c 44 60 29 ec 9d b9 b8 04 af 3e | ab 14 13 32 12 10 98 02 31 cb 53 01 e6 f4 5c d4 | 7e f8 30 60 38 8f 0e 46 83 ce b8 17 ca ad ed 6f | ad d2 d3 25 35 4f 6e 04 02 bd c8 4d 10 da e9 48 | 48 6d bc 38 34 e2 0d 7d 94 80 a3 24 e0 45 d0 f5 | 68 8c 7a ba 69 da a4 e6 82 3e 97 2c 84 e7 5d 8a | 3b 75 da 89 03 16 d5 26 cd 9a 00 17 d1 26 a9 b2 | fc de c5 b0 7e cc 57 98 86 2d e3 55 a7 49 32 4a | 0f 93 bd 83 94 67 26 0b e1 85 05 ca f6 81 a9 64 | 8a e9 ab 3b ed d6 a4 70 74 a2 66 a0 fe 8e 48 0e | df d0 3a d6 ca 93 b2 3b 73 15 40 fd d6 e5 84 97 | b2 5b 8e f2 49 05 12 51 fd 3b 84 f1 df 6e 1e 34 | 7c fd d9 61 80 f1 65 6f f8 d4 26 66 27 78 fe 33 | 07 2f fc f6 6f de 73 ce 19 50 ee e8 3b b5 48 a8 | 99 22 04 2a ba 15 f3 67 e3 62 b0 1a 89 c2 ee 56 | 05 a3 fa c5 23 29 5f 2a 00 42 6b 94 2a fc 25 24 | 2e 50 4c 77 7d cb 28 0e c1 be ec 85 2d 4b 32 95 | 77 12 7c 2f 09 b7 3a 4b 4e f3 b9 84 3c 4c 9c 41 | 59 47 01 7f 63 ad 74 ae e0 ef 1c 2b 83 00 29 8c | 97 27 bb e9 6d a8 4f 61 0e 02 cf 5c 65 ef 58 f2 | a0 63 2a 16 e7 13 d8 8e 03 46 5f c3 8f 7c 08 fd | 3a 65 d7 e9 22 2a c1 d9 5b cc 88 | sending 340 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #27) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 35 20 23 08 00 00 00 01 00 00 01 54 00 00 01 38 | 00 05 00 05 84 51 80 8c ac 00 cd 4c 5b 9a 35 d3 | 03 b1 20 7d 87 d6 4f 65 5b a6 05 0d 83 ed 3d 7c | 2f 5e ce 6b 31 60 37 c4 9c 18 a2 03 72 1e 17 f3 | 13 d2 01 de ec dc 03 c7 43 91 ce 09 88 df 0f f8 | 64 8b 7a cd b4 b6 63 47 91 19 2a d8 1d 55 2f 54 | 9f fd 96 5c 61 b1 14 37 35 0c 86 82 e2 04 6f 6a | 6f 88 f5 a1 f1 bf 8a 80 98 a9 d1 f2 03 71 6a cb | ee 24 84 35 52 ea 9d e0 61 4c d0 0d 14 47 a0 1f | 51 46 e7 b9 71 dd 42 77 44 c8 1e 21 15 a4 0c 7c | 4f ea 9d e2 e7 f6 2c a6 e2 2c 41 45 af be 0b 4e | 79 3d 13 13 70 9f 1a cd 78 86 c7 be 8a 8a 59 b2 | 76 d6 f7 53 a7 f2 28 f9 6f 9d bc a3 1f 51 1d 97 | ec 91 82 98 dd 34 1d 9b ac 98 16 7c 07 8a bd de | e3 d4 56 fa e3 47 c1 e7 d9 fd c0 e8 7a ef ca 3e | 68 4c 2e 8f a8 ab 39 24 ea 79 d4 84 d2 df e7 3b | 90 59 9d be 12 cd 7f ae 3c 5d bb 88 a6 3a 8d 0b | 97 10 6d ca 2f 4c ea 70 35 f8 ef 6c 4f d3 1c fa | 67 01 cb ee 4a b6 4f 31 2f e7 ec bf c4 6a 96 93 | 00 2d 34 a0 95 76 ff b7 8a 73 ca cb 4f 4a af e0 | 6d 83 6d 6d | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ku-keyAgreement-digitalSignature" #28: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #28 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | #28 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49011.83982 | resume sending helper answer for #27 suppresed complete_v2_state_transition() | #27 spent 1.49 milliseconds | #27 spent 11.5 milliseconds in resume sending helper answer | stop processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f207c001350 | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | f1 d0 28 f7 c3 96 e0 99 e8 60 c7 03 59 e3 21 70 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | 24 fe 40 04 eb b9 f8 db f0 e8 21 c2 0f cf e1 b1 | 32 92 e0 45 db 39 55 e9 65 f4 ea 87 a7 01 47 40 | b9 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | f1 d0 28 f7 c3 96 e0 99 | responder cookie: | e8 60 c7 03 59 e3 21 70 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #27 in PARENT_I2 (find_v2_ike_sa) | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #28 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #28 is idle | #28 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #28 in state PARENT_I2: sent v2I2, expected v2R2 | #28 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-ku-keyAgreement-digitalSignature" #28: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #27 ikev2.ike failed auth-failed "west-ku-keyAgreement-digitalSignature" #28: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #28 fd@25 .st_dev=9 .st_ino=1732152 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #27 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f20840012f0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | inserting event EVENT_RETRANSMIT, timeout in 59.99172 seconds for #28 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 "west-ku-keyAgreement-digitalSignature" #28: STATE_PARENT_I2: suppressing retransmits; will wait 59.99172 seconds for retry | #28 spent 0.0542 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #28 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #27 spent 0.204 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.215 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ku-keyAgreement-digitalSignature" (in terminate_a_connection() at terminate.c:69) "west-ku-keyAgreement-digitalSignature": terminating SAs using this connection | connection 'west-ku-keyAgreement-digitalSignature' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #28 | suspend processing: connection "west-ku-keyAgreement-digitalSignature" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #28 ikev2.child deleted other | #28 spent 0.0542 milliseconds in total | [RE]START processing: state #28 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ku-keyAgreement-digitalSignature" #28: deleting state (STATE_PARENT_I2) aged 0.126s and NOT sending notification | child state #28: PARENT_I2(open IKE SA) => delete | child state #28: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #28 requesting EVENT_RETRANSMIT to be deleted | #28 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f20840012f0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | priority calculation of connection "west-ku-keyAgreement-digitalSignature" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-ku-keyAgreement-digitalSignature" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-ku-keyAgreement-digitalSignature | State DB: deleting IKEv2 state #28 in CHILDSA_DEL | child state #28: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #28 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #27 | start processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #27 ikev2.ike deleted auth-failed | #27 spent 15.8 milliseconds in total | [RE]START processing: state #27 connection "west-ku-keyAgreement-digitalSignature" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ku-keyAgreement-digitalSignature" #27: deleting state (STATE_PARENT_I2) aged 0.133s and NOT sending notification | parent state #27: PARENT_I2(open IKE SA) => delete | state #27 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2078004f00 | free_event_entry: release EVENT_SA_REPLACE-pe@0x56366a5c81b0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-ku-keyAgreement-digitalSignature | State DB: deleting IKEv2 state #27 in PARENT_I2 | parent state #27: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #27 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ku-keyAgreement-digitalSignature" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-ku-keyAgreement-digitalSignature' wasn't on the list | stop processing: connection "west-ku-keyAgreement-digitalSignature" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.308 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical-eku-emailProtection" (in initiate_a_connection() at initiate.c:186) | connection 'west-ekuCritical-eku-emailProtection' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #29 at 0x56366a5a3770 | State DB: adding IKEv2 state #29 in UNDEFINED | pstats #29 ikev2.ike started | Message ID: init #29: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #29: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #29; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "west-ekuCritical-eku-emailProtection" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "west-ekuCritical-eku-emailProtection" IKE SA #29 "west-ekuCritical-eku-emailProtection" "west-ekuCritical-eku-emailProtection" #29: initiating v2 parent SA | constructing local IKE proposals for west-ekuCritical-eku-emailProtection (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "west-ekuCritical-eku-emailProtection": constructed local IKE proposals for west-ekuCritical-eku-emailProtection (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 29 for state #29 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56366a5ea4d0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #29 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | #29 spent 0.159 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "west-ekuCritical-eku-emailProtection" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.222 milliseconds in whack | crypto helper 0 resuming | crypto helper 0 starting work-order 29 for state #29 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 29 | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 29 time elapsed 0.000907 seconds | (#29) spent 0.907 milliseconds in crypto helper computing work-order 29: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 29 for state #29 to event queue | scheduling resume sending helper answer for #29 | libevent_malloc: new ptr-libevent@0x7f2090006490 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #29 | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 29 | calling continuation function 0x5636693c7630 | ikev2_parent_outI1_continue for #29 | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection west-ekuCritical-eku-emailProtection (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d9 ce 18 5c cb fc d4 98 08 bf 87 bf 6d 37 bc 1b | ikev2 g^x f0 e2 e8 1e d3 f3 5d 0c 02 ab 2a 61 91 89 7c 33 | ikev2 g^x c3 38 f8 52 cd b0 54 4b ae 4a 62 50 0b 4a af cf | ikev2 g^x 09 52 a6 43 eb 0a 40 22 e6 cb de 06 56 2e 59 12 | ikev2 g^x 41 00 8a 71 2c 59 7f 8a e2 2b cf 8d 27 80 a7 d7 | ikev2 g^x 60 de 92 3e e8 5d 41 e7 0a 35 94 be 13 6b 52 f6 | ikev2 g^x e3 43 26 64 06 04 8b e7 26 f4 63 ea 20 63 48 8b | ikev2 g^x a8 23 90 0d d1 48 16 f3 48 cc 3c 95 0e 3a 48 74 | ikev2 g^x e2 53 a6 c2 8f 10 68 02 d7 5d a2 80 d3 ac 5c e6 | ikev2 g^x b1 4b dc d2 16 9c d0 b2 32 83 12 ff 0e 7a 50 cf | ikev2 g^x 81 9c 4c 68 a7 c8 6a 3a 1a c1 c9 f7 66 7f 66 30 | ikev2 g^x 35 c1 18 5f 14 13 e8 3d d4 9a ca a4 ac e9 91 7d | ikev2 g^x 88 66 02 f9 4b e1 ea c5 e7 5b f0 45 0a 87 36 c9 | ikev2 g^x ee 19 0b ac d6 04 0b d0 d5 b3 96 34 3c 78 af 5d | ikev2 g^x ff 91 16 bf f3 11 48 3f 32 7e 4e e6 d6 00 2a e8 | ikev2 g^x 6b 12 31 54 80 95 e4 55 ad 54 91 2f 2f f8 f4 69 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 74 de 2d 24 96 81 e0 1f f2 02 d7 71 f7 4a 3f 66 | IKEv2 nonce e9 dc a2 ea ef 8d bb 76 60 07 d9 81 e2 eb 57 cf | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f c5 54 eb 41 4d 90 c1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 5d 86 da 4d bd e0 76 2e e3 b4 fd d4 40 63 a2 73 | natd_hash: hash= f5 3f 62 15 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5d 86 da 4d bd e0 76 2e e3 b4 fd d4 40 63 a2 73 | Notify data f5 3f 62 15 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f c5 54 eb 41 4d 90 c1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 2f a9 5c d6 6b 1e 1a da e9 c1 93 66 d2 d6 f8 de | natd_hash: hash= 43 6f 37 e6 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2f a9 5c d6 6b 1e 1a da e9 c1 93 66 d2 d6 f8 de | Notify data 43 6f 37 e6 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #29 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #29: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #29 to 4294967295 after switching state | Message ID: IKE #29 skipping update_recv as MD is fake | Message ID: sent #29 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "west-ekuCritical-eku-emailProtection" #29: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #29) | 6f c5 54 eb 41 4d 90 c1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 d9 ce 18 5c cb fc d4 98 | 08 bf 87 bf 6d 37 bc 1b f0 e2 e8 1e d3 f3 5d 0c | 02 ab 2a 61 91 89 7c 33 c3 38 f8 52 cd b0 54 4b | ae 4a 62 50 0b 4a af cf 09 52 a6 43 eb 0a 40 22 | e6 cb de 06 56 2e 59 12 41 00 8a 71 2c 59 7f 8a | e2 2b cf 8d 27 80 a7 d7 60 de 92 3e e8 5d 41 e7 | 0a 35 94 be 13 6b 52 f6 e3 43 26 64 06 04 8b e7 | 26 f4 63 ea 20 63 48 8b a8 23 90 0d d1 48 16 f3 | 48 cc 3c 95 0e 3a 48 74 e2 53 a6 c2 8f 10 68 02 | d7 5d a2 80 d3 ac 5c e6 b1 4b dc d2 16 9c d0 b2 | 32 83 12 ff 0e 7a 50 cf 81 9c 4c 68 a7 c8 6a 3a | 1a c1 c9 f7 66 7f 66 30 35 c1 18 5f 14 13 e8 3d | d4 9a ca a4 ac e9 91 7d 88 66 02 f9 4b e1 ea c5 | e7 5b f0 45 0a 87 36 c9 ee 19 0b ac d6 04 0b d0 | d5 b3 96 34 3c 78 af 5d ff 91 16 bf f3 11 48 3f | 32 7e 4e e6 d6 00 2a e8 6b 12 31 54 80 95 e4 55 | ad 54 91 2f 2f f8 f4 69 29 00 00 24 74 de 2d 24 | 96 81 e0 1f f2 02 d7 71 f7 4a 3f 66 e9 dc a2 ea | ef 8d bb 76 60 07 d9 81 e2 eb 57 cf 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5d 86 da 4d | bd e0 76 2e e3 b4 fd d4 40 63 a2 73 f5 3f 62 15 | 00 00 00 1c 00 00 40 05 2f a9 5c d6 6b 1e 1a da | e9 c1 93 66 d2 d6 f8 de 43 6f 37 e6 | state #29 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f20840012f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56366a5ea4d0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuCritical-eku-emailProtection" #29: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #29 | libevent_malloc: new ptr-libevent@0x7f20840012f0 size 128 | #29 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49014.168047 | resume sending helper answer for #29 suppresed complete_v2_state_transition() and stole MD | #29 spent 1.2 milliseconds in resume sending helper answer | stop processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2090006490 | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 3e f3 d2 6c | 6e 14 b1 5d b0 5b 32 03 4c 66 a0 36 d6 33 93 e4 | 32 88 d6 e0 27 84 dd 5d 99 53 44 d3 7b c4 c0 d9 | 89 6f 4e c5 b8 4d 79 9c 36 d2 10 b8 55 a9 f9 06 | 22 72 c1 0b c5 f1 e4 31 b1 8c bd 9c 13 e8 63 83 | 1e b3 e3 cb 85 69 2d 9d f8 38 33 59 75 9f c5 e4 | 92 b0 8f 17 53 7a a8 14 86 9a 0e 17 02 56 4c b3 | 37 72 ec a0 9a 13 7d 3d 65 f4 23 92 c5 d0 b7 44 | 4c 2e a5 58 a7 ed 29 a8 7c 23 72 1f 5f 6e 7d b4 | 6e 2f 8b b2 9f 18 f2 51 71 a5 92 2c ce ce 62 2a | 0b ee 52 b6 d1 fc 5c 47 8d 45 38 64 ff 6f 03 17 | 23 32 47 62 04 7f db 78 9d 71 78 28 c3 39 87 db | 0c ce 6a dd 78 6b ce 81 27 b1 1c 65 db ee 1c ba | 78 94 b9 d4 e9 57 29 fa bc e8 24 8c ea eb 0c c5 | 06 e6 28 fc bd 37 87 14 4b f6 0a 01 72 cc 61 28 | 75 1e c5 7e 24 22 2f 50 da f9 2f 54 c0 62 56 7c | d9 9e 5c 0f 27 57 e5 cc c1 e9 5a db 29 00 00 24 | 26 44 95 86 7a da 2c 8b 0e cf d9 77 74 62 49 a0 | 3f 86 60 30 ee 4d 37 03 fd d7 d2 de ba 30 26 b3 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 3d 07 ea e8 1c 20 ed b8 6a 72 a5 11 5a 5f 69 b3 | d7 69 60 11 26 00 00 1c 00 00 40 05 95 16 b3 eb | 41 5c 37 5e 1c e8 38 56 df d4 4c e7 04 3f 3b a1 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #29 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #29 is idle | #29 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #29 IKE SPIi and SPI[ir] | #29 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection west-ekuCritical-eku-emailProtection (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f c5 54 eb 41 4d 90 c1 | natd_hash: rcookie= 1d 40 d5 51 c6 8c 5c e7 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 95 16 b3 eb 41 5c 37 5e 1c e8 38 56 df d4 4c e7 | natd_hash: hash= 04 3f 3b a1 | natd_hash: hasher=0x56366949d7a0(20) | natd_hash: icookie= 6f c5 54 eb 41 4d 90 c1 | natd_hash: rcookie= 1d 40 d5 51 c6 8c 5c e7 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 3d 07 ea e8 1c 20 ed b8 6a 72 a5 11 5a 5f 69 b3 | natd_hash: hash= d7 69 60 11 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 30 for state #29 | state #29 requesting EVENT_RETRANSMIT to be deleted | #29 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f20840012f0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2090001470 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #29 | libevent_malloc: new ptr-libevent@0x7f2090006490 size 128 | #29 spent 0.213 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 1 resuming | [RE]START processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #29 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #29 and saving MD | #29 is busy; has a suspended MD | crypto helper 1 starting work-order 30 for state #29 | [RE]START processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 30 | "west-ekuCritical-eku-emailProtection" #29 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #29 spent 0.47 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.48 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 30 time elapsed 0.001769 seconds | (#29) spent 1.37 milliseconds in crypto helper computing work-order 30: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 30 for state #29 to event queue | scheduling resume sending helper answer for #29 | libevent_malloc: new ptr-libevent@0x7f2088004f00 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #29 | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 30 | calling continuation function 0x5636693c7630 | ikev2_parent_inR1outI2_continue for #29: calculating g^{xy}, sending I2 | creating state object #30 at 0x56366a5c49b0 | State DB: adding IKEv2 state #30 in UNDEFINED | pstats #30 ikev2.child started | duplicating state object #29 "west-ekuCritical-eku-emailProtection" as #30 for IPSEC SA | #30 setting local endpoint to 192.1.2.45:500 from #29.st_localport (in duplicate_state() at state.c:1481) | Message ID: init_child #29.#30; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #29 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #29.#30 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #29 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f2090006490 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2090001470 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2090001470 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #29 | libevent_malloc: new ptr-libevent@0x7f2090006490 size 128 | parent state #29: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 247 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 f4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 43 30 41 06 03 55 04 03 0c 3a 77 65 73 | my identity 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d 65 6b | my identity 75 2d 65 6d 61 69 6c 50 72 6f 74 65 63 74 69 6f | my identity 6e 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 31 4e 30 4c 06 09 2a 86 48 | my identity 86 f7 0d 01 09 01 16 3f 75 73 65 72 2d 77 65 73 | my identity 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d 65 6b | my identity 75 2d 65 6d 61 69 6c 50 72 6f 74 65 63 74 69 6f | my identity 6e 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 255 | Sending [CERT] of certificate: E=user-west-ekuCritical-eku-emailProtection@testing.libreswan.org,CN=west-ekuCritical-eku-emailProtection.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1316 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 05 20 30 82 04 89 a0 03 02 01 02 02 01 29 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 f4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 43 30 41 06 03 55 04 03 0c 3a 77 | CERT 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d | CERT 65 6b 75 2d 65 6d 61 69 6c 50 72 6f 74 65 63 74 | CERT 69 6f 6e 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 31 4e 30 4c 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 3f 75 73 65 72 2d 77 | CERT 65 73 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d | CERT 65 6b 75 2d 65 6d 61 69 6c 50 72 6f 74 65 63 74 | CERT 69 6f 6e 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 c5 b1 1a e5 9e ce | CERT aa 8d b3 82 27 05 39 f6 f6 7a 51 ba 07 9c 97 b4 | CERT 26 b8 62 fd b7 a6 6c fe c3 b1 8c 1f c8 ee ca 9e | CERT 51 78 ee a4 b3 e0 c4 be da 69 ea 63 f1 e4 3e fe | CERT f6 d7 91 0e 7d f1 6f bc 7d ee d5 51 10 9a e3 b8 | CERT ea f0 1e 0e 77 7e cf 15 4a c8 f4 3a 7e 37 f5 1c | CERT 8b 13 77 6f a7 f4 76 b0 b0 37 a6 a0 bd 52 3f 98 | CERT 53 aa b2 ab 53 6c d2 66 fa 2a 40 77 0b 08 e8 f1 | CERT 29 e1 a4 8d 62 c5 c7 2e 35 2e 95 86 31 ad 87 4b | CERT d7 05 f0 3b 82 b8 ac 3e bc 43 f3 31 6b c5 8e c2 | CERT 34 ea d2 64 9f e9 07 f6 9a e0 11 ec 9e 71 55 e3 | CERT 93 bb f3 6f 60 33 e6 fb 33 61 ba 3a f1 02 70 f4 | CERT 24 07 43 ed 18 e1 d2 85 5b 06 f5 90 1b 17 9b 48 | CERT ce 67 af 34 dc 01 ad 3f 86 e7 3f 45 49 05 7d 62 | CERT 22 50 6e 5b 7e f4 32 5e 16 ef 57 7a fd cb 1e c6 | CERT 3f 25 56 a2 ff 96 67 09 37 9b 5f 53 4d c5 92 ca | CERT 92 18 5c 16 02 65 f5 d2 4b 0d 8a a9 cb 73 e8 7b | CERT 40 00 f2 3d 39 96 99 05 66 c9 40 26 df 01 2e f8 | CERT 35 dd 99 a0 cc ed ee c5 b0 b7 d1 a6 89 7f 45 20 | CERT 61 f0 07 9c c0 d9 06 43 99 14 58 11 9c ca 87 1a | CERT 9e 5f 35 d8 25 fb 3a a8 70 99 9a be eb 1c 86 18 | CERT 97 f8 0d 38 2d 5f f5 9f f7 87 24 7a 95 c7 92 8c | CERT d7 44 3e 10 47 7a df 28 0a 66 07 a5 5f 30 93 68 | CERT f7 a8 39 1d c6 4a ef 89 2b 96 d3 ec ff 4f cf dc | CERT 0e 37 8b 10 86 06 0a 0c b3 ff 02 03 01 00 01 a3 | CERT 81 ff 30 81 fc 30 09 06 03 55 1d 13 04 02 30 00 | CERT 30 45 06 03 55 1d 11 04 3e 30 3c 82 3a 77 65 73 | CERT 74 2d 65 6b 75 43 72 69 74 69 63 61 6c 2d 65 6b | CERT 75 2d 65 6d 61 69 6c 50 72 6f 74 65 63 74 69 6f | CERT 6e 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 0e 06 03 55 1d 0f 01 01 | CERT ff 04 04 03 02 07 80 30 16 06 03 55 1d 25 01 01 | CERT ff 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 04 30 | CERT 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 | CERT 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 | CERT 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 | CERT 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 | CERT 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 | CERT 03 81 81 00 49 1d 05 86 4c 27 c5 37 d7 85 c3 e6 | CERT 26 bc a4 14 87 c4 ae cf 0f ec 82 54 35 2b 08 a6 | CERT 68 00 bf d0 6c a4 ef 5a 1e 36 10 3b 4e bd 80 f8 | CERT 42 c9 14 d1 08 78 8c 3e a9 dd 18 7f e0 12 eb 15 | CERT 6d 13 88 30 6c 8b 3b 0d b8 ad 59 a6 64 11 bc 1d | CERT 9b 4e 42 87 e7 ad a1 5b 7f a1 db 44 df bd b7 79 | CERT 8b 60 d0 d3 8b d4 14 5e c5 cd 9b e9 8e 5d 79 5a | CERT e8 80 9d 3e c3 0d 73 c8 fb 0c 6d f3 2d fe 4f ed | CERT 65 da 70 85 | emitting length of IKEv2 Certificate Payload: 1321 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ekuCritical-eku-emailProtection.testing.libreswan.org, E=user-west-ekuCritical-eku-emailProtection@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAZ39l vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAanoA vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAcMYk vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAa7e2 vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAdlAH vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAbqxb vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAetis vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAbtrZ vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAZ5z+ vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAcHyi vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAb85D vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAbWUD vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAbsW1 vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AwEAAa0Pt vs PKK_RSA:AwEAAcWxG | searching for certificate PKK_RSA:AQOm9dY/4 vs PKK_RSA:AwEAAcWxG | private key for cert west-ekuCritical-eku-emailProtection not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAcWxG vs PKK_RSA:AwEAAcWxG | #29 spent 9.24 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 82 18 5c 04 e1 20 61 a9 a0 6a ea 3f 80 be 29 d7 | rsa signature db 46 95 36 99 ca 3b b0 ee f7 86 c9 c9 15 66 de | rsa signature 6b 66 e4 32 bd 38 66 83 2c 05 c5 8f ac 1e 64 96 | rsa signature 56 09 61 dd a6 06 16 aa 26 10 c4 35 25 9b a3 c3 | rsa signature f8 d6 dd fb f4 0e 9f f5 27 7d 34 5b d8 9d 61 b7 | rsa signature f9 36 b5 a3 23 af 18 74 9e eb bb 24 d5 3f 9d 2f | rsa signature 4d 5d f3 36 25 25 87 7d aa 8a 5f 5b ce 5a 2e e6 | rsa signature 1d af 39 a6 1c a7 42 c2 8d 50 f4 2f fb e6 83 fd | rsa signature d8 9d cf 01 85 9a de 82 98 02 77 c7 90 5a 1b 14 | rsa signature 81 0e 09 00 53 c6 47 d9 d8 bc 49 4d b7 81 ed 55 | rsa signature e8 5b c5 da 43 38 52 70 30 77 8b 78 96 8b 65 16 | rsa signature 0f 3e 6e 79 ef d1 2d f2 ac 71 95 e7 71 0e 7d 1e | rsa signature b8 5d c5 f2 2e 2f ad 50 a0 ee 5b 74 b2 2a 39 5a | rsa signature 52 cd a5 84 1a 5c 74 55 19 ff 30 be d2 b0 5b db | rsa signature a3 10 61 23 3f cd f1 f6 00 38 cf 65 2a de 65 96 | rsa signature d2 42 1e 38 a0 53 e2 49 5d 24 0e 99 4e 32 f3 83 | rsa signature df 7a 1a 7e 6d 5d 7c a8 2b e2 9a bf 83 5a cb ce | rsa signature b4 3f 76 2c dc ad 00 2c fe 62 cc 75 3f bc 16 92 | rsa signature 53 51 f8 ca 49 23 33 56 37 f8 42 f7 d2 47 18 71 | rsa signature 52 7a d2 4e aa 34 f2 fa ce 39 3a ed 43 14 5b 16 | rsa signature 3b ce 47 69 8f 4e 1b 24 db 60 02 e9 79 5e 78 e9 | rsa signature e9 67 a3 3f 32 f7 34 6f ae 6d 26 4a 46 ab 6e ee | rsa signature 92 6c 70 7f 9e c8 be d0 bb ba 5b 3e c1 48 74 c8 | rsa signature 2c 22 4d f1 4d a5 a6 95 6b 12 8b fd 49 41 a6 2f | #29 spent 9.6 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #29 | netlink_get_spi: allocated 0xeee5f126 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for west-ekuCritical-eku-emailProtection (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "west-ekuCritical-eku-emailProtection": constructed local ESP/AH proposals for west-ekuCritical-eku-emailProtection (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ee e5 f1 26 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ee e5 f1 26 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ee e5 f1 26 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ee e5 f1 26 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 2d | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 2d | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 01 02 17 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2209 | emitting length of ISAKMP Message: 2237 | **parse ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2237 (0x8bd) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2209 (0x8a1) | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 ff 09 00 00 00 30 81 f4 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 43 30 41 06 03 | cleartext fragment 55 04 03 0c 3a 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2d 65 6b 75 2d 65 6d 61 69 6c 50 | cleartext fragment 72 6f 74 65 63 74 69 6f 6e 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | cleartext fragment 4e 30 4c 06 09 2a 86 48 86 f7 0d 01 09 01 16 3f | cleartext fragment 75 73 65 72 2d 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2d 65 6b 75 2d 65 6d 61 69 6c 50 | cleartext fragment 72 6f 74 65 63 74 69 6f 6e 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 | cleartext fragment 00 05 29 04 30 82 05 20 30 82 04 89 a0 03 02 01 | cleartext fragment 02 02 01 29 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 | cleartext fragment 34 31 39 34 34 35 39 5a 30 81 f4 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 43 30 41 06 03 | cleartext fragment 55 04 03 0c 3a 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2d 65 6b 75 2d 65 6d 61 69 6c 50 | cleartext fragment 72 6f 74 65 63 74 69 6f 6e 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | cleartext fragment 4e 30 4c 06 09 2a 86 48 86 f7 0d 01 09 01 16 3f | cleartext fragment 75 73 65 72 2d 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2d 65 6b 75 2d 65 6d 61 69 6c 50 | cleartext fragment 72 6f 74 65 63 74 69 6f 6e 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | cleartext fragment c5 b1 1a e5 9e ce aa 8d b3 82 27 05 39 f6 f6 7a | cleartext fragment 51 ba 07 9c 97 b4 26 b8 62 fd b7 a6 6c fe c3 b1 | cleartext fragment 8c 1f c8 ee ca 9e 51 78 ee a4 b3 e0 c4 be da 69 | cleartext fragment ea 63 f1 e4 3e fe f6 d7 91 0e 7d f1 6f bc 7d ee | cleartext fragment d5 51 10 9a e3 b8 ea f0 1e 0e 77 7e cf 15 4a c8 | cleartext fragment f4 3a 7e 37 f5 1c 8b 13 77 6f a7 f4 76 b0 b0 37 | cleartext fragment a6 a0 bd 52 3f 98 53 aa b2 ab 53 6c d2 66 fa 2a | cleartext fragment 40 77 0b 08 e8 f1 29 e1 a4 8d 62 c5 c7 2e 35 2e | cleartext fragment 95 86 31 ad 87 4b d7 05 f0 3b 82 b8 ac 3e bc 43 | cleartext fragment f3 31 6b c5 8e c2 34 ea d2 64 9f e9 07 f6 9a e0 | cleartext fragment 11 ec 9e 71 55 e3 93 bb f3 6f 60 33 e6 fb | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 33 61 ba 3a f1 02 70 f4 24 07 43 ed 18 e1 d2 85 | cleartext fragment 5b 06 f5 90 1b 17 9b 48 ce 67 af 34 dc 01 ad 3f | cleartext fragment 86 e7 3f 45 49 05 7d 62 22 50 6e 5b 7e f4 32 5e | cleartext fragment 16 ef 57 7a fd cb 1e c6 3f 25 56 a2 ff 96 67 09 | cleartext fragment 37 9b 5f 53 4d c5 92 ca 92 18 5c 16 02 65 f5 d2 | cleartext fragment 4b 0d 8a a9 cb 73 e8 7b 40 00 f2 3d 39 96 99 05 | cleartext fragment 66 c9 40 26 df 01 2e f8 35 dd 99 a0 cc ed ee c5 | cleartext fragment b0 b7 d1 a6 89 7f 45 20 61 f0 07 9c c0 d9 06 43 | cleartext fragment 99 14 58 11 9c ca 87 1a 9e 5f 35 d8 25 fb 3a a8 | cleartext fragment 70 99 9a be eb 1c 86 18 97 f8 0d 38 2d 5f f5 9f | cleartext fragment f7 87 24 7a 95 c7 92 8c d7 44 3e 10 47 7a df 28 | cleartext fragment 0a 66 07 a5 5f 30 93 68 f7 a8 39 1d c6 4a ef 89 | cleartext fragment 2b 96 d3 ec ff 4f cf dc 0e 37 8b 10 86 06 0a 0c | cleartext fragment b3 ff 02 03 01 00 01 a3 81 ff 30 81 fc 30 09 06 | cleartext fragment 03 55 1d 13 04 02 30 00 30 45 06 03 55 1d 11 04 | cleartext fragment 3e 30 3c 82 3a 77 65 73 74 2d 65 6b 75 43 72 69 | cleartext fragment 74 69 63 61 6c 2d 65 6b 75 2d 65 6d 61 69 6c 50 | cleartext fragment 72 6f 74 65 63 74 69 6f 6e 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 07 80 30 | cleartext fragment 16 06 03 55 1d 25 01 01 ff 04 0c 30 0a 06 08 2b | cleartext fragment 06 01 05 05 07 03 04 30 41 06 08 2b 06 01 05 05 | cleartext fragment 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 | cleartext fragment 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | cleartext fragment 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d | cleartext fragment 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 | cleartext fragment 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 49 1d | cleartext fragment 05 86 4c 27 c5 37 d7 85 c3 e6 26 bc a4 14 87 c4 | cleartext fragment ae cf 0f ec 82 54 35 2b 08 a6 68 00 bf d0 6c a4 | cleartext fragment ef 5a 1e 36 10 3b 4e bd 80 f8 42 c9 14 d1 08 78 | cleartext fragment 8c 3e a9 dd 18 7f e0 12 eb 15 6d 13 88 30 6c 8b | cleartext fragment 3b 0d b8 ad 59 a6 64 11 bc 1d 9b 4e 42 87 e7 ad | cleartext fragment a1 5b 7f a1 db 44 df bd b7 79 8b 60 d0 d3 8b d4 | cleartext fragment 14 5e c5 cd 9b e9 8e 5d 79 5a e8 80 9d 3e c3 0d | cleartext fragment 73 c8 fb 0c 6d f3 2d fe 4f ed 65 da 70 85 21 00 | cleartext fragment 01 88 01 00 00 00 82 18 5c 04 e1 20 61 a9 a0 6a | cleartext fragment ea 3f 80 be 29 d7 db 46 95 36 99 ca 3b b0 ee f7 | cleartext fragment 86 c9 c9 15 66 de 6b 66 e4 32 bd 38 66 83 2c 05 | cleartext fragment c5 8f ac 1e 64 96 56 09 61 dd a6 06 16 aa 26 10 | cleartext fragment c4 35 25 9b a3 c3 f8 d6 dd fb f4 0e 9f f5 27 7d | cleartext fragment 34 5b d8 9d 61 b7 f9 36 b5 a3 23 af 18 74 9e eb | cleartext fragment bb 24 d5 3f 9d 2f 4d 5d f3 36 25 25 87 7d aa 8a | cleartext fragment 5f 5b ce 5a 2e e6 1d af 39 a6 1c a7 42 c2 8d 50 | cleartext fragment f4 2f fb e6 83 fd d8 9d cf 01 85 9a de 82 98 02 | cleartext fragment 77 c7 90 5a 1b 14 81 0e 09 00 53 c6 47 d9 d8 bc | cleartext fragment 49 4d b7 81 ed 55 e8 5b c5 da 43 38 52 70 30 77 | cleartext fragment 8b 78 96 8b 65 16 0f 3e 6e 79 ef d1 2d f2 ac 71 | cleartext fragment 95 e7 71 0e 7d 1e b8 5d c5 f2 2e 2f ad 50 a0 ee | cleartext fragment 5b 74 b2 2a 39 5a 52 cd a5 84 1a 5c 74 55 19 ff | cleartext fragment 30 be d2 b0 5b db a3 10 61 23 3f cd f1 f6 00 38 | cleartext fragment cf 65 2a de 65 96 d2 42 1e 38 a0 53 e2 49 5d 24 | cleartext fragment 0e 99 4e 32 f3 83 df 7a 1a 7e 6d 5d 7c a8 2b e2 | cleartext fragment 9a bf 83 5a cb ce b4 3f 76 2c dc ad 00 2c fe 62 | cleartext fragment cc 75 3f bc 16 92 53 51 f8 ca 49 23 33 56 37 f8 | cleartext fragment 42 f7 d2 47 18 71 52 7a d2 4e aa 34 f2 fa ce 39 | cleartext fragment 3a ed 43 14 5b 16 3b ce 47 69 8f 4e 1b 24 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 268 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment db 60 02 e9 79 5e 78 e9 e9 67 a3 3f 32 f7 34 6f | cleartext fragment ae 6d 26 4a 46 ab 6e ee 92 6c 70 7f 9e c8 be d0 | cleartext fragment bb ba 5b 3e c1 48 74 c8 2c 22 4d f1 4d a5 a6 95 | cleartext fragment 6b 12 8b fd 49 41 a6 2f 2c 00 00 a4 02 00 00 20 | cleartext fragment 01 03 04 02 ee e5 f1 26 03 00 00 0c 01 00 00 14 | cleartext fragment 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 20 | cleartext fragment 02 03 04 02 ee e5 f1 26 03 00 00 0c 01 00 00 14 | cleartext fragment 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 30 | cleartext fragment 03 03 04 04 ee e5 f1 26 03 00 00 0c 01 00 00 0c | cleartext fragment 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 | cleartext fragment 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 | cleartext fragment 04 03 04 04 ee e5 f1 26 03 00 00 0c 01 00 00 0c | cleartext fragment 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 | cleartext fragment 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 01 02 2d | cleartext fragment c0 01 02 2d 00 00 00 18 01 00 00 00 07 00 00 10 | cleartext fragment 00 00 ff ff c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 301 | emitting length of ISAKMP Message: 329 | suspend processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #30 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #30: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #30 to 0 after switching state | Message ID: recv #29.#30 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #29.#30 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "west-ekuCritical-eku-emailProtection" #30: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #29) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 51 37 57 6d f4 62 cd 1f 3a f1 90 23 | 86 37 be c8 2a c1 03 d1 27 b1 12 26 64 a7 8f de | 19 a0 a6 e6 52 34 54 22 6f 3d e6 51 b7 86 5e 4b | ab cf 82 ba d4 f0 91 2e 60 dc 08 6a 6c 94 f2 69 | 4b 23 60 86 d3 31 73 aa 46 7e 10 5b 47 ce 5a 01 | 77 55 e3 19 0b e0 aa 6c 8b 75 d9 0d 50 f2 c8 d1 | ea eb 6b 23 84 0e 8e 32 8a ca 85 05 f0 12 2c 0a | f5 a7 62 61 71 3a be c3 2c d4 5e 17 bb 97 1f bf | 03 96 3f 30 ad 6e c8 4b c7 36 8e 51 d7 b2 4e 77 | 5f ac 27 80 f1 d6 56 1f 11 ed e8 bc 36 87 7a ab | 98 0e 56 f9 12 51 34 00 97 58 99 bd ca dd 52 73 | 31 cc dd e1 5c c5 20 02 a0 b8 42 63 20 65 7b 36 | 7f ef 20 55 13 95 ca 28 78 45 22 ff fb d7 c0 b8 | f2 d6 b0 22 dd 8c c4 44 42 d6 22 6c 9f 84 7a 09 | f4 41 bc ed f2 a4 b7 d6 5c c0 31 c2 65 42 36 a0 | 8c d3 0b 07 be 76 c8 19 0c 0d 99 34 a3 78 0d 01 | 99 7b 81 aa 48 c5 86 5c e6 10 d1 30 d5 78 09 52 | 34 17 35 a5 62 df 57 4e cb 40 b2 3e 28 8d c3 a8 | bf 93 03 74 b9 8d 0a ab 9a 9a c1 28 92 f6 f6 ce | 4c 93 e2 18 e4 7a 83 36 3a 6b 0d ee 94 60 8f 4d | c5 cf a1 9f 02 13 40 4c 0c 13 27 dc be 22 68 7c | a1 45 98 ea ac e9 ef 50 ca 92 34 3f 65 fb a9 22 | fa 89 75 e1 e6 a8 16 dc ba d4 54 56 63 b3 86 da | 12 c6 7b c6 e0 ab f4 4d f7 7d 89 6b db de d9 58 | 7e 1c 29 91 89 08 4b 7b 9a 9d a7 f3 76 2a 01 92 | 80 4c 57 f3 20 13 ec ce 18 c3 ac a3 78 39 8b a7 | c0 cd 6f 7f 69 a3 a7 2f f7 9a ba 2c a2 e6 cb 39 | 94 b1 35 e3 44 e6 fe 22 96 13 c7 05 a9 01 d3 aa | 80 a4 3e f5 3a b3 c6 18 f3 c3 ea 7f 63 7d 96 19 | 0b 40 b7 cc 17 ea c3 48 30 48 05 f1 6a a1 8e 68 | 85 1b 34 8d 7b 4b 4e cd 26 d6 03 e2 d7 44 ae 45 | 86 be d8 8f 0b 15 2f 5e 4e 4e 9e | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #29) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 af 59 8f 71 be 26 fb de 07 83 3a dd | 11 25 5e eb 52 07 12 63 2c d5 f1 67 69 ab 03 ff | 2f 36 aa 58 00 10 2c 56 c1 63 b4 0f c6 e5 7d b4 | 6b 37 fb 74 9b 7f d9 72 20 44 99 7c 05 90 93 87 | c8 65 ce 95 f1 2d 96 8e d0 78 45 9f 74 5f cc e5 | cf fb 39 5f 39 ca 6d c7 38 75 63 5a ef 31 5b 8e | c9 15 de 3f 2f f3 fb dd 9d 74 65 9b 97 d5 91 d2 | 64 e5 ae 28 db 53 68 a0 e5 c6 55 52 c3 50 1c 08 | 1f e9 79 2a 67 07 8a 3d d5 54 20 57 01 c0 7b e4 | 8b e2 05 29 22 c4 d7 6c ed d3 62 fa 7c 75 2a 19 | 60 6a 26 5a a2 69 58 07 5d d9 ba dd 10 b6 c2 e4 | 70 ab ab 62 c6 e5 00 c8 91 75 79 59 bc af bb 67 | 99 d5 f4 e0 51 6d 34 c2 41 8b 3d 4d 9b e7 cf 4e | fa f3 4c ed 4c 6a 2d 1d 7b 9e d8 96 b1 8e f4 5b | dc 96 48 5a 1a 3a 63 7a cd f0 4d 7a 82 1b a3 f5 | 2c 5a d1 18 db d5 05 ad ae d3 ce bd 17 a4 1d 98 | f5 37 f7 79 07 43 0a 29 e0 0f 73 24 d2 6f 8c 09 | 33 bd 5d ec ad 82 d8 61 df 2b a6 27 69 f7 88 6e | 89 37 65 52 0a 11 4b c5 20 0a a0 b2 75 b1 8a 22 | 7f ff 41 19 71 0f c7 ef 4c 3e bb 68 92 f6 31 69 | 18 12 28 ba cb fb 45 20 a7 50 42 78 8a b7 f7 10 | 19 f9 25 6a 66 69 19 e6 0a 89 28 d5 73 1c a7 e4 | d3 f7 37 a0 e1 ec af 85 26 03 98 81 54 55 f6 88 | 9a e8 90 01 94 a8 fb b5 2a 03 ef e5 b1 0f 6e c6 | 58 b5 73 52 9c c2 50 7d 9d 9a 18 ac 03 ec d3 f0 | 22 d8 4c 8b 30 0e 9c b3 19 35 f7 be 1e 08 c2 ab | 8b a1 73 a7 18 3d 82 d5 c9 7b 71 df 9f 17 71 be | 89 ec 3a 5f f8 a5 26 6a 92 7e 68 63 b3 87 ff 46 | 95 62 bb 8a db 43 e2 d2 3e 57 e4 db 47 26 26 67 | 62 4f 79 f4 85 fa e3 ad 4e 0b 41 64 e7 c4 ec 90 | fa f4 04 20 40 e3 f2 b1 49 b1 7c b7 16 e7 86 72 | 57 d6 45 b9 a1 4a d4 38 3c 8f d9 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #29) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 e2 2a cf 1f 46 65 06 5f 0e 75 3d 17 | ee 91 2e 2f 62 64 c4 82 10 91 61 95 01 ee 9d d8 | 44 df e8 81 8b c6 b1 b2 99 ee bb 5f cf 1f de 21 | 40 da 1c c1 34 3b b6 31 0f 37 3e 9e 41 71 6b 71 | 9f 4e 5c 3f fa 3c f5 d9 c2 91 f8 e0 34 71 bc f8 | c7 19 e4 4a 7f 6a f5 42 ee 9b 97 ef ca 9a 11 ce | b4 22 e9 64 34 64 39 47 4d 56 4c dd c4 f5 d2 c6 | ad 89 5a 88 79 4f 76 85 41 1f 7c c3 50 39 f1 ab | 77 88 7a be 9e 2e 99 6e 7b 4a 7c 5d 4f 12 71 68 | 3c 71 f5 7d 45 93 ee 0a 42 ff 24 6d c0 d5 ff 04 | db 77 34 08 39 3b 8f c5 f1 95 be 6a 9b 0c c5 1c | 21 12 c1 f6 15 ab 0d 16 a5 8e 2a 51 45 85 6b 9f | f5 35 f5 2c a6 5b f9 ec 3e 15 2d a6 97 b1 68 24 | 2b 07 bf 5e 0b 4a 6b c4 83 09 3e 58 f9 b0 08 a8 | 2c 99 ad 33 3c ef db 20 e9 fc 7c 75 7e a8 ec df | 10 5d 63 0e 7b d2 09 61 fe 20 f9 11 51 76 32 70 | dc bf 28 b6 7b 1f d6 e5 61 20 c5 e2 c8 98 dc be | a4 ce d8 2a 19 34 4a 70 b0 1d f5 7d 3c cf 15 98 | 87 d9 ef 92 c6 d7 cb f1 7d bd 17 76 88 5a e4 3d | 92 be ca 00 c2 1f c2 d0 35 63 1b dc 2b 9c be 0b | 32 76 80 d1 7e 22 11 40 83 45 7b 75 68 7b fe 6c | f3 d6 96 fb 2a 1a 5a 7b c9 66 2b ac 45 2f e5 46 | 7f e5 4c 7d b8 98 f2 27 26 5d 1c b0 dd cc 55 78 | 43 7e b8 a4 fb 36 60 d2 4b 6b 85 0f 75 cb 85 5b | 56 fb 49 98 28 86 d4 2f 43 16 3a 3e e4 c3 9f 7b | cc aa 4c f2 57 0e 14 c9 37 8d 77 0b 5c dc ef e1 | 3e 8e c8 84 65 c7 9f b4 6d e0 8a f9 e0 3c ea 5f | da 2b f8 0a a3 3f 05 a1 b0 e4 4b d0 85 cb fa fb | 49 54 67 f9 1c 08 da 12 ad 92 5c 03 11 e8 63 df | 26 38 f5 9a ef e9 dc ad 7e ad c7 79 df 28 99 e7 | 08 6b 8b cb a2 4a 66 31 b9 65 a1 05 98 bc 0c df | 0c 97 25 db cf 81 1d 3f 41 64 f8 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #29) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 e8 fd e8 30 79 35 f6 82 3c 24 0a 17 | 80 c7 e8 59 3d 12 c6 3c c0 29 2e 97 dd 81 72 aa | 00 12 98 1d c1 1b e8 9a 30 28 a1 9f 26 6d 51 53 | b6 04 16 66 14 f5 32 bb 29 a7 03 76 ca 42 e3 ad | 38 df 1f bf 9b cd 0b 67 20 e9 79 b0 ac 5d b4 07 | 7c b7 93 68 93 00 e9 d1 c9 76 e1 75 31 14 05 e3 | 5b fa 95 b9 5c e7 c5 98 5d 22 e9 c3 eb 9a 15 c9 | fd 8e 80 84 e0 5b 31 00 32 39 94 7b c5 26 74 a7 | bd 29 41 df fd 38 2f 44 c8 45 2d a2 86 40 3c 7e | 61 31 1c 8b e2 83 3a c9 1e 84 de c6 d3 e9 47 a0 | fa 15 dc 47 c9 bb 97 75 88 13 3b f6 4f 00 1e 0b | 3b 51 10 1e 05 b3 25 0d 3c 87 a6 50 66 b7 9e 16 | 01 3d b5 58 fa f9 b2 e0 ee 1d 9f 7c 20 12 bf 5e | 7e d5 57 cc fb 83 79 92 75 b2 98 e4 65 55 1f e4 | de 87 21 e4 14 77 a6 1e 81 d9 61 6e d4 f9 9d 6c | e7 a3 82 d8 2c 5d b1 fd 7e a2 39 c5 b1 0a 45 0b | 5b 5a fb 32 66 db fe 96 0f 02 46 b6 3e b0 20 71 | b4 2c 78 9d d6 3e b5 97 93 ce f9 9c 98 d9 db 60 | 02 b5 c6 1e bc 1a 96 a9 f5 14 2c 34 41 35 2b 18 | 99 94 05 12 c7 c1 17 01 78 7e 86 b9 46 bd 0a 60 | eb 2c 3d 8e 8e 55 67 3f 7a 0e 94 f8 c4 52 2e 30 | d5 84 e7 72 3f 59 84 15 4f 7f 5f d7 c9 72 5e 9d | 7f 23 79 a0 67 ca 2a 2b c2 f8 c1 d5 c9 5a df 56 | 09 1a e7 e5 01 15 29 75 7e 6b de d5 ef 60 e2 7f | 99 a8 0c 4d f8 88 8d fc 8a 16 12 a9 3a b9 2a 13 | 71 98 6a cd 47 48 a9 14 05 91 b8 6f d9 b0 3b 39 | 4b fa c3 89 0c 99 6b 02 12 fd 79 4e 70 59 42 36 | 8a 09 bc 58 8e 5a 04 69 50 2c c4 1d 1a 91 7d 90 | bc 78 54 e5 53 40 ee 69 79 3b b2 15 79 1c 61 f8 | c3 2b 4a 7d 42 49 88 c5 6b 18 79 ca 26 55 e3 de | 78 28 71 1d e4 e6 a8 8c 6c cc 88 4f 8f 47 cd 91 | 5e ee 35 77 db 58 f5 ba 99 7d 91 | sending 329 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #29) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 35 20 23 08 00 00 00 01 00 00 01 49 00 00 01 2d | 00 05 00 05 7e db b0 e2 f6 cb ba 6b 3b 49 b3 00 | 4f f8 de 66 5c c1 88 c1 8b 17 d8 b3 18 6a 58 32 | 55 f2 c7 27 e5 3d 16 b1 15 61 cf e7 77 09 e0 d4 | 55 c9 c0 13 78 40 dc 46 87 97 4f 41 92 64 cf ae | 6b 7d 2f 6c d0 dd 07 99 26 8d 56 b4 bb db e8 77 | 57 fd e6 f6 d4 c8 ce 84 e8 a3 20 35 cd 93 64 1c | db 08 98 f2 c3 e3 e2 04 db 8d 2d a4 04 66 ac 43 | d6 15 40 12 d0 4e ca 92 65 95 78 31 1b f3 3f e9 | b0 b0 8c 8a 61 dc f3 fd 99 4c fd 7c a8 c8 e2 a4 | d3 51 c0 b3 1a 8e 70 52 a5 87 5d 9d cc 9b 02 65 | d8 5f 6f 14 4a d1 16 3f ab 8a 31 a4 11 3b 8e 80 | 96 e4 30 93 93 00 c8 b2 c8 97 9e cd 1d c1 87 19 | d9 3b 2d 0f 65 de b3 f4 f2 db 75 d1 32 bd 39 5d | d5 04 4f dc b6 71 a9 df 93 55 36 cc b3 6f 0b f4 | 90 f0 75 1f ff c6 bb c8 56 68 0c b6 c0 41 69 ee | ad 25 01 e6 62 a9 b5 85 40 63 06 26 37 2c 58 c6 | 40 05 67 5d 28 3a 13 81 cb a5 6f 67 24 7b ab 81 | b5 8e 20 23 f4 8d 14 5a 70 87 ab 30 00 17 97 07 | d5 70 e7 87 c0 97 0d 53 a7 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "west-ekuCritical-eku-emailProtection" #30: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #30 | libevent_malloc: new ptr-libevent@0x7f207c001350 size 128 | #30 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49014.184658 | resume sending helper answer for #29 suppresed complete_v2_state_transition() | #29 spent 1.14 milliseconds | #29 spent 11.1 milliseconds in resume sending helper answer | stop processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2088004f00 | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6f c5 54 eb 41 4d 90 c1 1d 40 d5 51 c6 8c 5c e7 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | ca 55 e7 98 04 d2 56 ec 7f 61 ce b1 66 68 5c 4e | fa c2 25 f0 ac d9 2a cc e7 ac c1 f6 29 b0 45 a8 | a9 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6f c5 54 eb 41 4d 90 c1 | responder cookie: | 1d 40 d5 51 c6 8c 5c e7 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #29 in PARENT_I2 (find_v2_ike_sa) | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #30 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #30 is idle | #30 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #30 in state PARENT_I2: sent v2I2, expected v2R2 | #30 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "west-ekuCritical-eku-emailProtection" #30: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #29 ikev2.ike failed auth-failed "west-ekuCritical-eku-emailProtection" #30: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #30 fd@25 .st_dev=9 .st_ino=1744214 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #29 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f207c001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | event_schedule: new EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | inserting event EVENT_RETRANSMIT, timeout in 59.996798 seconds for #30 | libevent_malloc: new ptr-libevent@0x7f207c001350 size 128 "west-ekuCritical-eku-emailProtection" #30: STATE_PARENT_I2: suppressing retransmits; will wait 59.996798 seconds for retry | #30 spent 0.0534 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #30 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #29 spent 0.207 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.22 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical-eku-emailProtection" (in terminate_a_connection() at terminate.c:69) "west-ekuCritical-eku-emailProtection": terminating SAs using this connection | connection 'west-ekuCritical-eku-emailProtection' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x56366a5a2030} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #30 | suspend processing: connection "west-ekuCritical-eku-emailProtection" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #30 ikev2.child deleted other | #30 spent 0.0534 milliseconds in total | [RE]START processing: state #30 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuCritical-eku-emailProtection" #30: deleting state (STATE_PARENT_I2) aged 0.115s and NOT sending notification | child state #30: PARENT_I2(open IKE SA) => delete | child state #30: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #30 requesting EVENT_RETRANSMIT to be deleted | #30 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f207c001350 | free_event_entry: release EVENT_RETRANSMIT-pe@0x56366a5ea4d0 | priority calculation of connection "west-ekuCritical-eku-emailProtection" is 0xfdfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.2.45/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "west-ekuCritical-eku-emailProtection" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection west-ekuCritical-eku-emailProtection | State DB: deleting IKEv2 state #30 in CHILDSA_DEL | child state #30: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #30 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #29 | start processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #29 ikev2.ike deleted auth-failed | #29 spent 15.4 milliseconds in total | [RE]START processing: state #29 connection "west-ekuCritical-eku-emailProtection" from 192.1.2.23:500 (in delete_state() at state.c:879) "west-ekuCritical-eku-emailProtection" #29: deleting state (STATE_PARENT_I2) aged 0.123s and NOT sending notification | parent state #29: PARENT_I2(open IKE SA) => delete | state #29 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f2090006490 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2090001470 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection west-ekuCritical-eku-emailProtection | State DB: deleting IKEv2 state #29 in PARENT_I2 | parent state #29: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #29 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "west-ekuCritical-eku-emailProtection" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'west-ekuCritical-eku-emailProtection' wasn't on the list | stop processing: connection "west-ekuCritical-eku-emailProtection" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.303 milliseconds in whack | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_EXPIRE message | spent 0.422 milliseconds in kernel message | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_EXPIRE message | spent 0.00833 milliseconds in kernel message