Sep 21 07:20:24.830134: FIPS Product: YES Sep 21 07:20:24.830177: FIPS Kernel: NO Sep 21 07:20:24.830181: FIPS Mode: NO Sep 21 07:20:24.830183: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:20:24.830372: Initializing NSS Sep 21 07:20:24.830378: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:20:24.881091: NSS initialized Sep 21 07:20:24.881106: NSS crypto library initialized Sep 21 07:20:24.881108: FIPS HMAC integrity support [enabled] Sep 21 07:20:24.881109: FIPS mode disabled for pluto daemon Sep 21 07:20:24.951765: FIPS HMAC integrity verification self-test FAILED Sep 21 07:20:24.951863: libcap-ng support [enabled] Sep 21 07:20:24.951877: Linux audit support [enabled] Sep 21 07:20:24.951907: Linux audit activated Sep 21 07:20:24.951914: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:3531 Sep 21 07:20:24.951915: core dump dir: /tmp Sep 21 07:20:24.951917: secrets file: /etc/ipsec.secrets Sep 21 07:20:24.951918: leak-detective disabled Sep 21 07:20:24.951920: NSS crypto [enabled] Sep 21 07:20:24.951921: XAUTH PAM support [enabled] Sep 21 07:20:24.951986: | libevent is using pluto's memory allocator Sep 21 07:20:24.951993: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:20:24.952006: | libevent_malloc: new ptr-libevent@0x5556cb560100 size 40 Sep 21 07:20:24.952013: | libevent_malloc: new ptr-libevent@0x5556cb5613b0 size 40 Sep 21 07:20:24.952016: | libevent_malloc: new ptr-libevent@0x5556cb5613e0 size 40 Sep 21 07:20:24.952018: | creating event base Sep 21 07:20:24.952021: | libevent_malloc: new ptr-libevent@0x5556cb561370 size 56 Sep 21 07:20:24.952024: | libevent_malloc: new ptr-libevent@0x5556cb561410 size 664 Sep 21 07:20:24.952035: | libevent_malloc: new ptr-libevent@0x5556cb5616b0 size 24 Sep 21 07:20:24.952039: | libevent_malloc: new ptr-libevent@0x5556cb552de0 size 384 Sep 21 07:20:24.952048: | libevent_malloc: new ptr-libevent@0x5556cb5616d0 size 16 Sep 21 07:20:24.952051: | libevent_malloc: new ptr-libevent@0x5556cb5616f0 size 40 Sep 21 07:20:24.952054: | libevent_malloc: new ptr-libevent@0x5556cb561720 size 48 Sep 21 07:20:24.952060: | libevent_realloc: new ptr-libevent@0x5556cb4e3370 size 256 Sep 21 07:20:24.952063: | libevent_malloc: new ptr-libevent@0x5556cb561760 size 16 Sep 21 07:20:24.952069: | libevent_free: release ptr-libevent@0x5556cb561370 Sep 21 07:20:24.952072: | libevent initialized Sep 21 07:20:24.952076: | libevent_realloc: new ptr-libevent@0x5556cb561780 size 64 Sep 21 07:20:24.952080: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:20:24.952099: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:20:24.952102: NAT-Traversal support [enabled] Sep 21 07:20:24.952105: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:20:24.952111: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:20:24.952114: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:20:24.952153: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:20:24.952157: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:20:24.952159: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:20:24.952209: Encryption algorithms: Sep 21 07:20:24.952219: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:20:24.952224: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:20:24.952227: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:20:24.952231: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:20:24.952234: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:20:24.952243: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:20:24.952247: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:20:24.952251: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:20:24.952254: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:20:24.952258: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:20:24.952261: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:20:24.952265: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:20:24.952268: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:20:24.952271: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:20:24.952275: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:20:24.952277: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:20:24.952280: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:20:24.952287: Hash algorithms: Sep 21 07:20:24.952290: MD5 IKEv1: IKE IKEv2: Sep 21 07:20:24.952293: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:20:24.952296: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:20:24.952299: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:20:24.952302: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:20:24.952315: PRF algorithms: Sep 21 07:20:24.952319: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:20:24.952322: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:20:24.952325: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:20:24.952328: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:20:24.952331: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:20:24.952334: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:20:24.952359: Integrity algorithms: Sep 21 07:20:24.952364: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:20:24.952368: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:20:24.952371: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:20:24.952375: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:20:24.952379: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:20:24.952381: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:20:24.952385: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:20:24.952387: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:20:24.952390: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:20:24.952402: DH algorithms: Sep 21 07:20:24.952405: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:20:24.952407: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:20:24.952410: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:20:24.952414: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:20:24.952417: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:20:24.952419: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:20:24.952421: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:20:24.952424: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:20:24.952426: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:20:24.952428: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:20:24.952431: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:20:24.952433: testing CAMELLIA_CBC: Sep 21 07:20:24.952435: Camellia: 16 bytes with 128-bit key Sep 21 07:20:24.952554: Camellia: 16 bytes with 128-bit key Sep 21 07:20:24.952580: Camellia: 16 bytes with 256-bit key Sep 21 07:20:24.952609: Camellia: 16 bytes with 256-bit key Sep 21 07:20:24.952639: testing AES_GCM_16: Sep 21 07:20:24.952643: empty string Sep 21 07:20:24.952671: one block Sep 21 07:20:24.952691: two blocks Sep 21 07:20:24.952707: two blocks with associated data Sep 21 07:20:24.952723: testing AES_CTR: Sep 21 07:20:24.952725: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:20:24.952741: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:20:24.952757: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:20:24.952774: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:20:24.952797: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:20:24.952817: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:20:24.952834: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:20:24.952849: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:20:24.952866: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:20:24.952882: testing AES_CBC: Sep 21 07:20:24.952884: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:20:24.952900: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:20:24.952917: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:20:24.952935: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:20:24.952957: testing AES_XCBC: Sep 21 07:20:24.952958: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:20:24.953033: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:20:24.953112: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:20:24.953195: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:20:24.953271: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:20:24.953349: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:20:24.953425: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:20:24.953596: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:20:24.953672: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:20:24.953753: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:20:24.953909: testing HMAC_MD5: Sep 21 07:20:24.953913: RFC 2104: MD5_HMAC test 1 Sep 21 07:20:24.954024: RFC 2104: MD5_HMAC test 2 Sep 21 07:20:24.954117: RFC 2104: MD5_HMAC test 3 Sep 21 07:20:24.954265: 8 CPU cores online Sep 21 07:20:24.954269: starting up 7 crypto helpers Sep 21 07:20:24.954294: started thread for crypto helper 0 Sep 21 07:20:24.954309: started thread for crypto helper 1 Sep 21 07:20:24.954330: started thread for crypto helper 2 Sep 21 07:20:24.954337: | starting up helper thread 2 Sep 21 07:20:24.954351: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:20:24.954357: | crypto helper 2 waiting (nothing to do) Sep 21 07:20:24.954357: started thread for crypto helper 3 Sep 21 07:20:24.954382: started thread for crypto helper 4 Sep 21 07:20:24.954397: started thread for crypto helper 5 Sep 21 07:20:24.954412: started thread for crypto helper 6 Sep 21 07:20:24.954415: | checking IKEv1 state table Sep 21 07:20:24.954420: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954421: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:20:24.954423: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954425: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:20:24.954426: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:20:24.954428: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:20:24.954429: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:20:24.954430: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:20:24.954432: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:20:24.954433: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:20:24.954435: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:20:24.954436: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:20:24.954438: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:20:24.954439: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:20:24.954440: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:20:24.954442: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:20:24.954443: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:20:24.954445: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:20:24.954446: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:20:24.954447: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:20:24.954449: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:20:24.954450: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954452: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:20:24.954453: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954455: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954456: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:20:24.954458: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954459: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:20:24.954460: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:20:24.954462: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:20:24.954463: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:20:24.954465: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:20:24.954466: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:20:24.954468: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954469: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:20:24.954471: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954472: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:20:24.954474: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:20:24.954475: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:20:24.954477: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:20:24.954478: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:20:24.954480: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:20:24.954481: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:20:24.954483: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954484: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:20:24.954486: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954487: | INFO: category: informational flags: 0: Sep 21 07:20:24.954488: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954490: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:20:24.954491: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954493: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:20:24.954494: | -> XAUTH_R1 EVENT_NULL Sep 21 07:20:24.954496: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:20:24.954497: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:20:24.954499: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:20:24.954500: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:20:24.954502: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:20:24.954503: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:20:24.954507: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:20:24.954509: | -> UNDEFINED EVENT_NULL Sep 21 07:20:24.954510: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:20:24.954512: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:20:24.954513: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:20:24.954515: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:20:24.954516: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:20:24.954518: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:20:24.954522: | checking IKEv2 state table Sep 21 07:20:24.954526: | PARENT_I0: category: ignore flags: 0: Sep 21 07:20:24.954528: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:20:24.954529: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954531: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:20:24.954533: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:20:24.954535: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:20:24.954536: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:20:24.954538: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:20:24.954540: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:20:24.954541: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:20:24.954543: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:20:24.954544: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:20:24.954546: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:20:24.954547: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:20:24.954549: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:20:24.954550: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:20:24.954552: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954554: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:20:24.954555: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:20:24.954557: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:20:24.954558: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:20:24.954560: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:20:24.954562: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:20:24.954563: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:20:24.954565: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:20:24.954566: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:20:24.954568: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:20:24.954569: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:20:24.954571: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:20:24.954573: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:20:24.954574: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:20:24.954576: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:20:24.954578: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:20:24.954579: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:20:24.954581: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:20:24.954582: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:20:24.954584: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:20:24.954587: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:20:24.954589: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:20:24.954591: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:20:24.954592: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:20:24.954594: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:20:24.954596: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:20:24.954598: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:20:24.954599: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:20:24.954601: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:20:24.954602: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:20:24.954638: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:20:24.954685: | Hard-wiring algorithms Sep 21 07:20:24.954688: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:20:24.954690: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:20:24.954692: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:20:24.954693: | adding 3DES_CBC to kernel algorithm db Sep 21 07:20:24.954696: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:20:24.954697: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:20:24.954699: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:20:24.954701: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:20:24.954703: | adding AES_CTR to kernel algorithm db Sep 21 07:20:24.954705: | adding AES_CBC to kernel algorithm db Sep 21 07:20:24.954708: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:20:24.954710: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:20:24.954713: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:20:24.954715: | adding NULL to kernel algorithm db Sep 21 07:20:24.954717: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:20:24.954720: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:20:24.954722: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:20:24.954725: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:20:24.954727: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:20:24.954730: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:20:24.954732: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:20:24.954735: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:20:24.954737: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:20:24.954739: | adding NONE to kernel algorithm db Sep 21 07:20:24.954763: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:20:24.954769: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:20:24.954771: | setup kernel fd callback Sep 21 07:20:24.954775: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5556cb566e20 Sep 21 07:20:24.954778: | libevent_malloc: new ptr-libevent@0x5556cb572f40 size 128 Sep 21 07:20:24.954782: | libevent_malloc: new ptr-libevent@0x5556cb566100 size 16 Sep 21 07:20:24.954801: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5556cb566de0 Sep 21 07:20:24.954807: | libevent_malloc: new ptr-libevent@0x5556cb572fd0 size 128 Sep 21 07:20:24.954810: | libevent_malloc: new ptr-libevent@0x5556cb566120 size 16 Sep 21 07:20:24.954972: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:20:24.954978: selinux support is enabled. Sep 21 07:20:24.955041: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:20:24.955168: | unbound context created - setting debug level to 5 Sep 21 07:20:24.955190: | /etc/hosts lookups activated Sep 21 07:20:24.955200: | /etc/resolv.conf usage activated Sep 21 07:20:24.955232: | outgoing-port-avoid set 0-65535 Sep 21 07:20:24.955249: | outgoing-port-permit set 32768-60999 Sep 21 07:20:24.955250: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:20:24.955255: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:20:24.955257: | Setting up events, loop start Sep 21 07:20:24.955259: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5556cb561370 Sep 21 07:20:24.955261: | libevent_malloc: new ptr-libevent@0x5556cb57d4c0 size 128 Sep 21 07:20:24.955263: | libevent_malloc: new ptr-libevent@0x5556cb57d550 size 16 Sep 21 07:20:24.955267: | libevent_realloc: new ptr-libevent@0x5556cb4e16c0 size 256 Sep 21 07:20:24.955269: | libevent_malloc: new ptr-libevent@0x5556cb57d570 size 8 Sep 21 07:20:24.955271: | libevent_realloc: new ptr-libevent@0x5556cb572340 size 144 Sep 21 07:20:24.955272: | libevent_malloc: new ptr-libevent@0x5556cb57d590 size 152 Sep 21 07:20:24.955275: | libevent_malloc: new ptr-libevent@0x5556cb57d630 size 16 Sep 21 07:20:24.955277: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:20:24.955279: | libevent_malloc: new ptr-libevent@0x5556cb57d650 size 8 Sep 21 07:20:24.955281: | libevent_malloc: new ptr-libevent@0x5556cb57d670 size 152 Sep 21 07:20:24.955282: | signal event handler PLUTO_SIGTERM installed Sep 21 07:20:24.955284: | libevent_malloc: new ptr-libevent@0x5556cb57d710 size 8 Sep 21 07:20:24.955286: | libevent_malloc: new ptr-libevent@0x5556cb57d730 size 152 Sep 21 07:20:24.955287: | signal event handler PLUTO_SIGHUP installed Sep 21 07:20:24.955289: | libevent_malloc: new ptr-libevent@0x5556cb57d7d0 size 8 Sep 21 07:20:24.955291: | libevent_realloc: release ptr-libevent@0x5556cb572340 Sep 21 07:20:24.955292: | libevent_realloc: new ptr-libevent@0x5556cb57d7f0 size 256 Sep 21 07:20:24.955294: | libevent_malloc: new ptr-libevent@0x5556cb572340 size 152 Sep 21 07:20:24.955296: | signal event handler PLUTO_SIGSYS installed Sep 21 07:20:24.955567: | created addconn helper (pid:3665) using fork+execve Sep 21 07:20:24.955579: | forked child 3665 Sep 21 07:20:24.955610: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:24.955622: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:20:24.955627: listening for IKE messages Sep 21 07:20:24.955658: | Inspecting interface lo Sep 21 07:20:24.955662: | found lo with address 127.0.0.1 Sep 21 07:20:24.955664: | Inspecting interface eth1 Sep 21 07:20:24.955667: | found eth1 with address 192.1.2.45 Sep 21 07:20:24.955701: Kernel supports NIC esp-hw-offload Sep 21 07:20:24.955709: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:20:24.955727: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:20:24.955730: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:20:24.955732: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:20:24.955755: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:20:24.955779: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:20:24.955788: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:20:24.955794: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:20:24.955856: | no interfaces to sort Sep 21 07:20:24.955861: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:20:24.955868: | add_fd_read_event_handler: new ethX-pe@0x5556cb566970 Sep 21 07:20:24.955871: | libevent_malloc: new ptr-libevent@0x5556cb57da20 size 128 Sep 21 07:20:24.955875: | libevent_malloc: new ptr-libevent@0x5556cb57dab0 size 16 Sep 21 07:20:24.955884: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:20:24.955886: | add_fd_read_event_handler: new ethX-pe@0x5556cb57dad0 Sep 21 07:20:24.955889: | libevent_malloc: new ptr-libevent@0x5556cb57db10 size 128 Sep 21 07:20:24.955892: | libevent_malloc: new ptr-libevent@0x5556cb57dba0 size 16 Sep 21 07:20:24.955897: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:20:24.955899: | add_fd_read_event_handler: new ethX-pe@0x5556cb57dbc0 Sep 21 07:20:24.955902: | libevent_malloc: new ptr-libevent@0x5556cb57dc00 size 128 Sep 21 07:20:24.955908: | libevent_malloc: new ptr-libevent@0x5556cb57dc90 size 16 Sep 21 07:20:24.955913: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:20:24.955916: | add_fd_read_event_handler: new ethX-pe@0x5556cb57dcb0 Sep 21 07:20:24.955918: | libevent_malloc: new ptr-libevent@0x5556cb57dcf0 size 128 Sep 21 07:20:24.955921: | libevent_malloc: new ptr-libevent@0x5556cb57dd80 size 16 Sep 21 07:20:24.955926: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:20:24.955931: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:20:24.955933: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:20:24.955957: loading secrets from "/etc/ipsec.secrets" Sep 21 07:20:24.955977: | saving Modulus Sep 21 07:20:24.955981: | saving PublicExponent Sep 21 07:20:24.955984: | ignoring PrivateExponent Sep 21 07:20:24.955987: | ignoring Prime1 Sep 21 07:20:24.955991: | ignoring Prime2 Sep 21 07:20:24.955993: | ignoring Exponent1 Sep 21 07:20:24.955996: | ignoring Exponent2 Sep 21 07:20:24.956000: | ignoring Coefficient Sep 21 07:20:24.956003: | ignoring CKAIDNSS Sep 21 07:20:24.956035: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:20:24.956039: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:20:24.956043: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:20:24.956051: | certs and keys locked by 'process_secret' Sep 21 07:20:24.956054: | certs and keys unlocked by 'process_secret' Sep 21 07:20:24.956059: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:20:24.956067: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:24.956075: | spent 0.468 milliseconds in whack Sep 21 07:20:24.956088: | starting up helper thread 4 Sep 21 07:20:24.956095: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:20:24.956099: | crypto helper 4 waiting (nothing to do) Sep 21 07:20:24.957046: | starting up helper thread 5 Sep 21 07:20:24.957061: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:20:24.957064: | crypto helper 5 waiting (nothing to do) Sep 21 07:20:24.957074: | starting up helper thread 6 Sep 21 07:20:24.957080: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:20:24.957082: | crypto helper 6 waiting (nothing to do) Sep 21 07:20:24.957501: | starting up helper thread 1 Sep 21 07:20:24.957510: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:20:24.957513: | crypto helper 1 waiting (nothing to do) Sep 21 07:20:24.957528: | starting up helper thread 0 Sep 21 07:20:24.957533: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:20:24.957535: | crypto helper 0 waiting (nothing to do) Sep 21 07:20:24.961172: | starting up helper thread 3 Sep 21 07:20:24.961189: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:20:24.961192: | crypto helper 3 waiting (nothing to do) Sep 21 07:20:24.992023: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:24.992072: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:20:24.992080: listening for IKE messages Sep 21 07:20:24.992138: | Inspecting interface lo Sep 21 07:20:24.992148: | found lo with address 127.0.0.1 Sep 21 07:20:24.992152: | Inspecting interface eth1 Sep 21 07:20:24.992158: | found eth1 with address 192.1.2.45 Sep 21 07:20:24.992236: | no interfaces to sort Sep 21 07:20:24.992247: | libevent_free: release ptr-libevent@0x5556cb57da20 Sep 21 07:20:24.992251: | free_event_entry: release EVENT_NULL-pe@0x5556cb566970 Sep 21 07:20:24.992256: | add_fd_read_event_handler: new ethX-pe@0x5556cb566970 Sep 21 07:20:24.992260: | libevent_malloc: new ptr-libevent@0x5556cb57da20 size 128 Sep 21 07:20:24.992271: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:20:24.992276: | libevent_free: release ptr-libevent@0x5556cb57db10 Sep 21 07:20:24.992288: | free_event_entry: release EVENT_NULL-pe@0x5556cb57dad0 Sep 21 07:20:24.992292: | add_fd_read_event_handler: new ethX-pe@0x5556cb57dad0 Sep 21 07:20:24.992296: | libevent_malloc: new ptr-libevent@0x5556cb57db10 size 128 Sep 21 07:20:24.992303: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:20:24.992308: | libevent_free: release ptr-libevent@0x5556cb57dc00 Sep 21 07:20:24.992312: | free_event_entry: release EVENT_NULL-pe@0x5556cb57dbc0 Sep 21 07:20:24.992315: | add_fd_read_event_handler: new ethX-pe@0x5556cb57dbc0 Sep 21 07:20:24.992319: | libevent_malloc: new ptr-libevent@0x5556cb57dc00 size 128 Sep 21 07:20:24.992325: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:20:24.992330: | libevent_free: release ptr-libevent@0x5556cb57dcf0 Sep 21 07:20:24.992333: | free_event_entry: release EVENT_NULL-pe@0x5556cb57dcb0 Sep 21 07:20:24.992337: | add_fd_read_event_handler: new ethX-pe@0x5556cb57dcb0 Sep 21 07:20:24.992341: | libevent_malloc: new ptr-libevent@0x5556cb57dcf0 size 128 Sep 21 07:20:24.992347: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:20:24.992351: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:20:24.992355: forgetting secrets Sep 21 07:20:24.992367: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:20:24.992386: loading secrets from "/etc/ipsec.secrets" Sep 21 07:20:24.992409: | saving Modulus Sep 21 07:20:24.992413: | saving PublicExponent Sep 21 07:20:24.992418: | ignoring PrivateExponent Sep 21 07:20:24.992423: | ignoring Prime1 Sep 21 07:20:24.992427: | ignoring Prime2 Sep 21 07:20:24.992432: | ignoring Exponent1 Sep 21 07:20:24.992436: | ignoring Exponent2 Sep 21 07:20:24.992441: | ignoring Coefficient Sep 21 07:20:24.992445: | ignoring CKAIDNSS Sep 21 07:20:24.992479: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:20:24.992483: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:20:24.992488: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:20:24.992496: | certs and keys locked by 'process_secret' Sep 21 07:20:24.992500: | certs and keys unlocked by 'process_secret' Sep 21 07:20:24.992507: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:20:24.992518: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:24.992528: | spent 0.529 milliseconds in whack Sep 21 07:20:24.992976: | processing signal PLUTO_SIGCHLD Sep 21 07:20:24.992992: | waitpid returned pid 3665 (exited with status 0) Sep 21 07:20:24.992997: | reaped addconn helper child (status 0) Sep 21 07:20:24.993001: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:24.993006: | spent 0.0176 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:25.061240: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.061264: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.061266: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:20:25.061268: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.061269: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:20:25.061272: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.061278: | Added new connection westnet-eastnet-vti-01 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:20:25.061280: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:20:25.061316: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:20:25.061318: | from whack: got --esp= Sep 21 07:20:25.061339: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:20:25.061348: | counting wild cards for @west is 0 Sep 21 07:20:25.061350: | counting wild cards for @east is 0 Sep 21 07:20:25.061358: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:20:25.061361: | new hp@0x5556cb54a550 Sep 21 07:20:25.061365: added connection description "westnet-eastnet-vti-01" Sep 21 07:20:25.061372: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:20:25.061379: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:20:25.061385: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.061390: | spent 0.158 milliseconds in whack Sep 21 07:20:25.061425: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.061434: add keyid @west Sep 21 07:20:25.061438: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:20:25.061440: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:20:25.061442: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:20:25.061444: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:20:25.061446: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:20:25.061448: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:20:25.061450: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:20:25.061452: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:20:25.061454: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:20:25.061456: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:20:25.061458: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:20:25.061460: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:20:25.061462: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:20:25.061464: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:20:25.061466: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:20:25.061468: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:20:25.061470: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:20:25.061472: | add pubkey 15 04 37 f9 Sep 21 07:20:25.061496: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:20:25.061500: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:20:25.061506: | keyid: *AQOm9dY/4 Sep 21 07:20:25.061509: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:20:25.061511: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:20:25.061513: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:20:25.061515: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:20:25.061517: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:20:25.061519: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:20:25.061521: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:20:25.061523: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:20:25.061525: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:20:25.061527: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:20:25.061529: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:20:25.061531: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:20:25.061533: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:20:25.061535: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:20:25.061537: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:20:25.061539: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:20:25.061544: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:20:25.061546: | n 37 f9 Sep 21 07:20:25.061548: | e 03 Sep 21 07:20:25.061550: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:20:25.061552: | CKAID 7f 0f 03 50 Sep 21 07:20:25.061560: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.061565: | spent 0.146 milliseconds in whack Sep 21 07:20:25.061591: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.061598: add keyid @east Sep 21 07:20:25.061601: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:20:25.061602: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:20:25.061604: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:20:25.061605: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:20:25.061606: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:20:25.061608: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:20:25.061609: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:20:25.061610: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:20:25.061612: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:20:25.061613: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:20:25.061615: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:20:25.061616: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:20:25.061617: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:20:25.061619: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:20:25.061620: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:20:25.061622: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:20:25.061623: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:20:25.061624: | add pubkey 51 51 48 ef Sep 21 07:20:25.061632: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:20:25.061634: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:20:25.061636: | keyid: *AQO9bJbr3 Sep 21 07:20:25.061638: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:20:25.061639: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:20:25.061641: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:20:25.061642: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:20:25.061644: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:20:25.061645: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:20:25.061646: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:20:25.061648: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:20:25.061649: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:20:25.061650: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:20:25.061652: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:20:25.061653: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:20:25.061655: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:20:25.061656: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:20:25.061657: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:20:25.061659: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:20:25.061660: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:20:25.061661: | n 48 ef Sep 21 07:20:25.061663: | e 03 Sep 21 07:20:25.061664: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:20:25.061665: | CKAID 8a 82 25 f1 Sep 21 07:20:25.061670: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.061674: | spent 0.0857 milliseconds in whack Sep 21 07:20:25.182701: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.182724: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.182729: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:20:25.182732: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.182734: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:20:25.182738: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.182745: | Added new connection westnet-eastnet-vti-02 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:20:25.182748: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:20:25.182817: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:20:25.182824: | from whack: got --esp= Sep 21 07:20:25.182862: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:20:25.182868: | counting wild cards for @west is 0 Sep 21 07:20:25.182872: | counting wild cards for @east is 0 Sep 21 07:20:25.182881: | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:20:25.182886: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x5556cb54a550: westnet-eastnet-vti-01 Sep 21 07:20:25.182889: added connection description "westnet-eastnet-vti-02" Sep 21 07:20:25.182900: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:20:25.182912: | 10.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===10.0.2.0/24 Sep 21 07:20:25.182922: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.182929: | spent 0.23 milliseconds in whack Sep 21 07:20:25.182970: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.182981: add keyid @west Sep 21 07:20:25.182986: | unreference key: 0x5556cb506840 @west cnt 1-- Sep 21 07:20:25.182992: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:20:25.182994: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:20:25.182997: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:20:25.182999: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:20:25.183001: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:20:25.183004: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:20:25.183006: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:20:25.183009: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:20:25.183011: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:20:25.183013: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:20:25.183016: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:20:25.183018: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:20:25.183020: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:20:25.183023: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:20:25.183025: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:20:25.183027: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:20:25.183030: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:20:25.183038: | add pubkey 15 04 37 f9 Sep 21 07:20:25.183058: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:20:25.183061: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:20:25.183066: | keyid: *AQOm9dY/4 Sep 21 07:20:25.183069: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:20:25.183071: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:20:25.183073: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:20:25.183076: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:20:25.183078: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:20:25.183080: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:20:25.183082: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:20:25.183085: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:20:25.183087: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:20:25.183089: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:20:25.183091: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:20:25.183093: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:20:25.183095: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:20:25.183097: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:20:25.183099: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:20:25.183101: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:20:25.183103: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:20:25.183105: | n 37 f9 Sep 21 07:20:25.183107: | e 03 Sep 21 07:20:25.183109: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:20:25.183111: | CKAID 7f 0f 03 50 Sep 21 07:20:25.183118: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.183122: | spent 0.158 milliseconds in whack Sep 21 07:20:25.183153: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.183162: add keyid @east Sep 21 07:20:25.183165: | unreference key: 0x5556cb4d88f0 @east cnt 1-- Sep 21 07:20:25.183168: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:20:25.183171: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:20:25.183173: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:20:25.183175: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:20:25.183177: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:20:25.183179: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:20:25.183181: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:20:25.183184: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:20:25.183186: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:20:25.183188: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:20:25.183190: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:20:25.183192: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:20:25.183195: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:20:25.183197: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:20:25.183199: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:20:25.183201: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:20:25.183204: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:20:25.183206: | add pubkey 51 51 48 ef Sep 21 07:20:25.183214: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:20:25.183217: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:20:25.183221: | keyid: *AQO9bJbr3 Sep 21 07:20:25.183223: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:20:25.183229: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:20:25.183231: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:20:25.183234: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:20:25.183236: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:20:25.183238: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:20:25.183240: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:20:25.183242: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:20:25.183245: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:20:25.183247: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:20:25.183249: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:20:25.183251: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:20:25.183253: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:20:25.183256: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:20:25.183258: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:20:25.183260: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:20:25.183262: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:20:25.183264: | n 48 ef Sep 21 07:20:25.183267: | e 03 Sep 21 07:20:25.183269: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:20:25.183271: | CKAID 8a 82 25 f1 Sep 21 07:20:25.183279: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.183283: | spent 0.134 milliseconds in whack Sep 21 07:20:25.293546: | kernel_process_msg_cb process netlink message Sep 21 07:20:25.293563: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:20:25.293569: | spent 0.00865 milliseconds in kernel message Sep 21 07:20:25.424564: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.424591: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:20:25.424595: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.424601: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Sep 21 07:20:25.424604: | connection 'westnet-eastnet-vti-01' +POLICY_UP Sep 21 07:20:25.424607: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:20:25.424609: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:20:25.424629: | creating state object #1 at 0x5556cb5808e0 Sep 21 07:20:25.424633: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:20:25.424641: | pstats #1 ikev2.ike started Sep 21 07:20:25.424644: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:20:25.424648: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:20:25.424653: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:20:25.424661: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:20:25.424668: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:20:25.424672: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:20:25.424676: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #1 "westnet-eastnet-vti-01" Sep 21 07:20:25.424681: "westnet-eastnet-vti-01" #1: initiating v2 parent SA Sep 21 07:20:25.424691: | constructing local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE) Sep 21 07:20:25.424700: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:20:25.424709: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.424720: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:20:25.424726: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.424730: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:20:25.424735: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.424740: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:20:25.424745: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.424756: "westnet-eastnet-vti-01": constructed local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.424763: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:20:25.424767: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb582f90 Sep 21 07:20:25.424771: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:20:25.424776: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:25.424807: | #1 spent 0.188 milliseconds in ikev2_parent_outI1() Sep 21 07:20:25.424813: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:20:25.424817: | RESET processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:20:25.424820: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:20:25.424823: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:20:25.424825: | crypto helper 2 resuming Sep 21 07:20:25.424826: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:20:25.424835: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:20:25.424840: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.424846: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:20:25.424852: | spent 0.27 milliseconds in whack Sep 21 07:20:25.425584: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000737 seconds Sep 21 07:20:25.425592: | (#1) spent 0.743 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:20:25.425594: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:20:25.425596: | scheduling resume sending helper answer for #1 Sep 21 07:20:25.425598: | libevent_malloc: new ptr-libevent@0x7f85b8006900 size 128 Sep 21 07:20:25.425605: | crypto helper 2 waiting (nothing to do) Sep 21 07:20:25.425612: | processing resume sending helper answer for #1 Sep 21 07:20:25.425621: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:20:25.425629: | crypto helper 2 replies to request ID 1 Sep 21 07:20:25.425631: | calling continuation function 0x5556ca2e7630 Sep 21 07:20:25.425634: | ikev2_parent_outI1_continue for #1 Sep 21 07:20:25.425669: | **emit ISAKMP Message: Sep 21 07:20:25.425672: | initiator cookie: Sep 21 07:20:25.425674: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.425676: | responder cookie: Sep 21 07:20:25.425678: | 00 00 00 00 00 00 00 00 Sep 21 07:20:25.425681: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:25.425684: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.425687: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:20:25.425689: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:25.425692: | Message ID: 0 (0x0) Sep 21 07:20:25.425694: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:25.425710: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.425713: | Emitting ikev2_proposals ... Sep 21 07:20:25.425716: | ***emit IKEv2 Security Association Payload: Sep 21 07:20:25.425719: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.425722: | flags: none (0x0) Sep 21 07:20:25.425725: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:20:25.425727: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.425730: | discarding INTEG=NONE Sep 21 07:20:25.425732: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.425735: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.425737: | prop #: 1 (0x1) Sep 21 07:20:25.425740: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:25.425742: | spi size: 0 (0x0) Sep 21 07:20:25.425744: | # transforms: 11 (0xb) Sep 21 07:20:25.425747: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.425750: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425755: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.425757: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.425760: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425762: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.425765: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.425767: | length/value: 256 (0x100) Sep 21 07:20:25.425769: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.425772: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425776: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.425779: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:25.425782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425801: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425804: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425808: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.425811: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:25.425813: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425819: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425821: | discarding INTEG=NONE Sep 21 07:20:25.425823: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425830: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.425833: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425835: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425838: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425840: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425843: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425847: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:25.425850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425853: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425855: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425858: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425863: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425865: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:25.425868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425871: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425873: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425876: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425880: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425883: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:25.425886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425891: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425893: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425898: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425901: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:25.425904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425909: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425911: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425914: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425916: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425919: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425921: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:25.425924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425927: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425929: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425932: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425934: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425940: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:25.425943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425948: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425950: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.425953: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.425956: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.425958: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:25.425961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.425964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.425967: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.425969: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:20:25.425972: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.425974: | discarding INTEG=NONE Sep 21 07:20:25.425977: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.425980: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.425982: | prop #: 2 (0x2) Sep 21 07:20:25.425985: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:25.425987: | spi size: 0 (0x0) Sep 21 07:20:25.425989: | # transforms: 11 (0xb) Sep 21 07:20:25.425992: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.425995: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.425997: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426002: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.426005: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.426008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426010: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.426013: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.426015: | length/value: 128 (0x80) Sep 21 07:20:25.426020: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.426022: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426027: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.426030: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:25.426033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426038: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426043: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426045: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.426048: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:25.426050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426058: | discarding INTEG=NONE Sep 21 07:20:25.426060: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426065: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426067: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.426070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426075: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426078: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426085: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:25.426088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426093: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426095: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426102: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:25.426105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426113: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426118: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426120: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:25.426123: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426129: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426132: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426136: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426139: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:25.426142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426146: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426148: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426151: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426153: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426156: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:25.426159: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426164: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426167: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426169: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426171: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426174: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:25.426176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426179: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426181: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426184: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426186: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.426188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426191: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:25.426194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426199: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426201: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:20:25.426204: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.426207: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.426209: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.426211: | prop #: 3 (0x3) Sep 21 07:20:25.426214: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:25.426216: | spi size: 0 (0x0) Sep 21 07:20:25.426218: | # transforms: 13 (0xd) Sep 21 07:20:25.426221: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.426224: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.426229: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426231: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426234: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.426236: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:25.426238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426241: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.426244: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.426246: | length/value: 256 (0x100) Sep 21 07:20:25.426249: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.426251: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426255: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.426258: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:25.426260: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426265: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426267: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426272: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.426274: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:25.426277: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426283: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426285: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426287: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426289: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.426292: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:25.426294: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426296: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426299: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426301: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426305: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.426307: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:25.426310: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426313: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426315: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426317: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426322: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426324: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.426327: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426330: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426334: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426336: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426341: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426343: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:25.426346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426348: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426351: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426353: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426355: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426357: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426360: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:25.426362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426367: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426370: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426375: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426377: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:25.426380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426385: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426388: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426392: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426394: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:25.426397: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426402: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426405: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426412: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:25.426414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426419: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426422: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426428: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:25.426431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426436: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426437: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426439: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.426440: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426442: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:25.426444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426447: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426448: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:20:25.426450: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.426452: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.426453: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:25.426455: | prop #: 4 (0x4) Sep 21 07:20:25.426456: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:25.426458: | spi size: 0 (0x0) Sep 21 07:20:25.426459: | # transforms: 13 (0xd) Sep 21 07:20:25.426461: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.426463: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.426464: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426466: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426467: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.426469: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:25.426470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426472: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.426473: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.426475: | length/value: 128 (0x80) Sep 21 07:20:25.426477: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.426478: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426481: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.426482: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:25.426484: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426486: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426487: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426489: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426491: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.426493: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:25.426495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426498: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426500: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426503: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.426504: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:25.426506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426509: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426511: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426514: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.426515: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:25.426517: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426518: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426520: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426521: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426523: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426524: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426526: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.426527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426530: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426532: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426535: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426536: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:25.426538: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426541: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426542: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426545: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426547: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:25.426549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426552: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426553: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426556: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426557: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:25.426559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426563: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426565: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426566: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426569: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426570: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:25.426572: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426575: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426577: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426581: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:25.426583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426586: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426587: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426590: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426591: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:25.426593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426596: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426598: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.426599: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.426601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.426602: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:25.426604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.426605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.426607: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.426609: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:20:25.426611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.426613: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:20:25.426616: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:20:25.426618: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:20:25.426620: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.426622: | flags: none (0x0) Sep 21 07:20:25.426624: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.426627: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:20:25.426630: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.426634: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:20:25.426636: | ikev2 g^x e5 da 41 c5 a8 bf 30 22 b5 5f c3 fb 13 a5 dd 88 Sep 21 07:20:25.426639: | ikev2 g^x 95 95 70 7e 5a 74 28 1d 22 65 58 ac 2f 91 8e 51 Sep 21 07:20:25.426641: | ikev2 g^x 07 1e 85 f2 28 6e d3 ee 6b 31 90 2d 0d d5 db 3b Sep 21 07:20:25.426642: | ikev2 g^x cc b2 2b 98 90 5f 31 86 13 bc e4 4c 05 f3 38 11 Sep 21 07:20:25.426644: | ikev2 g^x b6 7f a7 23 da 60 55 01 9d 4c 74 2a a3 9c 74 33 Sep 21 07:20:25.426646: | ikev2 g^x 10 6a bf a1 3b a1 56 f5 46 0d 89 df 06 31 e1 fd Sep 21 07:20:25.426648: | ikev2 g^x 38 4d d3 ed d1 96 02 5f 37 da fb 8a ea f2 99 0d Sep 21 07:20:25.426650: | ikev2 g^x 52 5e 8e 72 b7 c6 8f 60 cd 7b d0 dc b9 20 68 5f Sep 21 07:20:25.426652: | ikev2 g^x 45 31 5d f0 8f fc c5 6b 65 78 0c 3e 6e 44 aa f1 Sep 21 07:20:25.426654: | ikev2 g^x 87 64 87 e6 b6 7f f7 92 47 1d 89 37 f1 27 77 db Sep 21 07:20:25.426656: | ikev2 g^x 20 9e 2f 16 8c ec b0 1c b1 2d 1b 98 0d 57 06 28 Sep 21 07:20:25.426658: | ikev2 g^x 25 e4 9a 38 26 8a 1f 08 81 d8 45 56 8a 8d 21 8b Sep 21 07:20:25.426660: | ikev2 g^x 69 d5 3c d1 a1 9d 13 ff d8 1d ba 26 2a 1c f2 f9 Sep 21 07:20:25.426662: | ikev2 g^x e8 e5 96 87 59 36 79 18 dd 8d 67 db 5a be 58 7a Sep 21 07:20:25.426664: | ikev2 g^x 93 bf 64 44 00 3e b1 58 00 98 12 96 99 50 cc b2 Sep 21 07:20:25.426665: | ikev2 g^x 71 0e 17 38 33 f9 b3 fa 6d 87 21 db ed 13 ef 4b Sep 21 07:20:25.426668: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:20:25.426670: | ***emit IKEv2 Nonce Payload: Sep 21 07:20:25.426672: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:20:25.426674: | flags: none (0x0) Sep 21 07:20:25.426677: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:20:25.426679: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:20:25.426682: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.426684: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:20:25.426687: | IKEv2 nonce 6a 8a ce 02 57 42 1e 2f 21 6f 27 ac ba 4f 1b eb Sep 21 07:20:25.426689: | IKEv2 nonce f2 85 75 fa 2b 26 62 94 bd d1 8f bf 8f 55 5c b7 Sep 21 07:20:25.426690: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:20:25.426693: | Adding a v2N Payload Sep 21 07:20:25.426695: | ***emit IKEv2 Notify Payload: Sep 21 07:20:25.426697: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.426699: | flags: none (0x0) Sep 21 07:20:25.426701: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:25.426703: | SPI size: 0 (0x0) Sep 21 07:20:25.426705: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:20:25.426708: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:20:25.426711: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.426713: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:20:25.426716: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:20:25.426719: | natd_hash: rcookie is zero Sep 21 07:20:25.426731: | natd_hash: hasher=0x5556ca3bd7a0(20) Sep 21 07:20:25.426734: | natd_hash: icookie= d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.426736: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:20:25.426738: | natd_hash: ip= c0 01 02 2d Sep 21 07:20:25.426740: | natd_hash: port= 01 f4 Sep 21 07:20:25.426742: | natd_hash: hash= fb 46 13 a8 e5 78 94 8b 58 c7 b1 03 a1 5f fc f1 Sep 21 07:20:25.426744: | natd_hash: hash= 72 90 12 7c Sep 21 07:20:25.426746: | Adding a v2N Payload Sep 21 07:20:25.426748: | ***emit IKEv2 Notify Payload: Sep 21 07:20:25.426751: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.426754: | flags: none (0x0) Sep 21 07:20:25.426757: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:25.426759: | SPI size: 0 (0x0) Sep 21 07:20:25.426761: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:20:25.426763: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:20:25.426766: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.426769: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:20:25.426771: | Notify data fb 46 13 a8 e5 78 94 8b 58 c7 b1 03 a1 5f fc f1 Sep 21 07:20:25.426773: | Notify data 72 90 12 7c Sep 21 07:20:25.426775: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:20:25.426777: | natd_hash: rcookie is zero Sep 21 07:20:25.426788: | natd_hash: hasher=0x5556ca3bd7a0(20) Sep 21 07:20:25.426794: | natd_hash: icookie= d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.426796: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:20:25.426798: | natd_hash: ip= c0 01 02 17 Sep 21 07:20:25.426800: | natd_hash: port= 01 f4 Sep 21 07:20:25.426802: | natd_hash: hash= d3 c0 e0 df 57 bb ff 67 38 3f f7 9c d6 54 5c 3c Sep 21 07:20:25.426804: | natd_hash: hash= 1a aa 5d 3e Sep 21 07:20:25.426806: | Adding a v2N Payload Sep 21 07:20:25.426809: | ***emit IKEv2 Notify Payload: Sep 21 07:20:25.426811: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.426813: | flags: none (0x0) Sep 21 07:20:25.426815: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:25.426817: | SPI size: 0 (0x0) Sep 21 07:20:25.426819: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:20:25.426822: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:20:25.426824: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.426827: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:20:25.426829: | Notify data d3 c0 e0 df 57 bb ff 67 38 3f f7 9c d6 54 5c 3c Sep 21 07:20:25.426831: | Notify data 1a aa 5d 3e Sep 21 07:20:25.426833: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:20:25.426836: | emitting length of ISAKMP Message: 828 Sep 21 07:20:25.426843: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:20:25.426854: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.426858: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:20:25.426860: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:20:25.426864: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:20:25.426867: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:20:25.426869: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:20:25.426875: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:20:25.426879: "westnet-eastnet-vti-01" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:20:25.426890: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:20:25.426901: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:25.426904: | d9 d3 8d 65 f4 84 fc f4 00 00 00 00 00 00 00 00 Sep 21 07:20:25.426906: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:20:25.426908: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:20:25.426910: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:20:25.426912: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:20:25.426916: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:20:25.426918: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:20:25.426921: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:20:25.426923: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:20:25.426925: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:20:25.426927: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:20:25.426929: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:20:25.426931: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:20:25.426933: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:20:25.426936: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:20:25.426938: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:20:25.426940: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:20:25.426942: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:20:25.426944: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:20:25.426946: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:20:25.426949: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:20:25.426951: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:20:25.426953: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:20:25.426956: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:20:25.426958: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:20:25.426960: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:20:25.426962: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:20:25.426964: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:20:25.426967: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:20:25.426969: | 28 00 01 08 00 0e 00 00 e5 da 41 c5 a8 bf 30 22 Sep 21 07:20:25.426971: | b5 5f c3 fb 13 a5 dd 88 95 95 70 7e 5a 74 28 1d Sep 21 07:20:25.426973: | 22 65 58 ac 2f 91 8e 51 07 1e 85 f2 28 6e d3 ee Sep 21 07:20:25.426975: | 6b 31 90 2d 0d d5 db 3b cc b2 2b 98 90 5f 31 86 Sep 21 07:20:25.426977: | 13 bc e4 4c 05 f3 38 11 b6 7f a7 23 da 60 55 01 Sep 21 07:20:25.426979: | 9d 4c 74 2a a3 9c 74 33 10 6a bf a1 3b a1 56 f5 Sep 21 07:20:25.426981: | 46 0d 89 df 06 31 e1 fd 38 4d d3 ed d1 96 02 5f Sep 21 07:20:25.426984: | 37 da fb 8a ea f2 99 0d 52 5e 8e 72 b7 c6 8f 60 Sep 21 07:20:25.426986: | cd 7b d0 dc b9 20 68 5f 45 31 5d f0 8f fc c5 6b Sep 21 07:20:25.426988: | 65 78 0c 3e 6e 44 aa f1 87 64 87 e6 b6 7f f7 92 Sep 21 07:20:25.426990: | 47 1d 89 37 f1 27 77 db 20 9e 2f 16 8c ec b0 1c Sep 21 07:20:25.426992: | b1 2d 1b 98 0d 57 06 28 25 e4 9a 38 26 8a 1f 08 Sep 21 07:20:25.426994: | 81 d8 45 56 8a 8d 21 8b 69 d5 3c d1 a1 9d 13 ff Sep 21 07:20:25.426996: | d8 1d ba 26 2a 1c f2 f9 e8 e5 96 87 59 36 79 18 Sep 21 07:20:25.426999: | dd 8d 67 db 5a be 58 7a 93 bf 64 44 00 3e b1 58 Sep 21 07:20:25.427001: | 00 98 12 96 99 50 cc b2 71 0e 17 38 33 f9 b3 fa Sep 21 07:20:25.427003: | 6d 87 21 db ed 13 ef 4b 29 00 00 24 6a 8a ce 02 Sep 21 07:20:25.427005: | 57 42 1e 2f 21 6f 27 ac ba 4f 1b eb f2 85 75 fa Sep 21 07:20:25.427007: | 2b 26 62 94 bd d1 8f bf 8f 55 5c b7 29 00 00 08 Sep 21 07:20:25.427009: | 00 00 40 2e 29 00 00 1c 00 00 40 04 fb 46 13 a8 Sep 21 07:20:25.427012: | e5 78 94 8b 58 c7 b1 03 a1 5f fc f1 72 90 12 7c Sep 21 07:20:25.427014: | 00 00 00 1c 00 00 40 05 d3 c0 e0 df 57 bb ff 67 Sep 21 07:20:25.427016: | 38 3f f7 9c d6 54 5c 3c 1a aa 5d 3e Sep 21 07:20:25.427065: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:25.427071: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:25.427074: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb582f90 Sep 21 07:20:25.427077: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:20:25.427081: | event_schedule: new EVENT_RETRANSMIT-pe@0x5556cb582f90 Sep 21 07:20:25.427088: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:20:25.427091: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:25.427097: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49071.795344 Sep 21 07:20:25.427100: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:20:25.427106: | #1 spent 1.45 milliseconds in resume sending helper answer Sep 21 07:20:25.427112: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:20:25.427115: | libevent_free: release ptr-libevent@0x7f85b8006900 Sep 21 07:20:25.429975: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:20:25.430002: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:20:25.430005: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.430008: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:20:25.430011: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:20:25.430013: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:20:25.430015: | 04 00 00 0e 28 00 01 08 00 0e 00 00 d5 1c 1f e0 Sep 21 07:20:25.430018: | 79 1c 0d 1b df 10 b2 e1 3c 1e 99 c5 63 bc 26 80 Sep 21 07:20:25.430020: | 89 4f a1 b2 c5 7c e9 92 52 a6 06 fd 95 5b aa 4d Sep 21 07:20:25.430023: | 07 2a 16 f3 d6 5a 7e 78 f8 ac 18 de f7 dc 14 6e Sep 21 07:20:25.430025: | af d6 b6 fd ee 86 34 b1 7b 34 81 26 73 a0 0e 5b Sep 21 07:20:25.430027: | c2 ed 6a 5f f1 49 b5 04 35 cf f0 47 9b 7a 61 95 Sep 21 07:20:25.430030: | fd 47 26 e8 85 e9 7d 62 7e 6d 0f f9 2d 56 0a bb Sep 21 07:20:25.430032: | c5 e0 c3 93 3c c3 53 29 d1 e8 a9 5b e0 5d ab 2d Sep 21 07:20:25.430035: | 12 95 5f 56 da aa 8a 45 f1 5f 88 54 1d 85 58 ac Sep 21 07:20:25.430037: | f4 19 d6 90 6f 0b cd 41 f1 e1 63 56 f6 ef cc 6b Sep 21 07:20:25.430039: | 13 da d3 6c af 87 4f bd 8c de 3f 59 d2 03 80 33 Sep 21 07:20:25.430042: | 01 68 62 a6 39 ac ec f9 d9 07 c3 98 0a 26 4b 6c Sep 21 07:20:25.430044: | ad ca c5 d9 15 7d 40 f3 74 7f 0a 20 b6 2e 22 bc Sep 21 07:20:25.430047: | 97 67 3e 69 1a f2 33 4a c9 a9 42 38 22 ed 0b a3 Sep 21 07:20:25.430049: | 46 93 fd 81 dd b3 39 75 01 aa 26 d8 f3 c8 8d fd Sep 21 07:20:25.430051: | 86 0f 88 b0 15 e6 6e bb 0c 1d 4b 00 95 99 29 ec Sep 21 07:20:25.430053: | 67 cf 9f 42 51 57 e6 59 dc 4a 0c d0 29 00 00 24 Sep 21 07:20:25.430056: | e9 b1 b2 4d 11 5e 9f 8f 85 07 e5 d3 4d 36 78 66 Sep 21 07:20:25.430058: | 55 ee cd c5 fa b9 0e 01 b9 96 63 08 ac 5c bc 94 Sep 21 07:20:25.430060: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:20:25.430063: | 77 06 03 6d 9d c1 df d0 bc 51 50 74 61 b0 cc 90 Sep 21 07:20:25.430065: | e5 7b 07 d1 00 00 00 1c 00 00 40 05 53 12 9b ab Sep 21 07:20:25.430068: | d7 62 66 dd d6 7f a7 fc 59 32 d2 54 8d cf be 33 Sep 21 07:20:25.430072: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:20:25.430076: | **parse ISAKMP Message: Sep 21 07:20:25.430079: | initiator cookie: Sep 21 07:20:25.430082: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.430084: | responder cookie: Sep 21 07:20:25.430086: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.430089: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:20:25.430092: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.430094: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:20:25.430097: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:20:25.430099: | Message ID: 0 (0x0) Sep 21 07:20:25.430102: | length: 432 (0x1b0) Sep 21 07:20:25.430105: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:20:25.430109: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:20:25.430116: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:20:25.430123: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:20:25.430128: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:20:25.430131: | #1 is idle Sep 21 07:20:25.430134: | #1 idle Sep 21 07:20:25.430136: | unpacking clear payload Sep 21 07:20:25.430139: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:20:25.430143: | ***parse IKEv2 Security Association Payload: Sep 21 07:20:25.430145: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:20:25.430148: | flags: none (0x0) Sep 21 07:20:25.430150: | length: 40 (0x28) Sep 21 07:20:25.430153: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:20:25.430155: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:20:25.430158: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:20:25.430161: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:20:25.430163: | flags: none (0x0) Sep 21 07:20:25.430166: | length: 264 (0x108) Sep 21 07:20:25.430168: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.430171: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:20:25.430173: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:20:25.430175: | ***parse IKEv2 Nonce Payload: Sep 21 07:20:25.430178: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:20:25.430180: | flags: none (0x0) Sep 21 07:20:25.430182: | length: 36 (0x24) Sep 21 07:20:25.430185: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:20:25.430187: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:20:25.430190: | ***parse IKEv2 Notify Payload: Sep 21 07:20:25.430193: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:20:25.430195: | flags: none (0x0) Sep 21 07:20:25.430197: | length: 8 (0x8) Sep 21 07:20:25.430200: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:25.430203: | SPI size: 0 (0x0) Sep 21 07:20:25.430205: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:20:25.430208: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:20:25.430211: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:20:25.430213: | ***parse IKEv2 Notify Payload: Sep 21 07:20:25.430215: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:20:25.430218: | flags: none (0x0) Sep 21 07:20:25.430220: | length: 28 (0x1c) Sep 21 07:20:25.430222: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:25.430225: | SPI size: 0 (0x0) Sep 21 07:20:25.430227: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:20:25.430230: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:20:25.430232: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:20:25.430235: | ***parse IKEv2 Notify Payload: Sep 21 07:20:25.430237: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.430240: | flags: none (0x0) Sep 21 07:20:25.430242: | length: 28 (0x1c) Sep 21 07:20:25.430245: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:25.430247: | SPI size: 0 (0x0) Sep 21 07:20:25.430250: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:20:25.430252: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:20:25.430255: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:20:25.430261: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:20:25.430265: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:20:25.430267: | Now let's proceed with state specific processing Sep 21 07:20:25.430270: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:20:25.430274: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:20:25.430293: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:25.430299: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:20:25.430303: | local proposal 1 type ENCR has 1 transforms Sep 21 07:20:25.430306: | local proposal 1 type PRF has 2 transforms Sep 21 07:20:25.430308: | local proposal 1 type INTEG has 1 transforms Sep 21 07:20:25.430310: | local proposal 1 type DH has 8 transforms Sep 21 07:20:25.430312: | local proposal 1 type ESN has 0 transforms Sep 21 07:20:25.430316: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:20:25.430318: | local proposal 2 type ENCR has 1 transforms Sep 21 07:20:25.430321: | local proposal 2 type PRF has 2 transforms Sep 21 07:20:25.430323: | local proposal 2 type INTEG has 1 transforms Sep 21 07:20:25.430325: | local proposal 2 type DH has 8 transforms Sep 21 07:20:25.430327: | local proposal 2 type ESN has 0 transforms Sep 21 07:20:25.430330: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:20:25.430332: | local proposal 3 type ENCR has 1 transforms Sep 21 07:20:25.430335: | local proposal 3 type PRF has 2 transforms Sep 21 07:20:25.430337: | local proposal 3 type INTEG has 2 transforms Sep 21 07:20:25.430339: | local proposal 3 type DH has 8 transforms Sep 21 07:20:25.430341: | local proposal 3 type ESN has 0 transforms Sep 21 07:20:25.430344: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:20:25.430347: | local proposal 4 type ENCR has 1 transforms Sep 21 07:20:25.430349: | local proposal 4 type PRF has 2 transforms Sep 21 07:20:25.430351: | local proposal 4 type INTEG has 2 transforms Sep 21 07:20:25.430354: | local proposal 4 type DH has 8 transforms Sep 21 07:20:25.430356: | local proposal 4 type ESN has 0 transforms Sep 21 07:20:25.430358: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:20:25.430361: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.430364: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:25.430366: | length: 36 (0x24) Sep 21 07:20:25.430368: | prop #: 1 (0x1) Sep 21 07:20:25.430370: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:25.430372: | spi size: 0 (0x0) Sep 21 07:20:25.430374: | # transforms: 3 (0x3) Sep 21 07:20:25.430378: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:20:25.430381: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.430383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.430386: | length: 12 (0xc) Sep 21 07:20:25.430388: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.430390: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.430393: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.430395: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.430398: | length/value: 256 (0x100) Sep 21 07:20:25.430402: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:20:25.430404: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.430407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.430409: | length: 8 (0x8) Sep 21 07:20:25.430411: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:25.430413: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:25.430417: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:20:25.430422: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.430424: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.430426: | length: 8 (0x8) Sep 21 07:20:25.430428: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.430430: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.430433: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:20:25.430436: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:20:25.430440: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:20:25.430443: | remote proposal 1 matches local proposal 1 Sep 21 07:20:25.430445: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:20:25.430448: | converting proposal to internal trans attrs Sep 21 07:20:25.430464: | natd_hash: hasher=0x5556ca3bd7a0(20) Sep 21 07:20:25.430468: | natd_hash: icookie= d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.430470: | natd_hash: rcookie= f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.430472: | natd_hash: ip= c0 01 02 2d Sep 21 07:20:25.430474: | natd_hash: port= 01 f4 Sep 21 07:20:25.430477: | natd_hash: hash= 53 12 9b ab d7 62 66 dd d6 7f a7 fc 59 32 d2 54 Sep 21 07:20:25.430479: | natd_hash: hash= 8d cf be 33 Sep 21 07:20:25.430485: | natd_hash: hasher=0x5556ca3bd7a0(20) Sep 21 07:20:25.430487: | natd_hash: icookie= d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.430490: | natd_hash: rcookie= f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.430492: | natd_hash: ip= c0 01 02 17 Sep 21 07:20:25.430494: | natd_hash: port= 01 f4 Sep 21 07:20:25.430496: | natd_hash: hash= 77 06 03 6d 9d c1 df d0 bc 51 50 74 61 b0 cc 90 Sep 21 07:20:25.430498: | natd_hash: hash= e5 7b 07 d1 Sep 21 07:20:25.430501: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:20:25.430503: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:20:25.430505: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:20:25.430508: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:20:25.430513: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:20:25.430517: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:20:25.430519: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:20:25.430522: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:20:25.430526: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:25.430528: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5556cb582f90 Sep 21 07:20:25.430531: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb582f90 Sep 21 07:20:25.430535: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:20:25.430538: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:25.430548: | #1 spent 0.273 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:20:25.430554: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.430558: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:20:25.430560: | suspending state #1 and saving MD Sep 21 07:20:25.430563: | #1 is busy; has a suspended MD Sep 21 07:20:25.430567: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:20:25.430570: | "westnet-eastnet-vti-01" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:20:25.430575: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:20:25.430579: | #1 spent 0.59 milliseconds in ikev2_process_packet() Sep 21 07:20:25.430585: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:20:25.430588: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:20:25.430591: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:20:25.430594: | spent 0.605 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:20:25.430604: | crypto helper 4 resuming Sep 21 07:20:25.430608: | crypto helper 4 starting work-order 2 for state #1 Sep 21 07:20:25.430611: | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:20:25.431517: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:20:25.431958: | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001346 seconds Sep 21 07:20:25.431971: | (#1) spent 1.35 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:20:25.431974: | crypto helper 4 sending results from work-order 2 for state #1 to event queue Sep 21 07:20:25.431977: | scheduling resume sending helper answer for #1 Sep 21 07:20:25.431980: | libevent_malloc: new ptr-libevent@0x7f85b0006b90 size 128 Sep 21 07:20:25.431990: | crypto helper 4 waiting (nothing to do) Sep 21 07:20:25.432002: | processing resume sending helper answer for #1 Sep 21 07:20:25.432010: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:20:25.432014: | crypto helper 4 replies to request ID 2 Sep 21 07:20:25.432016: | calling continuation function 0x5556ca2e7630 Sep 21 07:20:25.432019: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:20:25.432026: | creating state object #2 at 0x5556cb585830 Sep 21 07:20:25.432029: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:20:25.432034: | pstats #2 ikev2.child started Sep 21 07:20:25.432037: | duplicating state object #1 "westnet-eastnet-vti-01" as #2 for IPSEC SA Sep 21 07:20:25.432042: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:20:25.432049: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:20:25.432054: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:20:25.432059: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:20:25.432062: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:25.432065: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:25.432068: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb582f90 Sep 21 07:20:25.432071: | event_schedule: new EVENT_SA_REPLACE-pe@0x5556cb582f90 Sep 21 07:20:25.432074: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:20:25.432077: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:25.432081: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:20:25.432087: | **emit ISAKMP Message: Sep 21 07:20:25.432090: | initiator cookie: Sep 21 07:20:25.432092: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.432094: | responder cookie: Sep 21 07:20:25.432096: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.432099: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:25.432102: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.432104: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:20:25.432107: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:25.432109: | Message ID: 1 (0x1) Sep 21 07:20:25.432112: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:25.432115: | ***emit IKEv2 Encryption Payload: Sep 21 07:20:25.432122: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.432125: | flags: none (0x0) Sep 21 07:20:25.432128: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:20:25.432131: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.432134: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:20:25.432141: | IKEv2 CERT: send a certificate? Sep 21 07:20:25.432144: | IKEv2 CERT: no certificate to send Sep 21 07:20:25.432146: | IDr payload will be sent Sep 21 07:20:25.432160: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:20:25.432163: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.432165: | flags: none (0x0) Sep 21 07:20:25.432167: | ID type: ID_FQDN (0x2) Sep 21 07:20:25.432171: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:20:25.432173: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.432177: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:20:25.432179: | my identity 77 65 73 74 Sep 21 07:20:25.432182: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:20:25.432190: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:20:25.432193: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:20:25.432195: | flags: none (0x0) Sep 21 07:20:25.432197: | ID type: ID_FQDN (0x2) Sep 21 07:20:25.432200: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:20:25.432203: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:20:25.432206: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.432209: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:20:25.432211: | IDr 65 61 73 74 Sep 21 07:20:25.432214: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:20:25.432216: | not sending INITIAL_CONTACT Sep 21 07:20:25.432219: | ****emit IKEv2 Authentication Payload: Sep 21 07:20:25.432221: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.432223: | flags: none (0x0) Sep 21 07:20:25.432226: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:20:25.432229: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:20:25.432232: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.432238: | started looking for secret for @west->@east of kind PKK_RSA Sep 21 07:20:25.432241: | actually looking for secret for @west->@east of kind PKK_RSA Sep 21 07:20:25.432245: | line 1: key type PKK_RSA(@west) to type PKK_RSA Sep 21 07:20:25.432249: | 1: compared key (none) to @west / @east -> 002 Sep 21 07:20:25.432252: | 2: compared key (none) to @west / @east -> 002 Sep 21 07:20:25.432255: | line 1: match=002 Sep 21 07:20:25.432258: | match 002 beats previous best_match 000 match=0x5556cb573100 (line=1) Sep 21 07:20:25.432260: | concluding with best_match=002 best=0x5556cb573100 (lineno=1) Sep 21 07:20:25.437134: | #1 spent 4.82 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:20:25.437149: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:20:25.437153: | rsa signature 2d b0 ee 20 5b 3e bb 3e 22 78 90 22 54 a5 5b 17 Sep 21 07:20:25.437156: | rsa signature eb b1 f9 c5 ca ac 7e 46 cb a8 a3 6b 7c 1c 5c d0 Sep 21 07:20:25.437162: | rsa signature 7e 8e 0a e8 65 b5 68 08 85 dd 84 1b ff a6 2b 19 Sep 21 07:20:25.437164: | rsa signature e2 f1 45 ca 8e b6 4e b6 f7 53 c9 ee 3d 37 23 b5 Sep 21 07:20:25.437167: | rsa signature 34 ad 26 e7 34 0f ac f5 b5 bf f1 38 6f 87 9b 75 Sep 21 07:20:25.437169: | rsa signature 91 63 41 8f 53 ee 46 19 53 9d 3b d6 21 59 05 a4 Sep 21 07:20:25.437171: | rsa signature 5f db 85 38 59 e2 a3 52 62 5e 12 2b b5 1c c7 92 Sep 21 07:20:25.437174: | rsa signature ab 4e af d1 ae fa a2 d7 d3 51 9f 97 53 b0 00 68 Sep 21 07:20:25.437176: | rsa signature 02 d3 3e 2c 3a 00 20 3c 91 ff 5e 4f f6 f0 cb e3 Sep 21 07:20:25.437178: | rsa signature 0a 58 86 ff 34 2e 74 01 41 51 08 a5 53 04 7d fd Sep 21 07:20:25.437181: | rsa signature b7 dc 41 ae 85 cb 1f eb b0 42 f4 9b 02 28 7c d7 Sep 21 07:20:25.437183: | rsa signature 56 30 56 23 0c 89 b2 cf de 27 4f 17 1e 03 a3 eb Sep 21 07:20:25.437185: | rsa signature 61 48 c2 f8 63 3e 82 e7 91 5d fe ac 0e a9 4b 7b Sep 21 07:20:25.437187: | rsa signature 54 6b b0 42 4b 27 1e 03 df 19 62 c1 4f cf 1d 76 Sep 21 07:20:25.437190: | rsa signature 7b ec 40 ca f0 9e c4 89 bc 19 18 aa 5f 1f 08 c5 Sep 21 07:20:25.437192: | rsa signature 4a a6 86 d8 44 17 61 61 6f 0f 64 67 cd c4 53 93 Sep 21 07:20:25.437194: | rsa signature b8 fd fe b8 7c 03 89 c7 d1 44 8c 6f 76 e8 29 f2 Sep 21 07:20:25.437196: | rsa signature 35 5d Sep 21 07:20:25.437201: | #1 spent 4.93 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:20:25.437204: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:20:25.437207: | getting first pending from state #1 Sep 21 07:20:25.437619: | netlink_get_spi: allocated 0xf260dfc for esp.0@192.1.2.45 Sep 21 07:20:25.437625: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:20:25.437631: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:20:25.437638: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:20:25.437641: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:20:25.437645: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:20:25.437649: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:20:25.437653: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:20:25.437656: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:20:25.437660: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:20:25.437668: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:20:25.437680: | Emitting ikev2_proposals ... Sep 21 07:20:25.437684: | ****emit IKEv2 Security Association Payload: Sep 21 07:20:25.437687: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.437689: | flags: none (0x0) Sep 21 07:20:25.437693: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:20:25.437696: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.437699: | discarding INTEG=NONE Sep 21 07:20:25.437701: | discarding DH=NONE Sep 21 07:20:25.437703: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.437706: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.437708: | prop #: 1 (0x1) Sep 21 07:20:25.437711: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.437715: | spi size: 4 (0x4) Sep 21 07:20:25.437718: | # transforms: 2 (0x2) Sep 21 07:20:25.437720: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.437724: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.437726: | our spi 0f 26 0d fc Sep 21 07:20:25.437728: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437733: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.437736: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.437738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437741: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.437744: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.437746: | length/value: 256 (0x100) Sep 21 07:20:25.437749: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.437751: | discarding INTEG=NONE Sep 21 07:20:25.437753: | discarding DH=NONE Sep 21 07:20:25.437755: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437757: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.437760: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.437762: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.437765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437770: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.437772: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:20:25.437775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.437777: | discarding INTEG=NONE Sep 21 07:20:25.437779: | discarding DH=NONE Sep 21 07:20:25.437781: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.437791: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.437793: | prop #: 2 (0x2) Sep 21 07:20:25.437796: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.437798: | spi size: 4 (0x4) Sep 21 07:20:25.437800: | # transforms: 2 (0x2) Sep 21 07:20:25.437803: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.437805: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.437808: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.437810: | our spi 0f 26 0d fc Sep 21 07:20:25.437813: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437817: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.437819: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.437822: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437825: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.437827: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.437829: | length/value: 128 (0x80) Sep 21 07:20:25.437832: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.437834: | discarding INTEG=NONE Sep 21 07:20:25.437836: | discarding DH=NONE Sep 21 07:20:25.437838: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437840: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.437843: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.437847: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.437851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437853: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437856: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.437858: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:20:25.437861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.437863: | discarding DH=NONE Sep 21 07:20:25.437866: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.437868: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.437870: | prop #: 3 (0x3) Sep 21 07:20:25.437873: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.437875: | spi size: 4 (0x4) Sep 21 07:20:25.437877: | # transforms: 4 (0x4) Sep 21 07:20:25.437880: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.437883: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.437886: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.437888: | our spi 0f 26 0d fc Sep 21 07:20:25.437891: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437895: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.437897: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:25.437900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437902: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.437904: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.437907: | length/value: 256 (0x100) Sep 21 07:20:25.437909: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.437912: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437916: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.437918: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:25.437921: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437926: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.437928: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437931: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437933: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.437935: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:25.437938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437940: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437943: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.437945: | discarding DH=NONE Sep 21 07:20:25.437947: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437949: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.437952: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.437954: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.437959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.437962: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.437965: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.437967: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:20:25.437970: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.437972: | discarding DH=NONE Sep 21 07:20:25.437975: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.437977: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:25.437979: | prop #: 4 (0x4) Sep 21 07:20:25.437981: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.437983: | spi size: 4 (0x4) Sep 21 07:20:25.437985: | # transforms: 4 (0x4) Sep 21 07:20:25.437988: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.437990: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.437993: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.437995: | our spi 0f 26 0d fc Sep 21 07:20:25.437997: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.437999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.438001: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.438003: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:25.438006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.438008: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.438011: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.438013: | length/value: 128 (0x80) Sep 21 07:20:25.438015: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.438017: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.438020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.438022: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.438024: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:25.438027: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.438029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.438031: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.438034: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.438036: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.438038: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.438041: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:25.438043: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.438046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.438048: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.438050: | discarding DH=NONE Sep 21 07:20:25.438052: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.438055: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.438057: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.438059: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.438062: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.438069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.438071: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.438073: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:20:25.438076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.438078: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:20:25.438081: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:20:25.438085: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:20:25.438088: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.438090: | flags: none (0x0) Sep 21 07:20:25.438092: | number of TS: 1 (0x1) Sep 21 07:20:25.438095: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:20:25.438098: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.438101: | *****emit IKEv2 Traffic Selector: Sep 21 07:20:25.438103: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.438105: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.438107: | start port: 0 (0x0) Sep 21 07:20:25.438110: | end port: 65535 (0xffff) Sep 21 07:20:25.438113: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:20:25.438115: | IP start c0 00 01 00 Sep 21 07:20:25.438117: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:20:25.438119: | IP end c0 00 01 ff Sep 21 07:20:25.438122: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:20:25.438124: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:20:25.438127: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:20:25.438129: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.438131: | flags: none (0x0) Sep 21 07:20:25.438133: | number of TS: 1 (0x1) Sep 21 07:20:25.438137: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:20:25.438139: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.438142: | *****emit IKEv2 Traffic Selector: Sep 21 07:20:25.438144: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.438146: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.438148: | start port: 0 (0x0) Sep 21 07:20:25.438150: | end port: 65535 (0xffff) Sep 21 07:20:25.438153: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:20:25.438156: | IP start c0 00 02 00 Sep 21 07:20:25.438158: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:20:25.438161: | IP end c0 00 02 ff Sep 21 07:20:25.438163: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:20:25.438166: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:20:25.438168: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:20:25.438171: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:20:25.438174: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:25.438177: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:20:25.438180: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:20:25.438182: | emitting length of IKEv2 Encryption Payload: 547 Sep 21 07:20:25.438185: | emitting length of ISAKMP Message: 575 Sep 21 07:20:25.438191: | **parse ISAKMP Message: Sep 21 07:20:25.438194: | initiator cookie: Sep 21 07:20:25.438196: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.438199: | responder cookie: Sep 21 07:20:25.438201: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.438203: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:20:25.438206: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.438209: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:20:25.438212: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:25.438214: | Message ID: 1 (0x1) Sep 21 07:20:25.438216: | length: 575 (0x23f) Sep 21 07:20:25.438219: | **parse IKEv2 Encryption Payload: Sep 21 07:20:25.438222: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:20:25.438224: | flags: none (0x0) Sep 21 07:20:25.438227: | length: 547 (0x223) Sep 21 07:20:25.438229: | **emit ISAKMP Message: Sep 21 07:20:25.438232: | initiator cookie: Sep 21 07:20:25.438234: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.438236: | responder cookie: Sep 21 07:20:25.438239: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.438242: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:25.438244: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.438246: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:20:25.438249: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:25.438251: | Message ID: 1 (0x1) Sep 21 07:20:25.438254: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:25.438257: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:20:25.438259: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:20:25.438262: | flags: none (0x0) Sep 21 07:20:25.438264: | fragment number: 1 (0x1) Sep 21 07:20:25.438267: | total fragments: 2 (0x2) Sep 21 07:20:25.438270: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:20:25.438273: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:20:25.438276: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:20:25.438279: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:20:25.438287: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:20:25.438290: | cleartext fragment 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Sep 21 07:20:25.438293: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 00 Sep 21 07:20:25.438295: | cleartext fragment 2d b0 ee 20 5b 3e bb 3e 22 78 90 22 54 a5 5b 17 Sep 21 07:20:25.438298: | cleartext fragment eb b1 f9 c5 ca ac 7e 46 cb a8 a3 6b 7c 1c 5c d0 Sep 21 07:20:25.438300: | cleartext fragment 7e 8e 0a e8 65 b5 68 08 85 dd 84 1b ff a6 2b 19 Sep 21 07:20:25.438302: | cleartext fragment e2 f1 45 ca 8e b6 4e b6 f7 53 c9 ee 3d 37 23 b5 Sep 21 07:20:25.438305: | cleartext fragment 34 ad 26 e7 34 0f ac f5 b5 bf f1 38 6f 87 9b 75 Sep 21 07:20:25.438307: | cleartext fragment 91 63 41 8f 53 ee 46 19 53 9d 3b d6 21 59 05 a4 Sep 21 07:20:25.438309: | cleartext fragment 5f db 85 38 59 e2 a3 52 62 5e 12 2b b5 1c c7 92 Sep 21 07:20:25.438311: | cleartext fragment ab 4e af d1 ae fa a2 d7 d3 51 9f 97 53 b0 00 68 Sep 21 07:20:25.438314: | cleartext fragment 02 d3 3e 2c 3a 00 20 3c 91 ff 5e 4f f6 f0 cb e3 Sep 21 07:20:25.438316: | cleartext fragment 0a 58 86 ff 34 2e 74 01 41 51 08 a5 53 04 7d fd Sep 21 07:20:25.438319: | cleartext fragment b7 dc 41 ae 85 cb 1f eb b0 42 f4 9b 02 28 7c d7 Sep 21 07:20:25.438321: | cleartext fragment 56 30 56 23 0c 89 b2 cf de 27 4f 17 1e 03 a3 eb Sep 21 07:20:25.438323: | cleartext fragment 61 48 c2 f8 63 3e 82 e7 91 5d fe ac 0e a9 4b 7b Sep 21 07:20:25.438326: | cleartext fragment 54 6b b0 42 4b 27 1e 03 df 19 62 c1 4f cf 1d 76 Sep 21 07:20:25.438328: | cleartext fragment 7b ec 40 ca f0 9e c4 89 bc 19 18 aa 5f 1f 08 c5 Sep 21 07:20:25.438332: | cleartext fragment 4a a6 86 d8 44 17 61 61 6f 0f 64 67 cd c4 53 93 Sep 21 07:20:25.438334: | cleartext fragment b8 fd fe b8 7c 03 89 c7 d1 44 8c 6f 76 e8 29 f2 Sep 21 07:20:25.438337: | cleartext fragment 35 5d 2c 00 00 a4 02 00 00 20 01 03 04 02 0f 26 Sep 21 07:20:25.438339: | cleartext fragment 0d fc 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 Sep 21 07:20:25.438341: | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 0f 26 Sep 21 07:20:25.438344: | cleartext fragment 0d fc 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 Sep 21 07:20:25.438346: | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 0f 26 Sep 21 07:20:25.438348: | cleartext fragment 0d fc 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 Sep 21 07:20:25.438351: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Sep 21 07:20:25.438353: | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 0f 26 Sep 21 07:20:25.438355: | cleartext fragment 0d fc 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 Sep 21 07:20:25.438358: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Sep 21 07:20:25.438360: | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 Sep 21 07:20:25.438363: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:25.438366: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:20:25.438369: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:20:25.438371: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:20:25.438373: | emitting length of ISAKMP Message: 539 Sep 21 07:20:25.438387: | **emit ISAKMP Message: Sep 21 07:20:25.438390: | initiator cookie: Sep 21 07:20:25.438392: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.438394: | responder cookie: Sep 21 07:20:25.438396: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.438398: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:25.438401: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.438403: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:20:25.438406: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:25.438409: | Message ID: 1 (0x1) Sep 21 07:20:25.438411: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:25.438414: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:20:25.438417: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.438419: | flags: none (0x0) Sep 21 07:20:25.438421: | fragment number: 2 (0x2) Sep 21 07:20:25.438423: | total fragments: 2 (0x2) Sep 21 07:20:25.438426: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:20:25.438428: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:20:25.438431: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:20:25.438434: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:20:25.438440: | emitting 40 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:20:25.438442: | cleartext fragment 07 00 00 10 00 00 ff ff c0 00 01 00 c0 00 01 ff Sep 21 07:20:25.438445: | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff Sep 21 07:20:25.438447: | cleartext fragment c0 00 02 00 c0 00 02 ff Sep 21 07:20:25.438450: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:25.438452: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:20:25.438454: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:20:25.438456: | emitting length of IKEv2 Encrypted Fragment: 73 Sep 21 07:20:25.438459: | emitting length of ISAKMP Message: 101 Sep 21 07:20:25.438469: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.438476: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.438481: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:20:25.438483: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:20:25.438487: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:20:25.438490: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:20:25.438495: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:20:25.438501: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:20:25.438506: "westnet-eastnet-vti-01" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:20:25.438517: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:20:25.438519: | sending fragments ... Sep 21 07:20:25.438526: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:25.438528: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.438531: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:20:25.438534: | 00 01 00 02 07 1c b5 25 e8 7a 56 95 3c 20 33 c0 Sep 21 07:20:25.438536: | a5 4f 10 2b 35 03 f8 55 a5 d9 0c 59 aa 73 c5 fb Sep 21 07:20:25.438538: | fb ff 46 b2 d5 57 4e 4f 34 41 b2 f9 3b 8c b4 2c Sep 21 07:20:25.438540: | 34 a0 2b df f8 c1 c2 e3 b9 0e 47 6b fb 30 00 1d Sep 21 07:20:25.438543: | 40 e7 6d de 90 57 b0 3a 8a 60 dc 0d ce 62 24 ea Sep 21 07:20:25.438545: | 9d f8 0e ac 9a f9 2e 13 23 02 3e a6 cd 4d 38 97 Sep 21 07:20:25.438548: | 54 2b 6f 87 2c f0 02 80 8a 1c 43 e1 ab a9 54 09 Sep 21 07:20:25.438550: | 11 6d cc fe 09 62 d6 4f 95 c7 3f bd 0f 59 57 81 Sep 21 07:20:25.438552: | 7a bf 66 df 4b f0 5c 5c a8 7e e6 f4 60 64 ce e7 Sep 21 07:20:25.438554: | 7f 76 5d 77 cd 0d f0 ba a8 be 4a 63 ec 80 7c 96 Sep 21 07:20:25.438557: | 00 b0 0d e5 d7 6a fa 20 f4 bc 08 90 5c a0 65 f8 Sep 21 07:20:25.438559: | b7 89 bf 43 ae 0e 18 2c fc 1e c5 74 e6 5d db 4f Sep 21 07:20:25.438561: | 49 5d 4a 3f e3 18 ae c8 7d 6d 64 f0 d5 44 43 8b Sep 21 07:20:25.438563: | 74 a9 a4 ff d5 a6 5f 04 d5 27 13 2a 37 b2 bd 78 Sep 21 07:20:25.438566: | 6a 01 41 dd fe d7 7f e7 5a 14 6f e9 37 e6 ed 77 Sep 21 07:20:25.438568: | e8 88 3a a2 3b ef 9e 72 b4 7f 99 5e 6e c8 e9 4b Sep 21 07:20:25.438570: | df 28 72 84 88 18 f7 b9 4c 2a 45 de 95 f5 32 34 Sep 21 07:20:25.438572: | ee 97 f8 4d 43 ae 57 12 00 3a 6b e1 e2 bd 05 94 Sep 21 07:20:25.438575: | e2 63 12 d7 71 36 aa 85 b7 f1 93 71 0b c0 ab ed Sep 21 07:20:25.438577: | 08 4c b1 2d ad 01 d5 fa 81 d5 14 82 d7 96 0a 8c Sep 21 07:20:25.438579: | e8 0e 03 1b 3e c6 49 fa b8 c4 b3 09 8f 2d 27 ab Sep 21 07:20:25.438581: | e5 cc 4d d3 0e 61 09 a1 5d 65 6d 7c 6f 02 ca bc Sep 21 07:20:25.438583: | f8 58 fd 11 08 31 bf 53 ad 91 c4 eb 0e 9d 9d e4 Sep 21 07:20:25.438585: | 44 31 69 43 d9 0a 9c 4a 68 8c d5 1b b5 f5 db 68 Sep 21 07:20:25.438588: | 24 c8 59 24 81 97 39 8a fc 01 79 ed 06 6a 0d 0d Sep 21 07:20:25.438590: | e7 6f 06 59 c1 04 d6 2b 8d a8 18 bb 6b fd b2 44 Sep 21 07:20:25.438592: | 7e df 52 fd eb 83 2f ce 16 5e 80 5c 39 fb 17 1f Sep 21 07:20:25.438594: | f1 f3 62 77 93 70 29 ee 38 39 ff 1b b4 67 3e cd Sep 21 07:20:25.438596: | 00 92 18 8e d5 d7 f0 a9 b4 ab 9b 76 5d d0 88 d8 Sep 21 07:20:25.438598: | e2 73 6a b7 ee 94 7a aa fd 27 2c 39 06 43 a3 27 Sep 21 07:20:25.438600: | e3 a0 51 f4 d5 4f 18 ef 99 5a f3 be e5 50 d6 ce Sep 21 07:20:25.438605: | c8 e8 fe 63 3a 8f 62 4f cc 87 e1 Sep 21 07:20:25.438654: | sending 101 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:25.438658: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.438660: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Sep 21 07:20:25.438662: | 00 02 00 02 79 9c f1 73 3f b2 82 bb 23 00 5c c9 Sep 21 07:20:25.438664: | 33 1f 73 52 4f e6 3c d4 96 cf 61 54 40 8f ad 1e Sep 21 07:20:25.438666: | 96 20 9e 65 0c 8c ba e2 c8 fe 66 7f 00 b7 b8 17 Sep 21 07:20:25.438669: | 09 35 67 82 72 a0 82 d3 03 dc 97 67 c4 ef 4f ea Sep 21 07:20:25.438671: | 02 2d e5 f9 67 Sep 21 07:20:25.438684: | sent 2 fragments Sep 21 07:20:25.438688: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:20:25.438692: | event_schedule: new EVENT_RETRANSMIT-pe@0x5556cb5886c0 Sep 21 07:20:25.438696: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:20:25.438700: | libevent_malloc: new ptr-libevent@0x7f85b8006900 size 128 Sep 21 07:20:25.438706: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49071.806955 Sep 21 07:20:25.438710: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:20:25.438716: | #1 spent 1.49 milliseconds Sep 21 07:20:25.438719: | #1 spent 6.64 milliseconds in resume sending helper answer Sep 21 07:20:25.438724: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:20:25.438728: | libevent_free: release ptr-libevent@0x7f85b0006b90 Sep 21 07:20:25.533152: | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:20:25.533172: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:20:25.533176: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.533178: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:20:25.533180: | 84 0c 61 3e b5 1b 4f 2f 9a 23 a1 84 5b 56 66 2b Sep 21 07:20:25.533183: | 5f 1a 95 44 4f 06 d0 91 2b 8f 93 5f 9c 53 84 ff Sep 21 07:20:25.533185: | ee e5 48 02 be 67 98 af 31 75 dd 52 dd 43 61 71 Sep 21 07:20:25.533187: | f2 95 1f 78 3f 24 fd db 9d 16 80 95 b5 19 84 09 Sep 21 07:20:25.533189: | 28 f4 f3 48 0c 74 2e 7e af 79 2b 9d 41 72 c2 34 Sep 21 07:20:25.533192: | 86 62 8e e8 ff 26 73 0f db 71 10 79 ba 90 de 5c Sep 21 07:20:25.533194: | 7f a0 cb 94 54 ac 36 9e a2 45 79 ef c2 4f 04 09 Sep 21 07:20:25.533196: | a7 90 3e 90 d7 f6 fb bb e5 a2 f7 77 4f c4 e7 84 Sep 21 07:20:25.533198: | 8f 2a c1 b4 39 49 3e 4f 00 e4 a0 4c f9 13 16 11 Sep 21 07:20:25.533201: | 31 d6 22 15 a7 be 8a b6 7a 3a a8 02 cb 4a ce 56 Sep 21 07:20:25.533203: | e0 52 1e d3 8a 0e 12 4d 85 17 21 3b 3a 4e 6f 51 Sep 21 07:20:25.533205: | 2d 3e 65 70 8e d1 9c cc 21 ea b5 66 93 68 7f af Sep 21 07:20:25.533207: | 6b 50 58 a1 18 d4 3e 0a 96 3d bf de 54 fb 01 f3 Sep 21 07:20:25.533210: | a0 04 f7 65 18 bc f4 64 08 c8 b7 93 1d cc 83 4f Sep 21 07:20:25.533212: | 86 08 ad 6f 58 3b 8f a2 31 5a ba bc f6 93 81 65 Sep 21 07:20:25.533214: | b2 22 5a b9 9c da 6b be af 5e e9 ca 85 5e 21 6c Sep 21 07:20:25.533217: | 29 b2 12 cf d5 b1 17 1f 0d 0f 2e 32 27 12 4d 27 Sep 21 07:20:25.533219: | bb 67 3c f6 e9 52 bd 92 12 ff ab 45 ac 10 6b 9b Sep 21 07:20:25.533221: | 67 6b 00 3a f3 a4 70 85 45 bf 2a 81 d6 1f 73 20 Sep 21 07:20:25.533223: | 03 9c 7c 84 90 74 8c f3 f0 97 7c e6 f0 6d e9 06 Sep 21 07:20:25.533226: | ca 70 af 72 f5 b4 8a 08 21 f9 29 db c0 ce 19 f5 Sep 21 07:20:25.533228: | 70 e8 2b 62 f8 99 34 08 8b ff f4 bc 33 b4 22 eb Sep 21 07:20:25.533230: | 20 16 e6 95 66 e0 22 65 5c 10 da 6b 76 b2 9e 3d Sep 21 07:20:25.533232: | f6 09 74 3a 4c 7f 10 aa eb f3 1c d3 91 06 db 74 Sep 21 07:20:25.533234: | ae 0d a2 61 65 60 54 e3 23 a0 c4 24 9b d5 b0 a7 Sep 21 07:20:25.533239: | 4e 9d a9 Sep 21 07:20:25.533243: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:20:25.533247: | **parse ISAKMP Message: Sep 21 07:20:25.533249: | initiator cookie: Sep 21 07:20:25.533252: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.533254: | responder cookie: Sep 21 07:20:25.533256: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.533259: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:20:25.533261: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.533264: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:20:25.533266: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:20:25.533269: | Message ID: 1 (0x1) Sep 21 07:20:25.533272: | length: 435 (0x1b3) Sep 21 07:20:25.533275: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:20:25.533278: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:20:25.533282: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:20:25.533287: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:20:25.533290: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:20:25.533295: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:20:25.533299: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:20:25.533302: | #2 is idle Sep 21 07:20:25.533304: | #2 idle Sep 21 07:20:25.533306: | unpacking clear payload Sep 21 07:20:25.533308: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:20:25.533311: | ***parse IKEv2 Encryption Payload: Sep 21 07:20:25.533314: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:20:25.533316: | flags: none (0x0) Sep 21 07:20:25.533318: | length: 407 (0x197) Sep 21 07:20:25.533321: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:20:25.533324: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:20:25.533339: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:20:25.533342: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:20:25.533345: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:20:25.533347: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:20:25.533350: | flags: none (0x0) Sep 21 07:20:25.533352: | length: 12 (0xc) Sep 21 07:20:25.533354: | ID type: ID_FQDN (0x2) Sep 21 07:20:25.533357: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:20:25.533359: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:20:25.533362: | **parse IKEv2 Authentication Payload: Sep 21 07:20:25.533364: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:20:25.533366: | flags: none (0x0) Sep 21 07:20:25.533368: | length: 282 (0x11a) Sep 21 07:20:25.533371: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:20:25.533373: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:20:25.533375: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:20:25.533378: | **parse IKEv2 Security Association Payload: Sep 21 07:20:25.533380: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:20:25.533383: | flags: none (0x0) Sep 21 07:20:25.533385: | length: 36 (0x24) Sep 21 07:20:25.533387: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:20:25.533390: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:20:25.533392: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:20:25.533395: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:20:25.533397: | flags: none (0x0) Sep 21 07:20:25.533399: | length: 24 (0x18) Sep 21 07:20:25.533402: | number of TS: 1 (0x1) Sep 21 07:20:25.533404: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:20:25.533406: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:20:25.533411: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:20:25.533413: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.533415: | flags: none (0x0) Sep 21 07:20:25.533418: | length: 24 (0x18) Sep 21 07:20:25.533420: | number of TS: 1 (0x1) Sep 21 07:20:25.533422: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:20:25.533425: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:20:25.533427: | Now let's proceed with state specific processing Sep 21 07:20:25.533430: | calling processor Initiator: process IKE_AUTH response Sep 21 07:20:25.533435: | offered CA: '%none' Sep 21 07:20:25.533439: "westnet-eastnet-vti-01" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:20:25.533475: | verifying AUTH payload Sep 21 07:20:25.533490: | required RSA CA is '%any' Sep 21 07:20:25.533494: | checking RSA keyid '@east' for match with '@east' Sep 21 07:20:25.533497: | RSA key issuer CA is '%any' Sep 21 07:20:25.533560: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:20:25.533566: | #1 spent 0.064 milliseconds in try_all_keys() trying a pubkey Sep 21 07:20:25.533569: "westnet-eastnet-vti-01" #2: Authenticated using RSA Sep 21 07:20:25.533575: | #1 spent 0.095 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:20:25.533579: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:20:25.533583: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:20:25.533586: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:20:25.533589: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:25.533592: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5556cb582f90 Sep 21 07:20:25.533594: | event_schedule: new EVENT_SA_REKEY-pe@0x5556cb582f90 Sep 21 07:20:25.533598: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:20:25.533600: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:25.533745: | pstats #1 ikev2.ike established Sep 21 07:20:25.533753: | TSi: parsing 1 traffic selectors Sep 21 07:20:25.533757: | ***parse IKEv2 Traffic Selector: Sep 21 07:20:25.533760: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.533762: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.533765: | length: 16 (0x10) Sep 21 07:20:25.533768: | start port: 0 (0x0) Sep 21 07:20:25.533770: | end port: 65535 (0xffff) Sep 21 07:20:25.533773: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:20:25.533775: | TS low c0 00 01 00 Sep 21 07:20:25.533778: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:20:25.533780: | TS high c0 00 01 ff Sep 21 07:20:25.533794: | TSi: parsed 1 traffic selectors Sep 21 07:20:25.533800: | TSr: parsing 1 traffic selectors Sep 21 07:20:25.533803: | ***parse IKEv2 Traffic Selector: Sep 21 07:20:25.533805: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.533808: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.533810: | length: 16 (0x10) Sep 21 07:20:25.533812: | start port: 0 (0x0) Sep 21 07:20:25.533814: | end port: 65535 (0xffff) Sep 21 07:20:25.533817: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:20:25.533819: | TS low c0 00 02 00 Sep 21 07:20:25.533822: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:20:25.533824: | TS high c0 00 02 ff Sep 21 07:20:25.533827: | TSr: parsed 1 traffic selectors Sep 21 07:20:25.533834: | evaluating our conn="westnet-eastnet-vti-01" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:20:25.533839: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:20:25.533846: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:20:25.533850: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:20:25.533852: | TSi[0] port match: YES fitness 65536 Sep 21 07:20:25.533856: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:20:25.533859: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:20:25.533866: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:20:25.533872: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:20:25.533876: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:20:25.533878: | TSr[0] port match: YES fitness 65536 Sep 21 07:20:25.533881: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:20:25.533884: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:20:25.533886: | best fit so far: TSi[0] TSr[0] Sep 21 07:20:25.533889: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:20:25.533891: | printing contents struct traffic_selector Sep 21 07:20:25.533893: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:20:25.533896: | ipprotoid: 0 Sep 21 07:20:25.533898: | port range: 0-65535 Sep 21 07:20:25.533902: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:20:25.533904: | printing contents struct traffic_selector Sep 21 07:20:25.533907: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:20:25.533909: | ipprotoid: 0 Sep 21 07:20:25.533911: | port range: 0-65535 Sep 21 07:20:25.533915: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:20:25.533929: | using existing local ESP/AH proposals for westnet-eastnet-vti-01 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:20:25.533933: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:20:25.533938: | local proposal 1 type ENCR has 1 transforms Sep 21 07:20:25.533940: | local proposal 1 type PRF has 0 transforms Sep 21 07:20:25.533943: | local proposal 1 type INTEG has 1 transforms Sep 21 07:20:25.533946: | local proposal 1 type DH has 1 transforms Sep 21 07:20:25.533948: | local proposal 1 type ESN has 1 transforms Sep 21 07:20:25.533952: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:20:25.533954: | local proposal 2 type ENCR has 1 transforms Sep 21 07:20:25.533957: | local proposal 2 type PRF has 0 transforms Sep 21 07:20:25.533959: | local proposal 2 type INTEG has 1 transforms Sep 21 07:20:25.533962: | local proposal 2 type DH has 1 transforms Sep 21 07:20:25.533964: | local proposal 2 type ESN has 1 transforms Sep 21 07:20:25.533968: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:20:25.533970: | local proposal 3 type ENCR has 1 transforms Sep 21 07:20:25.533973: | local proposal 3 type PRF has 0 transforms Sep 21 07:20:25.533975: | local proposal 3 type INTEG has 2 transforms Sep 21 07:20:25.533978: | local proposal 3 type DH has 1 transforms Sep 21 07:20:25.533980: | local proposal 3 type ESN has 1 transforms Sep 21 07:20:25.533983: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:20:25.533986: | local proposal 4 type ENCR has 1 transforms Sep 21 07:20:25.533989: | local proposal 4 type PRF has 0 transforms Sep 21 07:20:25.533991: | local proposal 4 type INTEG has 2 transforms Sep 21 07:20:25.533994: | local proposal 4 type DH has 1 transforms Sep 21 07:20:25.533996: | local proposal 4 type ESN has 1 transforms Sep 21 07:20:25.533999: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:20:25.534002: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.534005: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:25.534007: | length: 32 (0x20) Sep 21 07:20:25.534010: | prop #: 1 (0x1) Sep 21 07:20:25.534012: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.534015: | spi size: 4 (0x4) Sep 21 07:20:25.534017: | # transforms: 2 (0x2) Sep 21 07:20:25.534020: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:20:25.534025: | remote SPI 91 f7 d2 9e Sep 21 07:20:25.534028: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:20:25.534032: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.534034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.534037: | length: 12 (0xc) Sep 21 07:20:25.534039: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.534042: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.534044: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.534047: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.534049: | length/value: 256 (0x100) Sep 21 07:20:25.534054: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:20:25.534057: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.534059: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.534061: | length: 8 (0x8) Sep 21 07:20:25.534063: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.534065: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.534069: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:20:25.534073: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:20:25.534077: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:20:25.534079: | remote proposal 1 matches local proposal 1 Sep 21 07:20:25.534082: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:20:25.534086: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=91f7d29e;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:20:25.534089: | converting proposal to internal trans attrs Sep 21 07:20:25.534096: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:20:25.534263: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:20:25.534268: | could_route called for westnet-eastnet-vti-01 (kind=CK_PERMANENT) Sep 21 07:20:25.534271: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:20:25.534274: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.534277: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.534279: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.534282: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.534289: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Sep 21 07:20:25.534292: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:20:25.534296: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:20:25.534299: | AES_GCM_16 requires 4 salt bytes Sep 21 07:20:25.534301: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:20:25.534305: | setting IPsec SA replay-window to 32 Sep 21 07:20:25.534309: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Sep 21 07:20:25.534312: | netlink: enabling tunnel mode Sep 21 07:20:25.534315: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:20:25.534318: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:20:25.534399: | netlink response for Add SA esp.91f7d29e@192.1.2.23 included non-error error Sep 21 07:20:25.534607: | set up outgoing SA, ref=0/0 Sep 21 07:20:25.534612: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:20:25.534615: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:20:25.534618: | AES_GCM_16 requires 4 salt bytes Sep 21 07:20:25.534621: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:20:25.534624: | setting IPsec SA replay-window to 32 Sep 21 07:20:25.534630: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Sep 21 07:20:25.534633: | netlink: enabling tunnel mode Sep 21 07:20:25.534635: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:20:25.534638: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:20:25.534742: | netlink response for Add SA esp.f260dfc@192.1.2.45 included non-error error Sep 21 07:20:25.534752: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:25.534760: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:20:25.534763: | IPsec Sa SPD priority set to 1042407 Sep 21 07:20:25.534936: | raw_eroute result=success Sep 21 07:20:25.534944: | set up incoming SA, ref=0/0 Sep 21 07:20:25.534947: | sr for #2: unrouted Sep 21 07:20:25.534950: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:20:25.534952: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:20:25.534956: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.534959: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.534962: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.534965: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.534969: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Sep 21 07:20:25.534972: | route_and_eroute with c: westnet-eastnet-vti-01 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:20:25.534976: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:25.534984: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:20:25.534987: | IPsec Sa SPD priority set to 1042407 Sep 21 07:20:25.535014: | raw_eroute result=success Sep 21 07:20:25.535050: | running updown command "ipsec _updown" for verb up Sep 21 07:20:25.535055: | command executing up-client Sep 21 07:20:25.535085: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CON Sep 21 07:20:25.535089: | popen cmd is 1128 chars long Sep 21 07:20:25.535092: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Sep 21 07:20:25.535095: | cmd( 80):-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Sep 21 07:20:25.535097: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0': Sep 21 07:20:25.535100: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' : Sep 21 07:20:25.535103: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Sep 21 07:20:25.535105: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIEN: Sep 21 07:20:25.535108: | cmd( 480):T_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Sep 21 07:20:25.535110: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Sep 21 07:20:25.535117: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Sep 21 07:20:25.535120: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Sep 21 07:20:25.535123: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Sep 21 07:20:25.535125: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Sep 21 07:20:25.535128: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Sep 21 07:20:25.535130: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x91f7d29e SPI_OUT=0xf260dfc ipsec _upd: Sep 21 07:20:25.535133: | cmd(1120):own 2>&1: Sep 21 07:20:25.571823: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.disable_policy = 1 Sep 21 07:20:25.575674: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.rp_filter = 0 Sep 21 07:20:25.593220: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.forwarding = 1 Sep 21 07:20:25.627561: "westnet-eastnet-vti-01" #2: up-client output: done ip route Sep 21 07:20:25.627874: | route_and_eroute: firewall_notified: true Sep 21 07:20:25.627883: | running updown command "ipsec _updown" for verb prepare Sep 21 07:20:25.627887: | command executing prepare-client Sep 21 07:20:25.627926: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xff Sep 21 07:20:25.627936: | popen cmd is 1133 chars long Sep 21 07:20:25.627939: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:20:25.627942: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:20:25.627944: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Sep 21 07:20:25.627947: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Sep 21 07:20:25.627949: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER: Sep 21 07:20:25.627952: | cmd( 400):='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_: Sep 21 07:20:25.627955: | cmd( 480):CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0: Sep 21 07:20:25.627957: | cmd( 560):' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0: Sep 21 07:20:25.627960: | cmd( 640):' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FR: Sep 21 07:20:25.627963: | cmd( 720):AG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Sep 21 07:20:25.627965: | cmd( 800):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: Sep 21 07:20:25.627968: | cmd( 880):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: Sep 21 07:20:25.627971: | cmd( 960):FIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipse: Sep 21 07:20:25.627973: | cmd(1040):c0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x91f7d29e SPI_OUT=0xf260dfc ipsec: Sep 21 07:20:25.627980: | cmd(1120): _updown 2>&1: Sep 21 07:20:25.646840: "westnet-eastnet-vti-01" #2: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Sep 21 07:20:25.646866: "westnet-eastnet-vti-01" #2: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Sep 21 07:20:25.646871: "westnet-eastnet-vti-01" #2: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Sep 21 07:20:25.647123: | running updown command "ipsec _updown" for verb route Sep 21 07:20:25.647131: | command executing route-client Sep 21 07:20:25.647165: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Sep 21 07:20:25.647170: | popen cmd is 1131 chars long Sep 21 07:20:25.647173: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:20:25.647175: | cmd( 80):vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Sep 21 07:20:25.647178: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1: Sep 21 07:20:25.647180: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT=': Sep 21 07:20:25.647183: | cmd( 320):0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER=': Sep 21 07:20:25.647185: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CL: Sep 21 07:20:25.647188: | cmd( 480):IENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' : Sep 21 07:20:25.647191: | cmd( 560):PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' : Sep 21 07:20:25.647193: | cmd( 640):PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG: Sep 21 07:20:25.647196: | cmd( 720):_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH: Sep 21 07:20:25.647198: | cmd( 800):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=: Sep 21 07:20:25.647201: | cmd( 880):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI: Sep 21 07:20:25.647206: | cmd( 960):GURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0: Sep 21 07:20:25.647209: | cmd(1040):' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x91f7d29e SPI_OUT=0xf260dfc ipsec _: Sep 21 07:20:25.647211: | cmd(1120):updown 2>&1: Sep 21 07:20:25.716821: "westnet-eastnet-vti-01" #2: route-client output: done ip route Sep 21 07:20:25.728998: | route_and_eroute: instance "westnet-eastnet-vti-01", setting eroute_owner {spd=0x5556cb57ea30,sr=0x5556cb57ea30} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:20:25.729317: | #1 spent 1.2 milliseconds in install_ipsec_sa() Sep 21 07:20:25.729325: | inR2: instance westnet-eastnet-vti-01[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:20:25.729329: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:20:25.729333: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:20:25.729342: | libevent_free: release ptr-libevent@0x7f85b8006900 Sep 21 07:20:25.729346: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5556cb5886c0 Sep 21 07:20:25.729352: | #2 spent 2 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:20:25.729360: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.729364: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:20:25.729367: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:20:25.729370: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:20:25.729374: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:20:25.729380: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:20:25.729385: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:25.729388: | pstats #2 ikev2.child established Sep 21 07:20:25.729396: "westnet-eastnet-vti-01" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:20:25.729407: | NAT-T: encaps is 'auto' Sep 21 07:20:25.729412: "westnet-eastnet-vti-01" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x91f7d29e <0x0f260dfc xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:20:25.729416: | releasing whack for #2 (sock=fd@23) Sep 21 07:20:25.729420: | close_any(fd@23) (in release_whack() at state.c:654) Sep 21 07:20:25.729423: | releasing whack and unpending for parent #1 Sep 21 07:20:25.729426: | unpending state #1 connection "westnet-eastnet-vti-01" Sep 21 07:20:25.729430: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-vti-01" Sep 21 07:20:25.729433: | removing pending policy for no connection {0x5556cb507ad0} Sep 21 07:20:25.729439: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:20:25.729444: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:20:25.729447: | event_schedule: new EVENT_SA_REKEY-pe@0x5556cb5886c0 Sep 21 07:20:25.729451: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:20:25.729454: | libevent_malloc: new ptr-libevent@0x7f85b8006900 size 128 Sep 21 07:20:25.729461: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:20:25.729466: | #1 spent 2.38 milliseconds in ikev2_process_packet() Sep 21 07:20:25.729471: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:20:25.729474: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:20:25.729477: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:20:25.729481: | spent 2.4 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:20:25.729490: | kernel_process_msg_cb process netlink message Sep 21 07:20:25.729496: | netlink_get: XFRM_MSG_NEWSA message Sep 21 07:20:25.729500: | netlink_get: XFRM_MSG_NEWSA message Sep 21 07:20:25.729504: | netlink_get: XFRM_MSG_DELPOLICY message Sep 21 07:20:25.729507: | xfrm netlink address change RTM_NEWADDR msg len 80 Sep 21 07:20:25.729511: | XFRM RTM_NEWADDR 192.0.1.254 IFA_LOCAL Sep 21 07:20:25.729514: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Sep 21 07:20:25.729519: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:20:25.729524: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:20:25.729529: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:20:25.729535: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:20:25.729538: | IKEv2 received address RTM_NEWADDR type 3 Sep 21 07:20:25.729541: | IKEv2 received address RTM_NEWADDR type 8 Sep 21 07:20:25.729543: | IKEv2 received address RTM_NEWADDR type 6 Sep 21 07:20:25.729547: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:25.729551: | netlink_get: XFRM_MSG_NEWSA message Sep 21 07:20:25.729555: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:25.729558: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:25.729561: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:25.729565: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:25.729569: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:25.729573: | spent 0.0793 milliseconds in kernel message Sep 21 07:20:25.729580: | processing signal PLUTO_SIGCHLD Sep 21 07:20:25.729585: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:25.729589: | spent 0.00486 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:25.729591: | processing signal PLUTO_SIGCHLD Sep 21 07:20:25.729595: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:25.729599: | spent 0.00367 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:25.729601: | processing signal PLUTO_SIGCHLD Sep 21 07:20:25.729604: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:25.729608: | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:25.806363: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:25.806385: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:20:25.806389: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:25.806394: | start processing: connection "westnet-eastnet-vti-02" (in initiate_a_connection() at initiate.c:186) Sep 21 07:20:25.806397: | connection 'westnet-eastnet-vti-02' +POLICY_UP Sep 21 07:20:25.806400: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:20:25.806403: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:20:25.806407: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:20:25.806412: | creating state object #3 at 0x5556cb584c80 Sep 21 07:20:25.806415: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:20:25.806421: | pstats #3 ikev2.child started Sep 21 07:20:25.806425: | duplicating state object #1 "westnet-eastnet-vti-01" as #3 for IPSEC SA Sep 21 07:20:25.806430: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:20:25.806437: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:20:25.806441: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:20:25.806445: | suspend processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:20:25.806450: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:20:25.806454: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:20:25.806458: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:20:25.806461: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals) Sep 21 07:20:25.806466: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:20:25.806472: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.806475: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:20:25.806479: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.806482: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:20:25.806489: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.806492: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:20:25.806496: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.806504: "westnet-eastnet-vti-02": constructed local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.806515: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:20:25.806519: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x5556cb58aa00 Sep 21 07:20:25.806522: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:20:25.806525: | libevent_malloc: new ptr-libevent@0x5556cb582da0 size 128 Sep 21 07:20:25.806529: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:20:25.806534: | RESET processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:20:25.806537: | RESET processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:20:25.806540: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:20:25.806544: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:20:25.806547: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:25.806552: | spent 0.197 milliseconds in whack Sep 21 07:20:25.806559: | timer_event_cb: processing event@0x5556cb58aa00 Sep 21 07:20:25.806561: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:20:25.806566: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:25.806570: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:20:25.806573: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb588940 Sep 21 07:20:25.806577: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:20:25.806579: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:25.806586: | libevent_free: release ptr-libevent@0x5556cb582da0 Sep 21 07:20:25.806589: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x5556cb58aa00 Sep 21 07:20:25.806591: | crypto helper 5 resuming Sep 21 07:20:25.806594: | #3 spent 0.0338 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:20:25.806603: | crypto helper 5 starting work-order 3 for state #3 Sep 21 07:20:25.806610: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:20:25.806613: | crypto helper 5 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:20:25.807636: | crypto helper 5 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.001021 seconds Sep 21 07:20:25.807649: | (#3) spent 0.939 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:20:25.807653: | crypto helper 5 sending results from work-order 3 for state #3 to event queue Sep 21 07:20:25.807656: | scheduling resume sending helper answer for #3 Sep 21 07:20:25.807660: | libevent_malloc: new ptr-libevent@0x7f85b4006900 size 128 Sep 21 07:20:25.807663: | libevent_realloc: release ptr-libevent@0x5556cb561780 Sep 21 07:20:25.807666: | libevent_realloc: new ptr-libevent@0x5556cb58c320 size 128 Sep 21 07:20:25.807674: | crypto helper 5 waiting (nothing to do) Sep 21 07:20:25.807688: | processing resume sending helper answer for #3 Sep 21 07:20:25.807694: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:20:25.807698: | crypto helper 5 replies to request ID 3 Sep 21 07:20:25.807700: | calling continuation function 0x5556ca2e7630 Sep 21 07:20:25.807704: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:20:25.807707: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:25.807710: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:25.807713: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb588940 Sep 21 07:20:25.807715: | event_schedule: new EVENT_SA_REPLACE-pe@0x5556cb588940 Sep 21 07:20:25.807719: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:20:25.807721: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:25.807726: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:25.807729: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:20:25.807731: | libevent_malloc: new ptr-libevent@0x5556cb582da0 size 128 Sep 21 07:20:25.807737: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.807741: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:20:25.807743: | suspending state #3 and saving MD Sep 21 07:20:25.807746: | #3 is busy; has a suspended MD Sep 21 07:20:25.807750: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:20:25.807754: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:20:25.807757: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:20:25.807762: | #3 spent 0.0629 milliseconds in resume sending helper answer Sep 21 07:20:25.807766: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:20:25.807769: | libevent_free: release ptr-libevent@0x7f85b4006900 Sep 21 07:20:25.807774: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:20:25.807778: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:20:25.807798: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:25.807805: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:20:25.807809: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:20:25.807817: | **emit ISAKMP Message: Sep 21 07:20:25.807821: | initiator cookie: Sep 21 07:20:25.807825: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.807828: | responder cookie: Sep 21 07:20:25.807830: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.807834: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:25.807838: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.807842: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:20:25.807846: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:25.807849: | Message ID: 2 (0x2) Sep 21 07:20:25.807853: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:25.807857: | ***emit IKEv2 Encryption Payload: Sep 21 07:20:25.807861: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.807863: | flags: none (0x0) Sep 21 07:20:25.807866: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:20:25.807871: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.807875: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:20:25.807894: | netlink_get_spi: allocated 0xa3211b80 for esp.0@192.1.2.45 Sep 21 07:20:25.807897: | Emitting ikev2_proposals ... Sep 21 07:20:25.807900: | ****emit IKEv2 Security Association Payload: Sep 21 07:20:25.807902: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.807905: | flags: none (0x0) Sep 21 07:20:25.807908: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:20:25.807910: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.807913: | discarding INTEG=NONE Sep 21 07:20:25.807915: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.807918: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.807920: | prop #: 1 (0x1) Sep 21 07:20:25.807922: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.807924: | spi size: 4 (0x4) Sep 21 07:20:25.807926: | # transforms: 3 (0x3) Sep 21 07:20:25.807929: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.807932: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.807935: | our spi a3 21 1b 80 Sep 21 07:20:25.807937: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.807939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.807942: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.807944: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.807947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.807950: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.807953: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.807955: | length/value: 256 (0x100) Sep 21 07:20:25.807958: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.807960: | discarding INTEG=NONE Sep 21 07:20:25.807962: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.807965: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.807967: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.807970: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.807973: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.807976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.807979: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.807981: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.807983: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.807986: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.807988: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.807991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.807994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.807996: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.807999: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:20:25.808001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.808006: | discarding INTEG=NONE Sep 21 07:20:25.808008: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.808010: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.808012: | prop #: 2 (0x2) Sep 21 07:20:25.808015: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.808017: | spi size: 4 (0x4) Sep 21 07:20:25.808020: | # transforms: 3 (0x3) Sep 21 07:20:25.808023: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.808026: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.808029: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.808031: | our spi a3 21 1b 80 Sep 21 07:20:25.808033: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808036: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808038: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.808041: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.808044: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808046: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.808049: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.808051: | length/value: 128 (0x80) Sep 21 07:20:25.808054: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.808056: | discarding INTEG=NONE Sep 21 07:20:25.808059: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808063: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.808066: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.808069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808074: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808077: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808079: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.808081: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.808084: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.808087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808092: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808095: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:20:25.808098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.808100: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.808103: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.808105: | prop #: 3 (0x3) Sep 21 07:20:25.808107: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.808110: | spi size: 4 (0x4) Sep 21 07:20:25.808112: | # transforms: 5 (0x5) Sep 21 07:20:25.808115: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.808118: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.808121: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.808123: | our spi a3 21 1b 80 Sep 21 07:20:25.808127: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808132: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.808135: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:25.808138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808141: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.808143: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.808146: | length/value: 256 (0x100) Sep 21 07:20:25.808148: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.808150: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808155: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.808157: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:25.808160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808165: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808167: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808170: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808172: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.808174: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:25.808177: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808180: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808182: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808185: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808187: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808189: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.808192: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.808195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808200: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808202: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808204: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.808207: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.808209: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.808211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808217: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808219: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:20:25.808221: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.808224: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.808226: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:25.808229: | prop #: 4 (0x4) Sep 21 07:20:25.808231: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.808234: | spi size: 4 (0x4) Sep 21 07:20:25.808237: | # transforms: 5 (0x5) Sep 21 07:20:25.808240: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:25.808243: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:25.808246: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:25.808248: | our spi a3 21 1b 80 Sep 21 07:20:25.808251: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808255: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.808258: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:25.808261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808263: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.808266: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.808268: | length/value: 128 (0x80) Sep 21 07:20:25.808271: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:25.808273: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808278: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.808280: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:25.808283: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808285: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808288: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808290: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808295: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:25.808297: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:25.808300: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808303: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808305: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808307: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808312: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.808314: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.808317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808322: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808324: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:25.808327: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.808329: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.808331: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.808334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.808337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:25.808339: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:25.808343: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:20:25.808345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:25.808348: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:20:25.808350: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:20:25.808353: | ****emit IKEv2 Nonce Payload: Sep 21 07:20:25.808355: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.808358: | flags: none (0x0) Sep 21 07:20:25.808361: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:20:25.808363: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.808366: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:20:25.808369: | IKEv2 nonce 55 80 3e b2 11 13 a2 a5 09 ad 92 04 2a 84 61 0e Sep 21 07:20:25.808371: | IKEv2 nonce 67 a4 68 6e cc 79 30 59 8b f5 eb 8d 20 f5 b9 c4 Sep 21 07:20:25.808374: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:20:25.808376: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:20:25.808379: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.808381: | flags: none (0x0) Sep 21 07:20:25.808383: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.808385: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:20:25.808388: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.808391: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:20:25.808393: | ikev2 g^x ff 2e e1 54 de 28 c1 e4 ff 11 3d 96 73 f7 d9 a7 Sep 21 07:20:25.808396: | ikev2 g^x 1c 0a cc 29 04 08 8e 28 b9 e5 4b c2 6b fb 14 90 Sep 21 07:20:25.808398: | ikev2 g^x bb 34 2c f8 b3 8f 19 a8 bd bd 97 e2 48 c4 97 91 Sep 21 07:20:25.808400: | ikev2 g^x cd a8 9d 97 25 d7 a2 9f 85 2b 17 00 e6 14 f2 ea Sep 21 07:20:25.808402: | ikev2 g^x f4 0b 99 c5 34 b4 1d db 7f 2c 61 d8 94 d3 ca 1a Sep 21 07:20:25.808404: | ikev2 g^x 86 30 87 dc 69 84 0b dd 4a 39 c8 ca 6a 63 02 d3 Sep 21 07:20:25.808407: | ikev2 g^x 52 a4 e3 12 a7 6d ad ea 16 84 59 fb 60 e3 fa d1 Sep 21 07:20:25.808409: | ikev2 g^x f9 37 dd 25 7b 68 f4 48 bc cf 99 6e f9 9c e0 be Sep 21 07:20:25.808411: | ikev2 g^x 96 b3 9a 62 91 4b b0 6e f9 8e 92 23 93 5b fb cb Sep 21 07:20:25.808413: | ikev2 g^x 96 36 f9 a6 b8 70 88 a0 0b 3d e1 0f ac 11 b6 c3 Sep 21 07:20:25.808415: | ikev2 g^x 1d fc af 2e 11 61 84 0e 5e 43 42 1e e9 0f b6 6b Sep 21 07:20:25.808417: | ikev2 g^x 08 34 05 5b 98 7d 86 83 66 0c aa d1 bb 3a 68 6c Sep 21 07:20:25.808420: | ikev2 g^x 66 c4 9e 67 28 a6 23 f7 cc 85 d5 9f b6 5c e6 13 Sep 21 07:20:25.808422: | ikev2 g^x ec 24 5f cf ad b7 8a eb d1 c4 3d 30 9e 64 c5 77 Sep 21 07:20:25.808424: | ikev2 g^x 74 f8 fa 0a b4 13 24 28 64 1c ea 66 3e 43 82 7e Sep 21 07:20:25.808427: | ikev2 g^x a6 c3 c4 2b 61 db c4 9e 95 02 61 47 bb 72 cd fd Sep 21 07:20:25.808429: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:20:25.808433: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:20:25.808435: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.808438: | flags: none (0x0) Sep 21 07:20:25.808440: | number of TS: 1 (0x1) Sep 21 07:20:25.808443: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:20:25.808446: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.808449: | *****emit IKEv2 Traffic Selector: Sep 21 07:20:25.808453: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.808455: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.808458: | start port: 0 (0x0) Sep 21 07:20:25.808460: | end port: 65535 (0xffff) Sep 21 07:20:25.808463: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:20:25.808465: | IP start 0a 00 01 00 Sep 21 07:20:25.808468: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:20:25.808470: | IP end 0a 00 01 ff Sep 21 07:20:25.808472: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:20:25.808475: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:20:25.808478: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:20:25.808480: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.808482: | flags: none (0x0) Sep 21 07:20:25.808485: | number of TS: 1 (0x1) Sep 21 07:20:25.808488: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:20:25.808491: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:20:25.808493: | *****emit IKEv2 Traffic Selector: Sep 21 07:20:25.808496: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.808498: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.808500: | start port: 0 (0x0) Sep 21 07:20:25.808503: | end port: 65535 (0xffff) Sep 21 07:20:25.808506: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:20:25.808508: | IP start 0a 00 02 00 Sep 21 07:20:25.808511: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:20:25.808513: | IP end 0a 00 02 ff Sep 21 07:20:25.808515: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:20:25.808518: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:20:25.808520: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:20:25.808523: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:25.808527: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:20:25.808530: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:20:25.808533: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:20:25.808535: | emitting length of ISAKMP Message: 601 Sep 21 07:20:25.808557: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.808562: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:20:25.808565: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:20:25.808568: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:20:25.808572: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:20:25.808575: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:20:25.808580: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:20:25.808584: "westnet-eastnet-vti-02" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:20:25.808597: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:20:25.808603: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:25.808606: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.808609: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:20:25.808611: | 42 bd f6 64 1f 72 b7 69 41 1f d6 ff ea c8 11 17 Sep 21 07:20:25.808613: | 23 85 9e e9 d9 c0 7a de 03 6f ba 10 e7 6c 07 a3 Sep 21 07:20:25.808615: | 45 ca 65 0d 8a e7 69 5c 84 8f 72 a2 48 81 96 30 Sep 21 07:20:25.808619: | ea e7 dc 3a 03 a3 27 35 91 bf 78 1d 4f ef 0c f5 Sep 21 07:20:25.808621: | b1 4d df 7c ac 46 19 be 74 c0 71 d9 46 26 8b 55 Sep 21 07:20:25.808623: | a3 60 2f ae 8c be c8 65 8d 72 fa 7e ec 5f ae 49 Sep 21 07:20:25.808625: | 90 cf 98 3a c8 45 f4 4e 71 b7 92 70 03 88 7d 13 Sep 21 07:20:25.808626: | 1f 10 81 34 13 fa af 20 d3 03 ec 0e cf fd fe 36 Sep 21 07:20:25.808628: | 9a e7 35 c8 4e f6 20 fa c6 c5 a2 11 72 7a 04 a4 Sep 21 07:20:25.808630: | 7c c0 d9 dc d3 d2 ae 95 bf 49 42 88 35 11 5f 11 Sep 21 07:20:25.808632: | 13 e6 32 ac b7 52 c6 61 41 72 ad 18 eb 2c 81 34 Sep 21 07:20:25.808634: | 77 36 6f 0e 96 bf bd c4 ed 1f d6 4d 6a 7b dd dc Sep 21 07:20:25.808636: | a3 aa 77 ff 62 d9 e5 8c b4 f9 d6 0e 40 8e 9f 84 Sep 21 07:20:25.808638: | 61 fd 88 bb 54 50 b1 48 b6 df dd ac 07 c1 02 2a Sep 21 07:20:25.808640: | 15 93 48 11 0b f5 38 0f d9 38 d6 c4 17 ac 50 68 Sep 21 07:20:25.808642: | 23 71 ca 52 d1 aa fc db e4 2e d8 99 4e 0c bf aa Sep 21 07:20:25.808644: | e9 22 ac f5 1f f7 23 ab 54 a5 6a 3a 89 2b 5d 4d Sep 21 07:20:25.808645: | 82 05 2e d9 07 09 f6 a9 e5 cd ed 9f 4c 80 82 8d Sep 21 07:20:25.808647: | e2 5e 36 ac 37 21 ec ae bc 7e 51 13 be 7b 49 02 Sep 21 07:20:25.808650: | b9 5b 53 5f fb 00 1a 1c d4 a1 ad e1 ac 5d 52 5d Sep 21 07:20:25.808652: | 24 7f 9e c3 39 e6 e0 ef 73 5f 72 ee df 8e f6 87 Sep 21 07:20:25.808653: | e3 ef ec 97 03 24 d6 1d ed 84 45 e9 bf 15 09 fb Sep 21 07:20:25.808655: | 90 4d 4d 73 ee d8 7f 03 67 bf de cb ca de b5 ec Sep 21 07:20:25.808657: | d2 87 72 35 53 f1 ca 9b 9d 61 a7 15 b6 df 81 ae Sep 21 07:20:25.808659: | 77 95 1f 22 87 af 0d 94 57 a3 86 3c 98 b1 f0 80 Sep 21 07:20:25.808661: | ad e1 79 5b c8 8f aa 0b 49 76 10 e3 45 0f a7 b3 Sep 21 07:20:25.808663: | 7c d5 62 4e 26 31 ca 91 39 0d 82 51 b2 a0 0f e1 Sep 21 07:20:25.808665: | 08 36 28 45 8b fb 7f 9c 40 63 5e e3 e5 91 75 84 Sep 21 07:20:25.808667: | a9 fe a3 d7 23 a0 59 db ca 3f 0b 83 b7 10 b6 92 Sep 21 07:20:25.808669: | 18 c1 04 6c a1 6e 18 9c 96 93 69 7c bd 32 5b 0c Sep 21 07:20:25.808671: | 3a c7 12 19 49 9f a7 75 f7 91 fd 0c 4a 79 0d ed Sep 21 07:20:25.808673: | 1d ef e2 70 63 43 f3 36 1e 1d 05 33 95 12 b0 a2 Sep 21 07:20:25.808675: | ac 73 b6 75 1d 6c 26 31 1a da 7c f0 59 12 eb d7 Sep 21 07:20:25.808677: | 9f 56 80 f9 5d 4e 35 04 72 34 96 e4 24 55 82 7c Sep 21 07:20:25.808679: | ce d4 bb 44 b7 99 c8 e4 7c 5d 83 f1 8b f4 57 7f Sep 21 07:20:25.808681: | 8a fb bd e7 df fb bc 50 eb Sep 21 07:20:25.808728: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:20:25.808734: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:25.808736: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5556cb588940 Sep 21 07:20:25.808739: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:20:25.808742: | event_schedule: new EVENT_RETRANSMIT-pe@0x5556cb588940 Sep 21 07:20:25.808746: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:20:25.808748: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:25.808754: | #3 STATE_V2_CREATE_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49072.177006 Sep 21 07:20:25.808759: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:20:25.808763: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:20:25.808769: | #1 spent 0.95 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:20:25.808774: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:20:25.808777: | libevent_free: release ptr-libevent@0x5556cb582da0 Sep 21 07:20:25.945676: | spent 0.00345 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:20:25.945703: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:20:25.945707: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.945710: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:20:25.945712: | 0c 63 2a 40 4a c8 e0 f9 71 a8 61 e3 23 49 2b 48 Sep 21 07:20:25.945714: | 01 52 eb 6e 71 94 19 2b c4 88 05 cd 37 31 c2 73 Sep 21 07:20:25.945716: | a3 a6 75 59 49 0c 95 40 df d8 e6 bf 58 8c 1c 6c Sep 21 07:20:25.945718: | ae 30 5b ac 64 c6 b9 cf 1a 7d f1 55 8b 59 dd aa Sep 21 07:20:25.945720: | 86 fc f2 b7 dd c6 cb 4b 73 b0 08 12 2b 3e 47 58 Sep 21 07:20:25.945722: | 3c db 7a db 27 f2 7d 9f 39 d9 85 f3 f4 4a d7 68 Sep 21 07:20:25.945725: | da 1e 79 f5 9e 06 19 d2 5b ad f0 e9 cc 90 b3 bc Sep 21 07:20:25.945727: | cd 03 89 2d cc c9 a9 d8 97 0a 6f a9 e4 4b 4b df Sep 21 07:20:25.945729: | 24 8a 17 f5 51 d2 cb 60 8c 4e 25 c8 9d 38 57 89 Sep 21 07:20:25.945732: | ba df 23 48 2f 43 de 11 90 f3 1c 28 bb ac 46 c9 Sep 21 07:20:25.945734: | ec 22 76 02 48 85 5e 60 f7 bc bb 31 b2 89 e9 a2 Sep 21 07:20:25.945736: | fc cc 80 b0 97 4e b6 13 9c 25 aa e0 d9 b8 75 41 Sep 21 07:20:25.945738: | b7 2c 07 e9 17 e9 ac b6 2c ba 8b ab 16 5c 8e 53 Sep 21 07:20:25.945741: | 4f 72 57 19 42 fc f9 6b 66 30 fb a1 cf 4e 91 f7 Sep 21 07:20:25.945743: | 20 78 72 07 8f ac 44 9b 5e 72 fd 55 10 3d 4a 57 Sep 21 07:20:25.945746: | ef 5e ad 58 6b e1 71 2f 5a 34 e6 54 70 1e 3d c6 Sep 21 07:20:25.945748: | 12 2a 33 88 91 a7 57 05 a3 49 58 bb 60 46 6c 78 Sep 21 07:20:25.945750: | 11 89 87 9b 42 f6 15 5d de 50 4a 32 a2 fd 4d 32 Sep 21 07:20:25.945752: | ac df 64 ab ab 3d 81 c5 3c 0a 71 d2 0e 6c 87 e2 Sep 21 07:20:25.945755: | 15 57 11 6c 0b ba 3d c8 ce 66 b3 aa ad 91 bb 2e Sep 21 07:20:25.945757: | 9c 85 fe 13 39 c6 a7 2e f3 27 7b 70 f8 e0 47 96 Sep 21 07:20:25.945759: | fc 3a ce 0a cc 51 b4 ba 70 58 f4 a5 d5 bb fb 86 Sep 21 07:20:25.945761: | 6b f4 22 c5 5a 53 bd 7b b1 ff e0 5c 11 8f 54 74 Sep 21 07:20:25.945764: | 63 ee 1f 92 d4 f1 0f c5 d5 c2 f2 ec de 23 05 f2 Sep 21 07:20:25.945766: | ad d3 66 48 be 32 7b c5 3d 16 fd d3 78 d6 56 17 Sep 21 07:20:25.945768: | af 48 a0 84 a7 6a d2 6e 4a 2a 63 ae aa 79 10 05 Sep 21 07:20:25.945771: | 8c Sep 21 07:20:25.945776: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:20:25.945780: | **parse ISAKMP Message: Sep 21 07:20:25.945787: | initiator cookie: Sep 21 07:20:25.945792: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:25.945794: | responder cookie: Sep 21 07:20:25.945797: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:25.945800: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:20:25.945802: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:25.945805: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:20:25.945808: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:20:25.945810: | Message ID: 2 (0x2) Sep 21 07:20:25.945813: | length: 449 (0x1c1) Sep 21 07:20:25.945816: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:20:25.945819: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:20:25.945823: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:20:25.945830: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:20:25.945834: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:20:25.945838: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:20:25.945843: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:20:25.945846: | #3 is idle Sep 21 07:20:25.945848: | #3 idle Sep 21 07:20:25.945850: | unpacking clear payload Sep 21 07:20:25.945853: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:20:25.945858: | ***parse IKEv2 Encryption Payload: Sep 21 07:20:25.945861: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:20:25.945863: | flags: none (0x0) Sep 21 07:20:25.945865: | length: 421 (0x1a5) Sep 21 07:20:25.945868: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:20:25.945871: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:20:25.945887: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:20:25.945890: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:20:25.945893: | **parse IKEv2 Security Association Payload: Sep 21 07:20:25.945895: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:20:25.945897: | flags: none (0x0) Sep 21 07:20:25.945900: | length: 44 (0x2c) Sep 21 07:20:25.945902: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:20:25.945905: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:20:25.945907: | **parse IKEv2 Nonce Payload: Sep 21 07:20:25.945909: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:20:25.945912: | flags: none (0x0) Sep 21 07:20:25.945914: | length: 36 (0x24) Sep 21 07:20:25.945916: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:20:25.945918: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:20:25.945922: | **parse IKEv2 Key Exchange Payload: Sep 21 07:20:25.945924: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:20:25.945926: | flags: none (0x0) Sep 21 07:20:25.945928: | length: 264 (0x108) Sep 21 07:20:25.945931: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.945933: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:20:25.945935: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:20:25.945938: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:20:25.945940: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:20:25.945943: | flags: none (0x0) Sep 21 07:20:25.945945: | length: 24 (0x18) Sep 21 07:20:25.945947: | number of TS: 1 (0x1) Sep 21 07:20:25.945950: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:20:25.945952: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:20:25.945954: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:20:25.945956: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:25.945959: | flags: none (0x0) Sep 21 07:20:25.945961: | length: 24 (0x18) Sep 21 07:20:25.945963: | number of TS: 1 (0x1) Sep 21 07:20:25.945965: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:20:25.945968: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:20:25.945974: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:20:25.945977: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:20:25.945979: | Now let's proceed with state specific processing Sep 21 07:20:25.945981: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:20:25.945995: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.945999: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:20:25.946002: | local proposal 1 type ENCR has 1 transforms Sep 21 07:20:25.946005: | local proposal 1 type PRF has 0 transforms Sep 21 07:20:25.946008: | local proposal 1 type INTEG has 1 transforms Sep 21 07:20:25.946010: | local proposal 1 type DH has 1 transforms Sep 21 07:20:25.946012: | local proposal 1 type ESN has 1 transforms Sep 21 07:20:25.946015: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:20:25.946020: | local proposal 2 type ENCR has 1 transforms Sep 21 07:20:25.946022: | local proposal 2 type PRF has 0 transforms Sep 21 07:20:25.946024: | local proposal 2 type INTEG has 1 transforms Sep 21 07:20:25.946027: | local proposal 2 type DH has 1 transforms Sep 21 07:20:25.946029: | local proposal 2 type ESN has 1 transforms Sep 21 07:20:25.946032: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:20:25.946034: | local proposal 3 type ENCR has 1 transforms Sep 21 07:20:25.946037: | local proposal 3 type PRF has 0 transforms Sep 21 07:20:25.946039: | local proposal 3 type INTEG has 2 transforms Sep 21 07:20:25.946041: | local proposal 3 type DH has 1 transforms Sep 21 07:20:25.946043: | local proposal 3 type ESN has 1 transforms Sep 21 07:20:25.946046: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:20:25.946049: | local proposal 4 type ENCR has 1 transforms Sep 21 07:20:25.946051: | local proposal 4 type PRF has 0 transforms Sep 21 07:20:25.946053: | local proposal 4 type INTEG has 2 transforms Sep 21 07:20:25.946056: | local proposal 4 type DH has 1 transforms Sep 21 07:20:25.946058: | local proposal 4 type ESN has 1 transforms Sep 21 07:20:25.946061: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:20:25.946064: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:20:25.946066: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:25.946069: | length: 40 (0x28) Sep 21 07:20:25.946071: | prop #: 1 (0x1) Sep 21 07:20:25.946073: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:25.946075: | spi size: 4 (0x4) Sep 21 07:20:25.946077: | # transforms: 3 (0x3) Sep 21 07:20:25.946081: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:20:25.946083: | remote SPI 12 8d c9 99 Sep 21 07:20:25.946087: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:20:25.946090: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.946092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.946094: | length: 12 (0xc) Sep 21 07:20:25.946097: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:25.946099: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:25.946102: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:20:25.946105: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:25.946107: | length/value: 256 (0x100) Sep 21 07:20:25.946111: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:20:25.946114: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.946116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:25.946119: | length: 8 (0x8) Sep 21 07:20:25.946121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:25.946123: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:25.946127: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:20:25.946129: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:20:25.946132: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:25.946134: | length: 8 (0x8) Sep 21 07:20:25.946137: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:25.946139: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:25.946143: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:20:25.946147: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:20:25.946151: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:20:25.946154: | remote proposal 1 matches local proposal 1 Sep 21 07:20:25.946157: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:20:25.946162: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=128dc999;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:20:25.946168: | converting proposal to internal trans attrs Sep 21 07:20:25.946174: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:20:25.946182: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:20:25.946185: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:20:25.946188: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:20:25.946192: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:25.946195: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5556cb588940 Sep 21 07:20:25.946198: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb588940 Sep 21 07:20:25.946202: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:20:25.946205: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:25.946217: | #3 spent 0.231 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:20:25.946224: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:25.946228: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:20:25.946231: | suspending state #3 and saving MD Sep 21 07:20:25.946233: | #3 is busy; has a suspended MD Sep 21 07:20:25.946238: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:20:25.946242: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:20:25.946247: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:20:25.946251: | #1 spent 0.555 milliseconds in ikev2_process_packet() Sep 21 07:20:25.946255: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:20:25.946258: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:20:25.946261: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:20:25.946265: | spent 0.57 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:20:25.946276: | crypto helper 6 resuming Sep 21 07:20:25.946280: | crypto helper 6 starting work-order 4 for state #3 Sep 21 07:20:25.946285: | crypto helper 6 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:20:25.947243: | crypto helper 6 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000957 seconds Sep 21 07:20:25.947256: | (#3) spent 0.946 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:20:25.947259: | crypto helper 6 sending results from work-order 4 for state #3 to event queue Sep 21 07:20:25.947262: | scheduling resume sending helper answer for #3 Sep 21 07:20:25.947265: | libevent_malloc: new ptr-libevent@0x7f85a8001ef0 size 128 Sep 21 07:20:25.947273: | crypto helper 6 waiting (nothing to do) Sep 21 07:20:25.947283: | processing resume sending helper answer for #3 Sep 21 07:20:25.947288: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:20:25.947292: | crypto helper 6 replies to request ID 4 Sep 21 07:20:25.947294: | calling continuation function 0x5556ca2e84f0 Sep 21 07:20:25.947298: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:20:25.947301: | TSi: parsing 1 traffic selectors Sep 21 07:20:25.947303: | ***parse IKEv2 Traffic Selector: Sep 21 07:20:25.947306: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.947308: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.947311: | length: 16 (0x10) Sep 21 07:20:25.947313: | start port: 0 (0x0) Sep 21 07:20:25.947315: | end port: 65535 (0xffff) Sep 21 07:20:25.947318: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:20:25.947323: | TS low 0a 00 01 00 Sep 21 07:20:25.947325: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:20:25.947328: | TS high 0a 00 01 ff Sep 21 07:20:25.947330: | TSi: parsed 1 traffic selectors Sep 21 07:20:25.947332: | TSr: parsing 1 traffic selectors Sep 21 07:20:25.947335: | ***parse IKEv2 Traffic Selector: Sep 21 07:20:25.947337: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:20:25.947339: | IP Protocol ID: 0 (0x0) Sep 21 07:20:25.947342: | length: 16 (0x10) Sep 21 07:20:25.947344: | start port: 0 (0x0) Sep 21 07:20:25.947346: | end port: 65535 (0xffff) Sep 21 07:20:25.947349: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:20:25.947351: | TS low 0a 00 02 00 Sep 21 07:20:25.947353: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:20:25.947355: | TS high 0a 00 02 ff Sep 21 07:20:25.947358: | TSr: parsed 1 traffic selectors Sep 21 07:20:25.947364: | evaluating our conn="westnet-eastnet-vti-02" I=10.0.1.0/24:0:0/0 R=10.0.2.0/24:0:0/0 to their: Sep 21 07:20:25.947369: | TSi[0] .net=10.0.1.0-10.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:20:25.947376: | match address end->client=10.0.1.0/24 == TSi[0]net=10.0.1.0-10.0.1.255: YES fitness 32 Sep 21 07:20:25.947379: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:20:25.947381: | TSi[0] port match: YES fitness 65536 Sep 21 07:20:25.947384: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:20:25.947387: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:20:25.947392: | TSr[0] .net=10.0.2.0-10.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:20:25.947397: | match address end->client=10.0.2.0/24 == TSr[0]net=10.0.2.0-10.0.2.255: YES fitness 32 Sep 21 07:20:25.947400: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:20:25.947403: | TSr[0] port match: YES fitness 65536 Sep 21 07:20:25.947405: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:20:25.947408: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:20:25.947410: | best fit so far: TSi[0] TSr[0] Sep 21 07:20:25.947413: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:20:25.947415: | printing contents struct traffic_selector Sep 21 07:20:25.947417: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:20:25.947419: | ipprotoid: 0 Sep 21 07:20:25.947421: | port range: 0-65535 Sep 21 07:20:25.947425: | ip range: 10.0.1.0-10.0.1.255 Sep 21 07:20:25.947428: | printing contents struct traffic_selector Sep 21 07:20:25.947430: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:20:25.947432: | ipprotoid: 0 Sep 21 07:20:25.947434: | port range: 0-65535 Sep 21 07:20:25.947438: | ip range: 10.0.2.0-10.0.2.255 Sep 21 07:20:25.947442: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:20:25.947615: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:20:25.947619: | could_route called for westnet-eastnet-vti-02 (kind=CK_PERMANENT) Sep 21 07:20:25.947622: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:20:25.947625: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.947627: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.947630: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.947633: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.947636: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Sep 21 07:20:25.947640: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:20:25.947644: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:20:25.947646: | AES_GCM_16 requires 4 salt bytes Sep 21 07:20:25.947649: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:20:25.947653: | setting IPsec SA replay-window to 32 Sep 21 07:20:25.947658: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Sep 21 07:20:25.947661: | netlink: enabling tunnel mode Sep 21 07:20:25.947664: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:20:25.947666: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:20:25.947878: | netlink response for Add SA esp.128dc999@192.1.2.23 included non-error error Sep 21 07:20:25.947887: | set up outgoing SA, ref=0/0 Sep 21 07:20:25.947890: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:20:25.947893: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:20:25.947896: | AES_GCM_16 requires 4 salt bytes Sep 21 07:20:25.947899: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:20:25.947903: | setting IPsec SA replay-window to 32 Sep 21 07:20:25.947906: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Sep 21 07:20:25.947908: | netlink: enabling tunnel mode Sep 21 07:20:25.947911: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:20:25.947914: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:20:25.948081: | netlink response for Add SA esp.a3211b80@192.1.2.45 included non-error error Sep 21 07:20:25.948088: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:25.948095: | add inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:20:25.948098: | IPsec Sa SPD priority set to 1042407 Sep 21 07:20:25.948351: | raw_eroute result=success Sep 21 07:20:25.948357: | set up incoming SA, ref=0/0 Sep 21 07:20:25.948359: | sr for #3: unrouted Sep 21 07:20:25.948362: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:20:25.948365: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:20:25.948368: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.948371: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.948374: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:25.948377: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:25.948381: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Sep 21 07:20:25.948384: | route_and_eroute with c: westnet-eastnet-vti-02 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:20:25.948388: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:25.948395: | eroute_connection add eroute 10.0.1.0/24:0 --0-> 10.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:20:25.948398: | IPsec Sa SPD priority set to 1042407 Sep 21 07:20:25.948519: | raw_eroute result=success Sep 21 07:20:25.948525: | running updown command "ipsec _updown" for verb up Sep 21 07:20:25.948528: | command executing up-client Sep 21 07:20:25.948558: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK Sep 21 07:20:25.948561: | popen cmd is 1124 chars long Sep 21 07:20:25.948569: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Sep 21 07:20:25.948572: | cmd( 80):-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Sep 21 07:20:25.948575: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' P: Sep 21 07:20:25.948578: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLU: Sep 21 07:20:25.948580: | cmd( 320):TO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.: Sep 21 07:20:25.948583: | cmd( 400):2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NE: Sep 21 07:20:25.948586: | cmd( 480):T='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Sep 21 07:20:25.948588: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Sep 21 07:20:25.948591: | cmd( 640):NN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: Sep 21 07:20:25.948593: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:20:25.948596: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:20:25.948598: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:20:25.948601: | cmd( 960):' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI_RO: Sep 21 07:20:25.948604: | cmd(1040):UTING='yes' VTI_SHARED='yes' SPI_IN=0x128dc999 SPI_OUT=0xa3211b80 ipsec _updown : Sep 21 07:20:25.948606: | cmd(1120):2>&1: Sep 21 07:20:25.974549: "westnet-eastnet-vti-02" #3: up-client output: vti interface "ipsec0" already exists with conflicting setting Sep 21 07:20:25.974574: "westnet-eastnet-vti-02" #3: up-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Sep 21 07:20:25.974579: "westnet-eastnet-vti-02" #3: up-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Sep 21 07:20:25.983973: "westnet-eastnet-vti-02" #3: up-client output: done ip route Sep 21 07:20:25.984172: | route_and_eroute: firewall_notified: true Sep 21 07:20:25.984179: | running updown command "ipsec _updown" for verb prepare Sep 21 07:20:25.984182: | command executing prepare-client Sep 21 07:20:25.984216: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xfffffff Sep 21 07:20:25.984219: | popen cmd is 1129 chars long Sep 21 07:20:25.984222: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:20:25.984225: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:20:25.984228: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Sep 21 07:20:25.984230: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Sep 21 07:20:25.984233: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Sep 21 07:20:25.984239: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIE: Sep 21 07:20:25.984242: | cmd( 480):NT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Sep 21 07:20:25.984244: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Sep 21 07:20:25.984246: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Sep 21 07:20:25.984249: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Sep 21 07:20:25.984251: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Sep 21 07:20:25.984254: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Sep 21 07:20:25.984256: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Sep 21 07:20:25.984259: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x128dc999 SPI_OUT=0xa3211b80 ipsec _up: Sep 21 07:20:25.984261: | cmd(1120):down 2>&1: Sep 21 07:20:26.007771: "westnet-eastnet-vti-02" #3: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Sep 21 07:20:26.008045: "westnet-eastnet-vti-02" #3: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Sep 21 07:20:26.008086: "westnet-eastnet-vti-02" #3: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Sep 21 07:20:26.011868: | running updown command "ipsec _updown" for verb route Sep 21 07:20:26.011882: | command executing route-client Sep 21 07:20:26.011917: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CO Sep 21 07:20:26.011921: | popen cmd is 1127 chars long Sep 21 07:20:26.011924: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:20:26.011927: | cmd( 80):vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Sep 21 07:20:26.011929: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0: Sep 21 07:20:26.011932: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' : Sep 21 07:20:26.011934: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Sep 21 07:20:26.011937: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT: Sep 21 07:20:26.011939: | cmd( 480):_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO: Sep 21 07:20:26.011942: | cmd( 560):_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO: Sep 21 07:20:26.011944: | cmd( 640):_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLO: Sep 21 07:20:26.011947: | cmd( 720):W+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Sep 21 07:20:26.011949: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Sep 21 07:20:26.011956: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Sep 21 07:20:26.011958: | cmd( 960):='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI: Sep 21 07:20:26.011961: | cmd(1040):_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x128dc999 SPI_OUT=0xa3211b80 ipsec _updo: Sep 21 07:20:26.011963: | cmd(1120):wn 2>&1: Sep 21 07:20:26.077489: "westnet-eastnet-vti-02" #3: route-client output: RTNETLINK answers: File exists Sep 21 07:20:26.083629: "westnet-eastnet-vti-02" #3: route-client output: done ip route Sep 21 07:20:26.092735: | route_and_eroute: instance "westnet-eastnet-vti-02", setting eroute_owner {spd=0x5556cb57f9c0,sr=0x5556cb57f9c0} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:20:26.092821: | #1 spent 1.23 milliseconds in install_ipsec_sa() Sep 21 07:20:26.092830: | inR2: instance westnet-eastnet-vti-02[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:20:26.092834: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:26.092838: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:26.092842: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb588940 Sep 21 07:20:26.092849: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:26.092853: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:20:26.092857: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:20:26.092860: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:20:26.092863: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:20:26.092869: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:20:26.092874: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:26.092877: | pstats #3 ikev2.child established Sep 21 07:20:26.092885: "westnet-eastnet-vti-02" #3: negotiated connection [10.0.1.0-10.0.1.255:0-65535 0] -> [10.0.2.0-10.0.2.255:0-65535 0] Sep 21 07:20:26.092895: | NAT-T: encaps is 'auto' Sep 21 07:20:26.092900: "westnet-eastnet-vti-02" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x128dc999 <0xa3211b80 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:20:26.092905: | releasing whack for #3 (sock=fd@22) Sep 21 07:20:26.092911: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:20:26.092914: | releasing whack and unpending for parent #1 Sep 21 07:20:26.092917: | unpending state #1 connection "westnet-eastnet-vti-02" Sep 21 07:20:26.092921: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:20:26.092924: | event_schedule: new EVENT_SA_REKEY-pe@0x5556cb588940 Sep 21 07:20:26.092928: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:20:26.092931: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:26.092938: | #3 spent 1.67 milliseconds in resume sending helper answer Sep 21 07:20:26.092943: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:20:26.092946: | libevent_free: release ptr-libevent@0x7f85a8001ef0 Sep 21 07:20:26.092954: | kernel_process_msg_cb process netlink message Sep 21 07:20:26.092960: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:20:26.092965: | spent 0.00672 milliseconds in kernel message Sep 21 07:20:26.092971: | processing signal PLUTO_SIGCHLD Sep 21 07:20:26.092976: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:26.092979: | spent 0.00501 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:26.092982: | processing signal PLUTO_SIGCHLD Sep 21 07:20:26.092988: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:26.092991: | spent 0.00342 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:26.092994: | processing signal PLUTO_SIGCHLD Sep 21 07:20:26.092997: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:26.093001: | spent 0.0035 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:29.475279: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:29.475305: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:20:29.475312: | FOR_EACH_STATE_... in sort_states Sep 21 07:20:29.475323: | get_sa_info esp.f260dfc@192.1.2.45 Sep 21 07:20:29.475346: | get_sa_info esp.91f7d29e@192.1.2.23 Sep 21 07:20:29.475368: | get_sa_info esp.a3211b80@192.1.2.45 Sep 21 07:20:29.475377: | get_sa_info esp.128dc999@192.1.2.23 Sep 21 07:20:29.475394: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:29.475401: | spent 0.131 milliseconds in whack Sep 21 07:20:30.612811: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:30.613018: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:20:30.613024: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:20:30.613133: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:20:30.613138: | FOR_EACH_STATE_... in sort_states Sep 21 07:20:30.613154: | get_sa_info esp.f260dfc@192.1.2.45 Sep 21 07:20:30.613173: | get_sa_info esp.91f7d29e@192.1.2.23 Sep 21 07:20:30.613191: | get_sa_info esp.a3211b80@192.1.2.45 Sep 21 07:20:30.613201: | get_sa_info esp.128dc999@192.1.2.23 Sep 21 07:20:30.613227: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:20:30.613235: | spent 0.433 milliseconds in whack Sep 21 07:20:31.013992: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:20:31.014013: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:20:31.014017: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.014019: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:20:31.014021: | 04 2c 85 cd 3c 9b 6d 67 13 04 da 87 ab 59 65 fb Sep 21 07:20:31.014024: | 28 65 10 45 fe 87 ba f5 c7 fe b6 e7 a6 4c 3b 1d Sep 21 07:20:31.014025: | 7f 7a 1e ae 12 Sep 21 07:20:31.014030: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:20:31.014034: | **parse ISAKMP Message: Sep 21 07:20:31.014036: | initiator cookie: Sep 21 07:20:31.014038: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.014040: | responder cookie: Sep 21 07:20:31.014042: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.014045: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:20:31.014048: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.014050: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:20:31.014053: | flags: none (0x0) Sep 21 07:20:31.014058: | Message ID: 0 (0x0) Sep 21 07:20:31.014062: | length: 69 (0x45) Sep 21 07:20:31.014065: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:20:31.014069: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:20:31.014074: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:20:31.014081: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:20:31.014085: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:20:31.014091: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:20:31.014095: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:20:31.014100: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:20:31.014105: | unpacking clear payload Sep 21 07:20:31.014108: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:20:31.014111: | ***parse IKEv2 Encryption Payload: Sep 21 07:20:31.014114: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:20:31.014117: | flags: none (0x0) Sep 21 07:20:31.014119: | length: 41 (0x29) Sep 21 07:20:31.014122: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:20:31.014127: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:20:31.014130: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:20:31.014146: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:20:31.014150: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:20:31.014153: | **parse IKEv2 Delete Payload: Sep 21 07:20:31.014156: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.014158: | flags: none (0x0) Sep 21 07:20:31.014161: | length: 12 (0xc) Sep 21 07:20:31.014164: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:20:31.014167: | SPI size: 4 (0x4) Sep 21 07:20:31.014170: | number of SPIs: 1 (0x1) Sep 21 07:20:31.014172: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:20:31.014175: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:20:31.014178: | Now let's proceed with state specific processing Sep 21 07:20:31.014180: | calling processor I3: INFORMATIONAL Request Sep 21 07:20:31.014185: | an informational request should send a response Sep 21 07:20:31.014190: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:20:31.014194: | **emit ISAKMP Message: Sep 21 07:20:31.014196: | initiator cookie: Sep 21 07:20:31.014199: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.014201: | responder cookie: Sep 21 07:20:31.014203: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.014207: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:31.014209: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.014212: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:20:31.014216: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:20:31.014219: | Message ID: 0 (0x0) Sep 21 07:20:31.014222: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:31.014225: | ***emit IKEv2 Encryption Payload: Sep 21 07:20:31.014228: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.014231: | flags: none (0x0) Sep 21 07:20:31.014234: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:20:31.014236: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:20:31.014238: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:20:31.014243: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:20:31.014244: | SPI 12 8d c9 99 Sep 21 07:20:31.014246: | delete PROTO_v2_ESP SA(0x128dc999) Sep 21 07:20:31.014248: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:20:31.014250: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:20:31.014252: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x128dc999) Sep 21 07:20:31.014254: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:20:31.014256: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:20:31.014259: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:31.014260: | free_event_entry: release EVENT_SA_REKEY-pe@0x5556cb588940 Sep 21 07:20:31.014263: | event_schedule: new EVENT_SA_REPLACE-pe@0x5556cb588940 Sep 21 07:20:31.014265: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:20:31.014267: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:31.014269: | ****emit IKEv2 Delete Payload: Sep 21 07:20:31.014273: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.014274: | flags: none (0x0) Sep 21 07:20:31.014276: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:20:31.014277: | SPI size: 4 (0x4) Sep 21 07:20:31.014279: | number of SPIs: 1 (0x1) Sep 21 07:20:31.014281: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:20:31.014283: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:20:31.014284: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:20:31.014286: | local SPIs a3 21 1b 80 Sep 21 07:20:31.014287: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:20:31.014289: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:31.014291: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:20:31.014293: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:20:31.014294: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:20:31.014296: | emitting length of ISAKMP Message: 69 Sep 21 07:20:31.014305: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:31.014307: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.014309: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:20:31.014310: | 7a 3e 8b 0c 85 9a a8 ab a1 e0 a5 c9 b4 45 8e a4 Sep 21 07:20:31.014311: | 5d 14 09 20 0d 47 13 88 69 78 92 c8 4f 44 76 6a Sep 21 07:20:31.014313: | e1 5d 11 4e be Sep 21 07:20:31.014331: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:20:31.014335: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:20:31.014339: | #1 spent 0.148 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:20:31.014343: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:31.014346: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:20:31.014348: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:20:31.014351: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:20:31.014353: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:31.014355: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:20:31.014358: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:20:31.014361: | #1 spent 0.351 milliseconds in ikev2_process_packet() Sep 21 07:20:31.014364: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:20:31.014366: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:20:31.014368: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:20:31.014370: | spent 0.36 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:20:31.014376: | timer_event_cb: processing event@0x5556cb588940 Sep 21 07:20:31.014377: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:20:31.014380: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.014383: | picked newest_ipsec_sa #3 for #3 Sep 21 07:20:31.014386: | replacing stale CHILD SA Sep 21 07:20:31.014389: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:20:31.014391: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:20:31.014393: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:20:31.014396: | creating state object #4 at 0x5556cb591520 Sep 21 07:20:31.014398: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:20:31.014400: | pstats #4 ikev2.child started Sep 21 07:20:31.014402: | duplicating state object #1 "westnet-eastnet-vti-01" as #4 for IPSEC SA Sep 21 07:20:31.014405: | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:20:31.014409: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:20:31.014411: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:20:31.014414: | suspend processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:20:31.014417: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:20:31.014419: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:20:31.014428: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:31.014432: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:20:31.014434: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f85b4002b20 Sep 21 07:20:31.014436: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:20:31.014438: | libevent_malloc: new ptr-libevent@0x7f85a8001ef0 size 128 Sep 21 07:20:31.014441: | RESET processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:20:31.014443: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5556cb58aa00 Sep 21 07:20:31.014445: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:20:31.014447: | libevent_malloc: new ptr-libevent@0x7f85b4006900 size 128 Sep 21 07:20:31.014449: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:31.014451: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5556cb588940 Sep 21 07:20:31.014454: | #3 spent 0.0774 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:20:31.014455: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:20:31.014458: | timer_event_cb: processing event@0x7f85b4002b20 Sep 21 07:20:31.014460: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:20:31.014463: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.014466: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:20:31.014467: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb588940 Sep 21 07:20:31.014470: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:20:31.014471: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:31.014477: | libevent_free: release ptr-libevent@0x7f85a8001ef0 Sep 21 07:20:31.014482: | crypto helper 1 resuming Sep 21 07:20:31.014483: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f85b4002b20 Sep 21 07:20:31.014492: | crypto helper 1 starting work-order 5 for state #4 Sep 21 07:20:31.014505: | #4 spent 0.0395 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:20:31.014511: | crypto helper 1 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:20:31.014514: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:20:31.014519: | timer_event_cb: processing event@0x5556cb58aa00 Sep 21 07:20:31.014521: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:20:31.014526: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.014529: | picked newest_ipsec_sa #3 for #3 Sep 21 07:20:31.014532: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:20:31.014535: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:20:31.014537: | pstats #3 ikev2.child deleted completed Sep 21 07:20:31.014540: | #3 spent 3.96 milliseconds in total Sep 21 07:20:31.014545: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.014548: "westnet-eastnet-vti-02" #3: deleting state (STATE_V2_IPSEC_I) aged 5.208s and NOT sending notification Sep 21 07:20:31.014551: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:20:31.014555: | get_sa_info esp.128dc999@192.1.2.23 Sep 21 07:20:31.014568: | get_sa_info esp.a3211b80@192.1.2.45 Sep 21 07:20:31.014575: "westnet-eastnet-vti-02" #3: ESP traffic information: in=0B out=0B Sep 21 07:20:31.014578: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:20:31.014685: | running updown command "ipsec _updown" for verb down Sep 21 07:20:31.014690: | command executing down-client Sep 21 07:20:31.014720: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050425' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffff Sep 21 07:20:31.014723: | popen cmd is 1135 chars long Sep 21 07:20:31.014726: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Sep 21 07:20:31.014729: | cmd( 80):ti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Sep 21 07:20:31.014732: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0': Sep 21 07:20:31.014734: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' P: Sep 21 07:20:31.014737: | cmd( 320):LUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.: Sep 21 07:20:31.014740: | cmd( 400):1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_: Sep 21 07:20:31.014742: | cmd( 480):NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_: Sep 21 07:20:31.014745: | cmd( 560):PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='156905042: Sep 21 07:20:31.014748: | cmd( 640):5' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Sep 21 07:20:31.014750: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Sep 21 07:20:31.014753: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Sep 21 07:20:31.014758: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Sep 21 07:20:31.014761: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Sep 21 07:20:31.014763: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x128dc999 SPI_OUT=0xa3211b80 ips: Sep 21 07:20:31.014766: | cmd(1120):ec _updown 2>&1: Sep 21 07:20:31.015124: | crypto helper 1 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000615 seconds Sep 21 07:20:31.015134: | (#4) spent 0.619 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:20:31.015136: | crypto helper 1 sending results from work-order 5 for state #4 to event queue Sep 21 07:20:31.015138: | scheduling resume sending helper answer for #4 Sep 21 07:20:31.015140: | libevent_malloc: new ptr-libevent@0x7f85ac006900 size 128 Sep 21 07:20:31.015144: | crypto helper 1 waiting (nothing to do) Sep 21 07:20:31.031260: "westnet-eastnet-vti-02" #3: down-client output: Command line is not complete. Try option "help" Sep 21 07:20:31.031595: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 10.0.1.0/24:0 --0->- 10.0.2.0/24:0 Sep 21 07:20:31.031602: | netlink_shunt_eroute for proto 0, and source 10.0.1.0/24:0 dest 10.0.2.0/24:0 Sep 21 07:20:31.031605: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:31.031608: | IPsec Sa SPD priority set to 1042407 Sep 21 07:20:31.031649: | delete esp.128dc999@192.1.2.23 Sep 21 07:20:31.031679: | netlink response for Del SA esp.128dc999@192.1.2.23 included non-error error Sep 21 07:20:31.031685: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:31.031693: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:20:31.031736: | raw_eroute result=success Sep 21 07:20:31.031741: | delete esp.a3211b80@192.1.2.45 Sep 21 07:20:31.031763: | netlink response for Del SA esp.a3211b80@192.1.2.45 included non-error error Sep 21 07:20:31.031769: | in connection_discard for connection westnet-eastnet-vti-02 Sep 21 07:20:31.031772: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:20:31.031777: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:20:31.031822: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.031836: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:20:31.031840: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:20:31.031845: | libevent_free: release ptr-libevent@0x7f85b4006900 Sep 21 07:20:31.031849: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5556cb58aa00 Sep 21 07:20:31.031853: | in statetime_stop() and could not find #3 Sep 21 07:20:31.031856: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:20:31.031876: | spent 0.00338 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:20:31.031891: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:20:31.031895: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.031898: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:20:31.031901: | b3 b8 4e 7b e7 6d 4c 58 fe 47 29 00 42 cb 57 4e Sep 21 07:20:31.031904: | b6 06 12 a8 3b 92 e6 46 3e 39 76 a8 15 3d 75 a8 Sep 21 07:20:31.031907: | b5 fe 88 82 5f Sep 21 07:20:31.031912: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:20:31.031917: | **parse ISAKMP Message: Sep 21 07:20:31.031919: | initiator cookie: Sep 21 07:20:31.031922: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.031925: | responder cookie: Sep 21 07:20:31.031928: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.031931: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:20:31.031938: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.031941: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:20:31.031944: | flags: none (0x0) Sep 21 07:20:31.031947: | Message ID: 1 (0x1) Sep 21 07:20:31.031950: | length: 69 (0x45) Sep 21 07:20:31.031954: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:20:31.031958: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:20:31.031962: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:20:31.031970: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:20:31.031974: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:20:31.031980: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:20:31.031984: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:20:31.031990: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:20:31.031992: | unpacking clear payload Sep 21 07:20:31.031996: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:20:31.031999: | ***parse IKEv2 Encryption Payload: Sep 21 07:20:31.032002: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:20:31.032005: | flags: none (0x0) Sep 21 07:20:31.032008: | length: 41 (0x29) Sep 21 07:20:31.032011: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:20:31.032015: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:20:31.032017: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:20:31.032033: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:20:31.032035: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:20:31.032037: | **parse IKEv2 Delete Payload: Sep 21 07:20:31.032038: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.032040: | flags: none (0x0) Sep 21 07:20:31.032041: | length: 12 (0xc) Sep 21 07:20:31.032043: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:20:31.032044: | SPI size: 4 (0x4) Sep 21 07:20:31.032046: | number of SPIs: 1 (0x1) Sep 21 07:20:31.032047: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:20:31.032049: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:20:31.032051: | Now let's proceed with state specific processing Sep 21 07:20:31.032052: | calling processor I3: INFORMATIONAL Request Sep 21 07:20:31.032055: | an informational request should send a response Sep 21 07:20:31.032059: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:20:31.032061: | **emit ISAKMP Message: Sep 21 07:20:31.032063: | initiator cookie: Sep 21 07:20:31.032064: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.032066: | responder cookie: Sep 21 07:20:31.032067: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.032069: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:31.032071: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.032072: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:20:31.032074: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:20:31.032076: | Message ID: 1 (0x1) Sep 21 07:20:31.032078: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:31.032080: | ***emit IKEv2 Encryption Payload: Sep 21 07:20:31.032081: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.032083: | flags: none (0x0) Sep 21 07:20:31.032085: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:20:31.032086: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:20:31.032091: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:20:31.032099: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:20:31.032100: | SPI 91 f7 d2 9e Sep 21 07:20:31.032102: | delete PROTO_v2_ESP SA(0x91f7d29e) Sep 21 07:20:31.032104: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:20:31.032106: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:20:31.032108: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x91f7d29e) Sep 21 07:20:31.032110: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:20:31.032112: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:20:31.032114: | libevent_free: release ptr-libevent@0x7f85b8006900 Sep 21 07:20:31.032116: | free_event_entry: release EVENT_SA_REKEY-pe@0x5556cb5886c0 Sep 21 07:20:31.032118: | event_schedule: new EVENT_SA_REPLACE-pe@0x5556cb5857f0 Sep 21 07:20:31.032120: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:20:31.032122: | libevent_malloc: new ptr-libevent@0x7f85b8006900 size 128 Sep 21 07:20:31.032125: | ****emit IKEv2 Delete Payload: Sep 21 07:20:31.032126: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.032128: | flags: none (0x0) Sep 21 07:20:31.032129: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:20:31.032131: | SPI size: 4 (0x4) Sep 21 07:20:31.032132: | number of SPIs: 1 (0x1) Sep 21 07:20:31.032134: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:20:31.032136: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:20:31.032138: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:20:31.032139: | local SPIs 0f 26 0d fc Sep 21 07:20:31.032141: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:20:31.032143: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:31.032145: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:20:31.032146: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:20:31.032148: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:20:31.032150: | emitting length of ISAKMP Message: 69 Sep 21 07:20:31.032158: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:31.032160: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.032162: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:20:31.032163: | af 06 a3 32 23 a1 98 5b 6b cc 73 bb 4c 49 14 63 Sep 21 07:20:31.032164: | 5d 32 23 0d 6d a4 3c 1b 49 d5 34 ee 94 e8 6f 1a Sep 21 07:20:31.032166: | 8a e2 aa 3c 38 Sep 21 07:20:31.032198: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:20:31.032202: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:20:31.032206: | #1 spent 0.137 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:20:31.032210: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:31.032213: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:20:31.032215: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:20:31.032217: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:20:31.032222: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:31.032224: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:20:31.032227: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:20:31.032230: | #1 spent 0.336 milliseconds in ikev2_process_packet() Sep 21 07:20:31.032232: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:20:31.032234: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:20:31.032236: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:20:31.032238: | spent 0.345 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:20:31.032244: | processing resume sending helper answer for #4 Sep 21 07:20:31.032247: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:20:31.032250: | crypto helper 1 replies to request ID 5 Sep 21 07:20:31.032251: | calling continuation function 0x5556ca2e7630 Sep 21 07:20:31.032254: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:20:31.032256: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:31.032258: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:31.032259: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb588940 Sep 21 07:20:31.032261: | event_schedule: new EVENT_SA_REPLACE-pe@0x5556cb588940 Sep 21 07:20:31.032263: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:20:31.032265: | libevent_malloc: new ptr-libevent@0x5556cb582e30 size 128 Sep 21 07:20:31.032268: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:31.032270: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:20:31.032271: | libevent_malloc: new ptr-libevent@0x7f85b4006900 size 128 Sep 21 07:20:31.032274: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:31.032276: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:20:31.032278: | suspending state #4 and saving MD Sep 21 07:20:31.032279: | #4 is busy; has a suspended MD Sep 21 07:20:31.032282: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:20:31.032284: | "westnet-eastnet-vti-02" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:20:31.032287: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:20:31.032289: | #4 spent 0.0396 milliseconds in resume sending helper answer Sep 21 07:20:31.032292: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:20:31.032294: | libevent_free: release ptr-libevent@0x7f85ac006900 Sep 21 07:20:31.032296: | processing signal PLUTO_SIGCHLD Sep 21 07:20:31.032300: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:31.032303: | spent 0.00411 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:31.032307: | timer_event_cb: processing event@0x5556cb5857f0 Sep 21 07:20:31.032308: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:20:31.032311: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.032313: | picked newest_ipsec_sa #2 for #2 Sep 21 07:20:31.032315: | replacing stale CHILD SA Sep 21 07:20:31.032318: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:20:31.032319: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:20:31.032323: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:20:31.032326: | creating state object #5 at 0x5556cb584c80 Sep 21 07:20:31.032327: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:20:31.032330: | pstats #5 ikev2.child started Sep 21 07:20:31.032332: | duplicating state object #1 "westnet-eastnet-vti-01" as #5 for IPSEC SA Sep 21 07:20:31.032334: | #5 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:20:31.032338: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:20:31.032341: | suspend processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:20:31.032344: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:20:31.032346: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:20:31.032348: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:20:31.032351: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals) Sep 21 07:20:31.032354: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:20:31.032359: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:20:31.032361: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:20:31.032363: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:20:31.032365: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:20:31.032368: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:31.032370: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:20:31.032372: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:31.032377: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:20:31.032381: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:20:31.032383: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f85ac002b20 Sep 21 07:20:31.032385: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Sep 21 07:20:31.032387: | libevent_malloc: new ptr-libevent@0x7f85ac006900 size 128 Sep 21 07:20:31.032390: | RESET processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:20:31.032392: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5556cb504190 Sep 21 07:20:31.032394: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:20:31.032395: | libevent_malloc: new ptr-libevent@0x7f85a8001ef0 size 128 Sep 21 07:20:31.032397: | libevent_free: release ptr-libevent@0x7f85b8006900 Sep 21 07:20:31.032399: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5556cb5857f0 Sep 21 07:20:31.032402: | #2 spent 0.0942 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:20:31.032403: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:20:31.032405: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:20:31.032408: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:20:31.032412: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:20:31.032415: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:20:31.032418: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:20:31.032421: | **emit ISAKMP Message: Sep 21 07:20:31.032423: | initiator cookie: Sep 21 07:20:31.032424: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.032426: | responder cookie: Sep 21 07:20:31.032427: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.032429: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:31.032430: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.032432: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:20:31.032434: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:31.032436: | Message ID: 3 (0x3) Sep 21 07:20:31.032438: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:31.032441: | ***emit IKEv2 Encryption Payload: Sep 21 07:20:31.032443: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.032446: | flags: none (0x0) Sep 21 07:20:31.032448: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:20:31.032450: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.032452: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:20:31.032466: | netlink_get_spi: allocated 0x12cfc462 for esp.0@192.1.2.45 Sep 21 07:20:31.032470: | Emitting ikev2_proposals ... Sep 21 07:20:31.032472: | ****emit IKEv2 Security Association Payload: Sep 21 07:20:31.032473: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.032475: | flags: none (0x0) Sep 21 07:20:31.032476: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:20:31.032478: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.032480: | discarding INTEG=NONE Sep 21 07:20:31.032482: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.032483: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.032485: | prop #: 1 (0x1) Sep 21 07:20:31.032486: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:31.032488: | spi size: 4 (0x4) Sep 21 07:20:31.032489: | # transforms: 3 (0x3) Sep 21 07:20:31.032491: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.032493: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:31.032495: | our spi 12 cf c4 62 Sep 21 07:20:31.032496: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032500: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.032502: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:31.032504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032506: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.032508: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.032509: | length/value: 256 (0x100) Sep 21 07:20:31.032511: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.032513: | discarding INTEG=NONE Sep 21 07:20:31.032514: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.032519: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.032522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032525: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032527: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032528: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.032530: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:31.032531: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:31.032533: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032538: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:20:31.032540: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.032541: | discarding INTEG=NONE Sep 21 07:20:31.032543: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.032544: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.032546: | prop #: 2 (0x2) Sep 21 07:20:31.032547: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:31.032549: | spi size: 4 (0x4) Sep 21 07:20:31.032550: | # transforms: 3 (0x3) Sep 21 07:20:31.032552: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.032554: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.032556: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:31.032557: | our spi 12 cf c4 62 Sep 21 07:20:31.032558: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032561: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.032563: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:31.032564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032566: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.032568: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.032569: | length/value: 128 (0x80) Sep 21 07:20:31.032571: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.032572: | discarding INTEG=NONE Sep 21 07:20:31.032573: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.032578: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.032580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032583: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032584: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032586: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.032587: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:31.032589: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:31.032590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032594: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032596: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:20:31.032598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.032599: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.032601: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.032602: | prop #: 3 (0x3) Sep 21 07:20:31.032604: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:31.032605: | spi size: 4 (0x4) Sep 21 07:20:31.032606: | # transforms: 5 (0x5) Sep 21 07:20:31.032608: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.032610: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.032612: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:31.032613: | our spi 12 cf c4 62 Sep 21 07:20:31.032614: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032617: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.032619: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:31.032621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032622: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.032624: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.032625: | length/value: 256 (0x100) Sep 21 07:20:31.032627: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.032628: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032631: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.032633: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:31.032635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032638: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032639: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032642: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.032644: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:31.032645: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032647: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032649: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032650: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.032655: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.032656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032658: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032660: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032662: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032663: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.032665: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:31.032666: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:31.032668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032671: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032673: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:20:31.032674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.032676: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.032677: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:31.032679: | prop #: 4 (0x4) Sep 21 07:20:31.032680: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:20:31.032682: | spi size: 4 (0x4) Sep 21 07:20:31.032683: | # transforms: 5 (0x5) Sep 21 07:20:31.032685: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.032687: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.032688: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:20:31.032690: | our spi 12 cf c4 62 Sep 21 07:20:31.032691: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032694: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.032695: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:31.032697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032699: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.032700: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.032702: | length/value: 128 (0x80) Sep 21 07:20:31.032703: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.032704: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032707: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.032709: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:31.032711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032714: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032715: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032717: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032718: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.032720: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:31.032721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032723: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032725: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032727: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032730: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.032732: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.032733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032735: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032737: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032738: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.032739: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.032741: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:20:31.032742: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:20:31.032744: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.032746: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.032747: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.032749: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:20:31.032750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.032752: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:20:31.032754: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:20:31.032756: "westnet-eastnet-vti-02" #4: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:20:31.032758: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:20:31.032761: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:31.032763: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:20:31.032819: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:20:31.032830: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:20:31.032837: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:20:31.032842: | #1 spent 0.424 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:20:31.032847: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:20:31.032851: | libevent_free: release ptr-libevent@0x7f85b4006900 Sep 21 07:20:31.032857: | timer_event_cb: processing event@0x7f85ac002b20 Sep 21 07:20:31.032860: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Sep 21 07:20:31.032866: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.032871: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Sep 21 07:20:31.032875: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb5857f0 Sep 21 07:20:31.032879: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:20:31.032882: | libevent_malloc: new ptr-libevent@0x7f85b4006900 size 128 Sep 21 07:20:31.032890: | libevent_free: release ptr-libevent@0x7f85ac006900 Sep 21 07:20:31.032894: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f85ac002b20 Sep 21 07:20:31.032895: | crypto helper 0 resuming Sep 21 07:20:31.032899: | #5 spent 0.0403 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:20:31.032906: | crypto helper 0 starting work-order 6 for state #5 Sep 21 07:20:31.032918: | stop processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:20:31.032921: | crypto helper 0 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Sep 21 07:20:31.032923: | timer_event_cb: processing event@0x5556cb504190 Sep 21 07:20:31.032927: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:20:31.032930: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.032932: | picked newest_ipsec_sa #2 for #2 Sep 21 07:20:31.032933: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:20:31.032935: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:20:31.032937: | pstats #2 ikev2.child deleted completed Sep 21 07:20:31.032939: | #2 spent 2.09 milliseconds in total Sep 21 07:20:31.032941: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.032944: "westnet-eastnet-vti-01" #2: deleting state (STATE_V2_IPSEC_I) aged 5.600s and NOT sending notification Sep 21 07:20:31.032946: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:20:31.032948: | get_sa_info esp.91f7d29e@192.1.2.23 Sep 21 07:20:31.032956: | get_sa_info esp.f260dfc@192.1.2.45 Sep 21 07:20:31.032961: "westnet-eastnet-vti-01" #2: ESP traffic information: in=336B out=336B Sep 21 07:20:31.032963: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:20:31.033011: | running updown command "ipsec _updown" for verb down Sep 21 07:20:31.033017: | command executing down-client Sep 21 07:20:31.033055: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050425' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0 Sep 21 07:20:31.033059: | popen cmd is 1139 chars long Sep 21 07:20:31.033062: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Sep 21 07:20:31.033066: | cmd( 80):ti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Sep 21 07:20:31.033069: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.: Sep 21 07:20:31.033073: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0: Sep 21 07:20:31.033076: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Sep 21 07:20:31.033079: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLI: Sep 21 07:20:31.033082: | cmd( 480):ENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' P: Sep 21 07:20:31.033085: | cmd( 560):LUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569: Sep 21 07:20:31.033089: | cmd( 640):050425' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+: Sep 21 07:20:31.033092: | cmd( 720):IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv: Sep 21 07:20:31.033097: | cmd( 800):4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMA: Sep 21 07:20:31.033100: | cmd( 880):IN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_: Sep 21 07:20:31.033103: | cmd( 960):NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE: Sep 21 07:20:31.033104: | cmd(1040):='ipsec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x91f7d29e SPI_OUT=0xf260dfc: Sep 21 07:20:31.033106: | cmd(1120): ipsec _updown 2>&1: Sep 21 07:20:31.033844: | crypto helper 0 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000922 seconds Sep 21 07:20:31.033858: | (#5) spent 0.93 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:20:31.033862: | crypto helper 0 sending results from work-order 6 for state #5 to event queue Sep 21 07:20:31.033866: | scheduling resume sending helper answer for #5 Sep 21 07:20:31.033870: | libevent_malloc: new ptr-libevent@0x7f85a0006900 size 128 Sep 21 07:20:31.033876: | crypto helper 0 waiting (nothing to do) Sep 21 07:20:31.041819: "westnet-eastnet-vti-01" #2: down-client output: Command line is not complete. Try option "help" Sep 21 07:20:31.042360: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:20:31.042370: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:20:31.042374: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:31.042378: | IPsec Sa SPD priority set to 1042407 Sep 21 07:20:31.042425: | delete esp.91f7d29e@192.1.2.23 Sep 21 07:20:31.042454: | netlink response for Del SA esp.91f7d29e@192.1.2.23 included non-error error Sep 21 07:20:31.042458: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:31.042465: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:20:31.042529: | raw_eroute result=success Sep 21 07:20:31.042534: | delete esp.f260dfc@192.1.2.45 Sep 21 07:20:31.042555: | netlink response for Del SA esp.f260dfc@192.1.2.45 included non-error error Sep 21 07:20:31.042560: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:20:31.042563: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:20:31.042568: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:20:31.042574: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.042580: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:20:31.042583: | can't expire unused IKE SA #1; it has the child #5 Sep 21 07:20:31.042587: | libevent_free: release ptr-libevent@0x7f85a8001ef0 Sep 21 07:20:31.042591: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5556cb504190 Sep 21 07:20:31.042594: | in statetime_stop() and could not find #2 Sep 21 07:20:31.042597: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:20:31.042613: | spent 0.0027 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:20:31.042627: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:20:31.042630: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.042632: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:20:31.042634: | 37 a6 c0 32 b1 ee 4a 4c 66 82 6d 0f 27 a9 a1 c4 Sep 21 07:20:31.042637: | d9 83 96 c3 48 2d 41 0d 3b 0c 32 c7 6a 01 b1 80 Sep 21 07:20:31.042639: | 4a Sep 21 07:20:31.042643: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:20:31.042647: | **parse ISAKMP Message: Sep 21 07:20:31.042650: | initiator cookie: Sep 21 07:20:31.042652: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.042654: | responder cookie: Sep 21 07:20:31.042657: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.042663: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:20:31.042665: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.042668: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:20:31.042671: | flags: none (0x0) Sep 21 07:20:31.042673: | Message ID: 2 (0x2) Sep 21 07:20:31.042676: | length: 65 (0x41) Sep 21 07:20:31.042679: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:20:31.042682: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:20:31.042686: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:20:31.042692: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:20:31.042695: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:20:31.042700: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:20:31.042703: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:20:31.042707: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:20:31.042709: | unpacking clear payload Sep 21 07:20:31.042712: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:20:31.042715: | ***parse IKEv2 Encryption Payload: Sep 21 07:20:31.042717: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:20:31.042720: | flags: none (0x0) Sep 21 07:20:31.042722: | length: 37 (0x25) Sep 21 07:20:31.042725: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:20:31.042730: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:20:31.042732: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:20:31.042752: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:20:31.042755: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:20:31.042758: | **parse IKEv2 Delete Payload: Sep 21 07:20:31.042761: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.042763: | flags: none (0x0) Sep 21 07:20:31.042766: | length: 8 (0x8) Sep 21 07:20:31.042768: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:20:31.042770: | SPI size: 0 (0x0) Sep 21 07:20:31.042773: | number of SPIs: 0 (0x0) Sep 21 07:20:31.042775: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:20:31.042778: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:20:31.042780: | Now let's proceed with state specific processing Sep 21 07:20:31.042788: | calling processor I3: INFORMATIONAL Request Sep 21 07:20:31.042794: | an informational request should send a response Sep 21 07:20:31.042800: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:20:31.042803: | **emit ISAKMP Message: Sep 21 07:20:31.042806: | initiator cookie: Sep 21 07:20:31.042808: | d9 d3 8d 65 f4 84 fc f4 Sep 21 07:20:31.042811: | responder cookie: Sep 21 07:20:31.042813: | f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.042815: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:31.042818: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.042821: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:20:31.042823: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:20:31.042826: | Message ID: 2 (0x2) Sep 21 07:20:31.042829: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:31.042832: | ***emit IKEv2 Encryption Payload: Sep 21 07:20:31.042834: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.042837: | flags: none (0x0) Sep 21 07:20:31.042840: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:20:31.042843: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:20:31.042848: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:20:31.042858: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:20:31.042861: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:20:31.042865: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:20:31.042867: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:20:31.042869: | emitting length of ISAKMP Message: 57 Sep 21 07:20:31.042889: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:20:31.042894: | d9 d3 8d 65 f4 84 fc f4 f0 57 a5 0b 64 25 cb 1a Sep 21 07:20:31.042897: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:20:31.042900: | 2f bd 6e a9 56 72 b5 ef 8a df f3 1b 68 84 11 91 Sep 21 07:20:31.042906: | 4d 92 78 67 c3 44 2f d3 b3 Sep 21 07:20:31.042938: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:20:31.042943: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:20:31.042947: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:20:31.042950: | pstats #5 ikev2.child deleted other Sep 21 07:20:31.042954: | #5 spent 0.0403 milliseconds in total Sep 21 07:20:31.042959: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.042964: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.042968: "westnet-eastnet-vti-01" #5: deleting other state #5 (STATE_CHILDSA_DEL) aged 0.010s and NOT sending notification Sep 21 07:20:31.042971: | child state #5: CHILDSA_DEL(informational) => delete Sep 21 07:20:31.042974: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:31.042977: | libevent_free: release ptr-libevent@0x7f85b4006900 Sep 21 07:20:31.042980: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb5857f0 Sep 21 07:20:31.042984: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:31.042990: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:20:31.043003: | raw_eroute result=success Sep 21 07:20:31.043006: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:20:31.043009: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:20:31.043012: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:20:31.043017: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.043021: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.043025: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:20:31.043028: | pstats #4 ikev2.child deleted other Sep 21 07:20:31.043031: | #4 spent 0.698 milliseconds in total Sep 21 07:20:31.043036: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.043041: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.043044: "westnet-eastnet-vti-02" #4: deleting other state #4 connection (STATE_CHILDSA_DEL) "westnet-eastnet-vti-02" aged 0.028s and NOT sending notification Sep 21 07:20:31.043047: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:20:31.043050: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:20:31.043055: | libevent_free: release ptr-libevent@0x5556cb582e30 Sep 21 07:20:31.043058: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5556cb588940 Sep 21 07:20:31.043061: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:31.043068: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:20:31.043077: | raw_eroute result=success Sep 21 07:20:31.043080: | in connection_discard for connection westnet-eastnet-vti-02 Sep 21 07:20:31.043083: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:20:31.043086: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:20:31.043099: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.043104: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.043108: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:20:31.043112: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:20:31.043114: | pstats #1 ikev2.ike deleted completed Sep 21 07:20:31.043118: | #1 spent 17.2 milliseconds in total Sep 21 07:20:31.043123: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:31.043126: "westnet-eastnet-vti-01" #1: deleting state (STATE_IKESA_DEL) aged 5.618s and NOT sending notification Sep 21 07:20:31.043129: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:20:31.043196: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:20:31.043201: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:31.043204: | free_event_entry: release EVENT_SA_REKEY-pe@0x5556cb582f90 Sep 21 07:20:31.043207: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:20:31.043209: | picked newest_isakmp_sa #0 for #1 Sep 21 07:20:31.043212: "westnet-eastnet-vti-01" #1: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:20:31.043215: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 0 seconds Sep 21 07:20:31.043218: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:20:31.043222: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:20:31.043224: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:20:31.043227: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:20:31.043231: | unreference key: 0x5556cb4d88f0 @east cnt 2-- Sep 21 07:20:31.043242: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:31.043256: | in statetime_stop() and could not find #1 Sep 21 07:20:31.043259: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:31.043263: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:20:31.043266: | STF_OK but no state object remains Sep 21 07:20:31.043269: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:20:31.043271: | in statetime_stop() and could not find #1 Sep 21 07:20:31.043276: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:20:31.043279: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:20:31.043282: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:20:31.043286: | spent 0.644 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:20:31.043293: | processing resume sending helper answer for #5 Sep 21 07:20:31.043297: | crypto helper 0 replies to request ID 6 Sep 21 07:20:31.043299: | calling continuation function 0x5556ca2e7630 Sep 21 07:20:31.043302: | work-order 6 state #5 crypto result suppressed Sep 21 07:20:31.043313: | (#5) spent 0.0155 milliseconds in resume sending helper answer Sep 21 07:20:31.043318: | libevent_free: release ptr-libevent@0x7f85a0006900 Sep 21 07:20:31.043322: | processing signal PLUTO_SIGCHLD Sep 21 07:20:31.043326: | waitpid returned ECHILD (no child processes left) Sep 21 07:20:31.043330: | spent 0.00495 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:20:31.043335: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:20:31.043338: Initiating connection westnet-eastnet-vti-01 which received a Delete/Notify but must remain up per local policy Sep 21 07:20:31.043341: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:20:31.043345: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Sep 21 07:20:31.043348: | connection 'westnet-eastnet-vti-01' +POLICY_UP Sep 21 07:20:31.043351: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:20:31.043354: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:20:31.043359: | creating state object #6 at 0x5556cb584c80 Sep 21 07:20:31.043362: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:20:31.043369: | pstats #6 ikev2.ike started Sep 21 07:20:31.043372: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:20:31.043375: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:20:31.043380: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:20:31.043386: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:20:31.043390: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:20:31.043393: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:20:31.043397: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #6 "westnet-eastnet-vti-01" Sep 21 07:20:31.043401: "westnet-eastnet-vti-01" #6: initiating v2 parent SA Sep 21 07:20:31.043417: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:31.043421: | adding ikev2_outI1 KE work-order 7 for state #6 Sep 21 07:20:31.043424: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5556cb58c410 Sep 21 07:20:31.043428: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:20:31.043430: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:31.043440: | #6 spent 0.0941 milliseconds in ikev2_parent_outI1() Sep 21 07:20:31.043444: | RESET processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:20:31.043447: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:20:31.043449: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:20:31.043453: | spent 0.115 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:20:31.043461: | crypto helper 3 resuming Sep 21 07:20:31.043464: | crypto helper 3 starting work-order 7 for state #6 Sep 21 07:20:31.043468: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Sep 21 07:20:31.044349: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.00088 seconds Sep 21 07:20:31.044361: | (#6) spent 0.887 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Sep 21 07:20:31.044364: | crypto helper 3 sending results from work-order 7 for state #6 to event queue Sep 21 07:20:31.044366: | scheduling resume sending helper answer for #6 Sep 21 07:20:31.044368: | libevent_malloc: new ptr-libevent@0x7f85a4006900 size 128 Sep 21 07:20:31.044374: | crypto helper 3 waiting (nothing to do) Sep 21 07:20:31.044381: | processing resume sending helper answer for #6 Sep 21 07:20:31.044387: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:20:31.044389: | crypto helper 3 replies to request ID 7 Sep 21 07:20:31.044391: | calling continuation function 0x5556ca2e7630 Sep 21 07:20:31.044392: | ikev2_parent_outI1_continue for #6 Sep 21 07:20:31.044396: | **emit ISAKMP Message: Sep 21 07:20:31.044398: | initiator cookie: Sep 21 07:20:31.044399: | 34 97 d8 4b 95 48 4c db Sep 21 07:20:31.044401: | responder cookie: Sep 21 07:20:31.044402: | 00 00 00 00 00 00 00 00 Sep 21 07:20:31.044404: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:20:31.044406: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:20:31.044408: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:20:31.044409: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:20:31.044411: | Message ID: 0 (0x0) Sep 21 07:20:31.044413: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:20:31.044423: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:20:31.044426: | Emitting ikev2_proposals ... Sep 21 07:20:31.044428: | ***emit IKEv2 Security Association Payload: Sep 21 07:20:31.044431: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.044433: | flags: none (0x0) Sep 21 07:20:31.044436: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:20:31.044438: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.044441: | discarding INTEG=NONE Sep 21 07:20:31.044444: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.044446: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.044449: | prop #: 1 (0x1) Sep 21 07:20:31.044451: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:31.044453: | spi size: 0 (0x0) Sep 21 07:20:31.044456: | # transforms: 11 (0xb) Sep 21 07:20:31.044458: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.044461: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044466: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.044469: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:31.044471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044474: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.044477: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.044482: | length/value: 256 (0x100) Sep 21 07:20:31.044485: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.044487: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044492: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.044494: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:31.044497: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044500: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044502: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044504: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044509: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.044511: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:31.044514: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044516: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044519: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044521: | discarding INTEG=NONE Sep 21 07:20:31.044523: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044527: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044529: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.044532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044540: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044544: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044546: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:31.044549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044554: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044556: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044558: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044562: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:31.044565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044570: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044573: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044577: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044579: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:31.044582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044589: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044592: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044599: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:31.044601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044608: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044610: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044615: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:31.044617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044627: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044633: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044636: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044639: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:31.044643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044647: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044650: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044653: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044656: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.044658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044661: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:31.044665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044672: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044675: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:20:31.044679: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.044682: | discarding INTEG=NONE Sep 21 07:20:31.044685: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.044691: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.044694: | prop #: 2 (0x2) Sep 21 07:20:31.044697: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:31.044699: | spi size: 0 (0x0) Sep 21 07:20:31.044702: | # transforms: 11 (0xb) Sep 21 07:20:31.044705: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.044709: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.044715: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044719: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044721: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.044724: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:20:31.044727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044730: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.044733: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.044739: | length/value: 128 (0x80) Sep 21 07:20:31.044743: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.044747: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044755: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.044757: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:31.044761: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044768: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044771: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044776: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.044779: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:31.044803: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044818: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044820: | discarding INTEG=NONE Sep 21 07:20:31.044824: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044830: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044833: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.044837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044845: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044854: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044857: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:31.044861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044872: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044875: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044881: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044884: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:31.044889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044897: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044904: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044909: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044915: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044918: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:31.044922: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044936: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044940: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044943: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044946: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044949: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:31.044954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044966: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.044971: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.044975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044978: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.044981: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:31.044985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.044991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.044996: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045000: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045010: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:31.045014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045018: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045021: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045024: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045028: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.045031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045034: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:31.045039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045047: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045050: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:20:31.045055: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.045061: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.045064: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.045067: | prop #: 3 (0x3) Sep 21 07:20:31.045070: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:31.045073: | spi size: 0 (0x0) Sep 21 07:20:31.045076: | # transforms: 13 (0xd) Sep 21 07:20:31.045080: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.045085: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.045089: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045095: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.045098: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:31.045102: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045106: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.045109: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.045112: | length/value: 256 (0x100) Sep 21 07:20:31.045116: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.045120: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045129: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.045132: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:31.045136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045146: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045153: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045160: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.045163: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:31.045169: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045177: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045182: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045185: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045188: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045193: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.045200: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:31.045206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045214: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045220: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045230: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.045234: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:31.045238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045255: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045259: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045266: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045271: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.045279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045287: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045290: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045293: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045296: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045304: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:31.045311: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045315: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045319: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045322: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045331: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045335: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:31.045340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045348: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045350: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045356: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:31.045359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045364: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045366: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045369: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045372: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:31.045374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045378: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045380: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045387: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:31.045392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045396: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045399: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045403: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045406: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:31.045408: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045411: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045413: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045416: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045418: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.045420: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045422: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:31.045425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045427: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045430: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045432: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:20:31.045435: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.045437: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:20:31.045440: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:20:31.045442: | prop #: 4 (0x4) Sep 21 07:20:31.045445: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:20:31.045447: | spi size: 0 (0x0) Sep 21 07:20:31.045449: | # transforms: 13 (0xd) Sep 21 07:20:31.045452: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:20:31.045455: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:20:31.045458: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045463: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:20:31.045465: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:20:31.045468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045470: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:20:31.045473: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:20:31.045476: | length/value: 128 (0x80) Sep 21 07:20:31.045479: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:20:31.045481: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045486: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.045489: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:20:31.045491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045499: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045501: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045504: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045506: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:20:31.045509: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:20:31.045512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045514: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045518: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045521: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045523: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045526: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.045528: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:20:31.045531: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045539: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045544: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:20:31.045546: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:20:31.045548: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045551: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045553: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045555: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045557: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045559: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045561: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.045564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045569: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045571: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045575: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045577: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:20:31.045580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045582: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045585: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045587: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045594: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:20:31.045596: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045602: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045604: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045610: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:20:31.045612: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045617: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045618: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045624: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:20:31.045626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045630: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045632: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045635: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045639: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:20:31.045642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045647: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045649: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045655: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:20:31.045658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045663: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045665: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:20:31.045668: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:20:31.045670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:20:31.045672: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:20:31.045675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:20:31.045677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:20:31.045680: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:20:31.045682: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:20:31.045684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:20:31.045688: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:20:31.045691: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:20:31.045694: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:20:31.045696: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.045699: | flags: none (0x0) Sep 21 07:20:31.045701: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:20:31.045704: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:20:31.045707: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.045710: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:20:31.045713: | ikev2 g^x 13 60 4a 8f 60 fe 37 bd 92 03 10 d8 34 79 8f 86 Sep 21 07:20:31.045715: | ikev2 g^x 5c 36 32 96 71 08 7b 20 59 c4 c7 c4 61 41 b7 11 Sep 21 07:20:31.045718: | ikev2 g^x 8a 34 02 6d 97 72 e6 53 a0 df b4 b7 83 f0 ea a5 Sep 21 07:20:31.045720: | ikev2 g^x db fe a9 8b 91 37 d6 70 03 59 24 91 49 4f a8 f3 Sep 21 07:20:31.045722: | ikev2 g^x cc 33 bb c8 27 49 d9 f7 db 57 36 6f 4f 0e 36 93 Sep 21 07:20:31.045724: | ikev2 g^x 75 28 68 30 c1 de 19 8a 35 9c 8a a7 05 0a 54 cb Sep 21 07:20:31.045726: | ikev2 g^x 5b 4c 09 33 3f a8 28 4c df ca 0e 27 b6 4f 4b cb Sep 21 07:20:31.045728: | ikev2 g^x 04 1c 90 d0 77 3d 8c b8 68 21 ac 7b 56 58 68 fd Sep 21 07:20:31.045731: | ikev2 g^x 4e c4 7c d3 f7 84 e6 c2 d5 4e b8 df 37 7c 63 3a Sep 21 07:20:31.045733: | ikev2 g^x ad 91 75 41 f4 28 5b 4f 90 45 20 ed 20 89 ef 1c Sep 21 07:20:31.045735: | ikev2 g^x 25 95 be d0 a6 c9 99 1e d0 90 02 15 dd 05 c7 e8 Sep 21 07:20:31.045738: | ikev2 g^x 6b d0 8c 7c e4 90 57 d2 d4 8e 36 15 df 37 b3 c8 Sep 21 07:20:31.045740: | ikev2 g^x 5e 01 6b 7e 09 35 b4 d3 d5 24 a6 20 17 36 61 01 Sep 21 07:20:31.045742: | ikev2 g^x 27 70 78 3b 51 e3 f2 60 40 f8 e1 64 ce ee 45 30 Sep 21 07:20:31.045744: | ikev2 g^x 76 6f 80 b2 dc c7 b1 42 a7 87 69 30 c9 a8 18 5f Sep 21 07:20:31.045747: | ikev2 g^x b6 b0 1e 07 e2 31 a3 da f9 cd 85 5f 34 ec bb 0e Sep 21 07:20:31.045749: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:20:31.045752: | ***emit IKEv2 Nonce Payload: Sep 21 07:20:31.045754: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:20:31.045756: | flags: none (0x0) Sep 21 07:20:31.045759: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:20:31.045762: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:20:31.045765: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.045767: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:20:31.045770: | IKEv2 nonce f2 ee a6 e2 43 d8 f6 46 bf ec 79 cc c7 fb 8e 66 Sep 21 07:20:31.045772: | IKEv2 nonce 4e cb d2 b8 3a e0 14 8c 42 99 2e 76 d4 f2 88 47 Sep 21 07:20:31.045775: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:20:31.045777: | Adding a v2N Payload Sep 21 07:20:31.045780: | ***emit IKEv2 Notify Payload: Sep 21 07:20:31.045782: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.045791: | flags: none (0x0) Sep 21 07:20:31.045794: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:31.045796: | SPI size: 0 (0x0) Sep 21 07:20:31.045799: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:20:31.045802: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:20:31.045805: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.045808: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:20:31.045811: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:20:31.045815: | natd_hash: rcookie is zero Sep 21 07:20:31.045835: | natd_hash: hasher=0x5556ca3bd7a0(20) Sep 21 07:20:31.045839: | natd_hash: icookie= 34 97 d8 4b 95 48 4c db Sep 21 07:20:31.045841: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:20:31.045843: | natd_hash: ip= c0 01 02 2d Sep 21 07:20:31.045845: | natd_hash: port= 01 f4 Sep 21 07:20:31.045848: | natd_hash: hash= 33 47 5f 09 a6 ee 71 2d 00 45 f2 9b 9f bd 8e 32 Sep 21 07:20:31.045850: | natd_hash: hash= e2 d3 00 e0 Sep 21 07:20:31.045853: | Adding a v2N Payload Sep 21 07:20:31.045855: | ***emit IKEv2 Notify Payload: Sep 21 07:20:31.045858: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.045860: | flags: none (0x0) Sep 21 07:20:31.045862: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:31.045865: | SPI size: 0 (0x0) Sep 21 07:20:31.045868: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:20:31.045871: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:20:31.045873: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.045876: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:20:31.045879: | Notify data 33 47 5f 09 a6 ee 71 2d 00 45 f2 9b 9f bd 8e 32 Sep 21 07:20:31.045881: | Notify data e2 d3 00 e0 Sep 21 07:20:31.045883: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:20:31.045886: | natd_hash: rcookie is zero Sep 21 07:20:31.045894: | natd_hash: hasher=0x5556ca3bd7a0(20) Sep 21 07:20:31.045896: | natd_hash: icookie= 34 97 d8 4b 95 48 4c db Sep 21 07:20:31.045899: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:20:31.045901: | natd_hash: ip= c0 01 02 17 Sep 21 07:20:31.045903: | natd_hash: port= 01 f4 Sep 21 07:20:31.045905: | natd_hash: hash= 89 93 08 43 3f 65 43 07 b3 e2 e9 51 26 9b eb f7 Sep 21 07:20:31.045907: | natd_hash: hash= 92 01 d4 d0 Sep 21 07:20:31.045909: | Adding a v2N Payload Sep 21 07:20:31.045912: | ***emit IKEv2 Notify Payload: Sep 21 07:20:31.045914: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:20:31.045917: | flags: none (0x0) Sep 21 07:20:31.045919: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:20:31.045921: | SPI size: 0 (0x0) Sep 21 07:20:31.045924: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:20:31.045928: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:20:31.045930: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:20:31.045933: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:20:31.045935: | Notify data 89 93 08 43 3f 65 43 07 b3 e2 e9 51 26 9b eb f7 Sep 21 07:20:31.045938: | Notify data 92 01 d4 d0 Sep 21 07:20:31.045940: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:20:31.045943: | emitting length of ISAKMP Message: 828 Sep 21 07:20:31.045950: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:20:31.045957: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:20:31.045961: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:20:31.045963: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:20:31.045967: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:20:31.045970: | Message ID: updating counters for #6 to 4294967295 after switching state Sep 21 07:20:31.045973: | Message ID: IKE #6 skipping update_recv as MD is fake Sep 21 07:20:31.045978: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:20:31.045985: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:20:31.045991: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:20:31.045997: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Sep 21 07:20:31.046000: | 34 97 d8 4b 95 48 4c db 00 00 00 00 00 00 00 00 Sep 21 07:20:31.046002: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:20:31.046004: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:20:31.046006: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:20:31.046009: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:20:31.046011: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:20:31.046013: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:20:31.046015: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:20:31.046018: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:20:31.046020: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:20:31.046023: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:20:31.046025: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:20:31.046027: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:20:31.046030: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:20:31.046032: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:20:31.046034: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:20:31.046036: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:20:31.046038: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:20:31.046040: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:20:31.046042: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:20:31.046045: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:20:31.046047: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:20:31.046049: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:20:31.046051: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:20:31.046053: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:20:31.046055: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:20:31.046058: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:20:31.046060: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:20:31.046062: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:20:31.046064: | 28 00 01 08 00 0e 00 00 13 60 4a 8f 60 fe 37 bd Sep 21 07:20:31.046066: | 92 03 10 d8 34 79 8f 86 5c 36 32 96 71 08 7b 20 Sep 21 07:20:31.046068: | 59 c4 c7 c4 61 41 b7 11 8a 34 02 6d 97 72 e6 53 Sep 21 07:20:31.046071: | a0 df b4 b7 83 f0 ea a5 db fe a9 8b 91 37 d6 70 Sep 21 07:20:31.046073: | 03 59 24 91 49 4f a8 f3 cc 33 bb c8 27 49 d9 f7 Sep 21 07:20:31.046075: | db 57 36 6f 4f 0e 36 93 75 28 68 30 c1 de 19 8a Sep 21 07:20:31.046077: | 35 9c 8a a7 05 0a 54 cb 5b 4c 09 33 3f a8 28 4c Sep 21 07:20:31.046080: | df ca 0e 27 b6 4f 4b cb 04 1c 90 d0 77 3d 8c b8 Sep 21 07:20:31.046082: | 68 21 ac 7b 56 58 68 fd 4e c4 7c d3 f7 84 e6 c2 Sep 21 07:20:31.046084: | d5 4e b8 df 37 7c 63 3a ad 91 75 41 f4 28 5b 4f Sep 21 07:20:31.046086: | 90 45 20 ed 20 89 ef 1c 25 95 be d0 a6 c9 99 1e Sep 21 07:20:31.046089: | d0 90 02 15 dd 05 c7 e8 6b d0 8c 7c e4 90 57 d2 Sep 21 07:20:31.046091: | d4 8e 36 15 df 37 b3 c8 5e 01 6b 7e 09 35 b4 d3 Sep 21 07:20:31.046093: | d5 24 a6 20 17 36 61 01 27 70 78 3b 51 e3 f2 60 Sep 21 07:20:31.046095: | 40 f8 e1 64 ce ee 45 30 76 6f 80 b2 dc c7 b1 42 Sep 21 07:20:31.046098: | a7 87 69 30 c9 a8 18 5f b6 b0 1e 07 e2 31 a3 da Sep 21 07:20:31.046100: | f9 cd 85 5f 34 ec bb 0e 29 00 00 24 f2 ee a6 e2 Sep 21 07:20:31.046102: | 43 d8 f6 46 bf ec 79 cc c7 fb 8e 66 4e cb d2 b8 Sep 21 07:20:31.046104: | 3a e0 14 8c 42 99 2e 76 d4 f2 88 47 29 00 00 08 Sep 21 07:20:31.046109: | 00 00 40 2e 29 00 00 1c 00 00 40 04 33 47 5f 09 Sep 21 07:20:31.046111: | a6 ee 71 2d 00 45 f2 9b 9f bd 8e 32 e2 d3 00 e0 Sep 21 07:20:31.046113: | 00 00 00 1c 00 00 40 05 89 93 08 43 3f 65 43 07 Sep 21 07:20:31.046115: | b3 e2 e9 51 26 9b eb f7 92 01 d4 d0 Sep 21 07:20:31.046189: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:20:31.046197: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:31.046201: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5556cb58c410 Sep 21 07:20:31.046204: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:20:31.046208: | event_schedule: new EVENT_RETRANSMIT-pe@0x5556cb58c410 Sep 21 07:20:31.046212: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:20:31.046215: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:31.046220: | #6 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49077.414472 Sep 21 07:20:31.046225: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Sep 21 07:20:31.046231: | #6 spent 1.77 milliseconds in resume sending helper answer Sep 21 07:20:31.046237: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:20:31.046240: | libevent_free: release ptr-libevent@0x7f85a4006900 Sep 21 07:20:31.546764: | timer_event_cb: processing event@0x5556cb58c410 Sep 21 07:20:31.546778: | handling event EVENT_RETRANSMIT for parent state #6 Sep 21 07:20:31.546790: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:31.546795: | IKEv2 retransmit event Sep 21 07:20:31.546800: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:20:31.546805: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-vti-01" #6 attempt 2 of 0 Sep 21 07:20:31.546809: | and parent for 192.1.2.23 "westnet-eastnet-vti-01" #6 keying attempt 1 of 0; retransmit 1 Sep 21 07:20:31.546815: | retransmits: current time 49077.915077; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500605 exceeds limit? NO Sep 21 07:20:31.546819: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f85a4002b20 Sep 21 07:20:31.546823: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:20:31.546827: | libevent_malloc: new ptr-libevent@0x7f85a4006900 size 128 Sep 21 07:20:31.546831: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:20:31.546838: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Sep 21 07:20:31.546841: | 34 97 d8 4b 95 48 4c db 00 00 00 00 00 00 00 00 Sep 21 07:20:31.546843: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:20:31.546845: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:20:31.546848: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:20:31.546850: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:20:31.546852: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:20:31.546854: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:20:31.546856: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:20:31.546859: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:20:31.546861: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:20:31.546863: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:20:31.546865: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:20:31.546868: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:20:31.546870: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:20:31.546872: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:20:31.546878: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:20:31.546880: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:20:31.546882: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:20:31.546884: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:20:31.546887: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:20:31.546889: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:20:31.546891: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:20:31.546893: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:20:31.546896: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:20:31.546898: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:20:31.546900: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:20:31.546902: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:20:31.546905: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:20:31.546907: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:20:31.546909: | 28 00 01 08 00 0e 00 00 13 60 4a 8f 60 fe 37 bd Sep 21 07:20:31.546911: | 92 03 10 d8 34 79 8f 86 5c 36 32 96 71 08 7b 20 Sep 21 07:20:31.546913: | 59 c4 c7 c4 61 41 b7 11 8a 34 02 6d 97 72 e6 53 Sep 21 07:20:31.546916: | a0 df b4 b7 83 f0 ea a5 db fe a9 8b 91 37 d6 70 Sep 21 07:20:31.546918: | 03 59 24 91 49 4f a8 f3 cc 33 bb c8 27 49 d9 f7 Sep 21 07:20:31.546920: | db 57 36 6f 4f 0e 36 93 75 28 68 30 c1 de 19 8a Sep 21 07:20:31.546922: | 35 9c 8a a7 05 0a 54 cb 5b 4c 09 33 3f a8 28 4c Sep 21 07:20:31.546925: | df ca 0e 27 b6 4f 4b cb 04 1c 90 d0 77 3d 8c b8 Sep 21 07:20:31.546927: | 68 21 ac 7b 56 58 68 fd 4e c4 7c d3 f7 84 e6 c2 Sep 21 07:20:31.546929: | d5 4e b8 df 37 7c 63 3a ad 91 75 41 f4 28 5b 4f Sep 21 07:20:31.546931: | 90 45 20 ed 20 89 ef 1c 25 95 be d0 a6 c9 99 1e Sep 21 07:20:31.546933: | d0 90 02 15 dd 05 c7 e8 6b d0 8c 7c e4 90 57 d2 Sep 21 07:20:31.546936: | d4 8e 36 15 df 37 b3 c8 5e 01 6b 7e 09 35 b4 d3 Sep 21 07:20:31.546938: | d5 24 a6 20 17 36 61 01 27 70 78 3b 51 e3 f2 60 Sep 21 07:20:31.546940: | 40 f8 e1 64 ce ee 45 30 76 6f 80 b2 dc c7 b1 42 Sep 21 07:20:31.546942: | a7 87 69 30 c9 a8 18 5f b6 b0 1e 07 e2 31 a3 da Sep 21 07:20:31.546945: | f9 cd 85 5f 34 ec bb 0e 29 00 00 24 f2 ee a6 e2 Sep 21 07:20:31.546947: | 43 d8 f6 46 bf ec 79 cc c7 fb 8e 66 4e cb d2 b8 Sep 21 07:20:31.546949: | 3a e0 14 8c 42 99 2e 76 d4 f2 88 47 29 00 00 08 Sep 21 07:20:31.546951: | 00 00 40 2e 29 00 00 1c 00 00 40 04 33 47 5f 09 Sep 21 07:20:31.546953: | a6 ee 71 2d 00 45 f2 9b 9f bd 8e 32 e2 d3 00 e0 Sep 21 07:20:31.546956: | 00 00 00 1c 00 00 40 05 89 93 08 43 3f 65 43 07 Sep 21 07:20:31.546958: | b3 e2 e9 51 26 9b eb f7 92 01 d4 d0 Sep 21 07:20:31.546986: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:31.546990: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5556cb58c410 Sep 21 07:20:31.546997: | #6 spent 0.226 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:20:31.547002: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:20:32.047528: | timer_event_cb: processing event@0x7f85a4002b20 Sep 21 07:20:32.047545: | handling event EVENT_RETRANSMIT for parent state #6 Sep 21 07:20:32.047555: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:20:32.047560: | IKEv2 retransmit event Sep 21 07:20:32.047567: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:20:32.047574: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-vti-01" #6 attempt 2 of 0 Sep 21 07:20:32.047580: | and parent for 192.1.2.23 "westnet-eastnet-vti-01" #6 keying attempt 1 of 0; retransmit 2 Sep 21 07:20:32.047588: | retransmits: current time 49078.415848; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.001376 exceeds limit? NO Sep 21 07:20:32.047597: | event_schedule: new EVENT_RETRANSMIT-pe@0x5556cb58c410 Sep 21 07:20:32.047602: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #6 Sep 21 07:20:32.047607: | libevent_malloc: new ptr-libevent@0x5556cb582fd0 size 128 Sep 21 07:20:32.047613: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: retransmission; will wait 1 seconds for response Sep 21 07:20:32.047623: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Sep 21 07:20:32.047626: | 34 97 d8 4b 95 48 4c db 00 00 00 00 00 00 00 00 Sep 21 07:20:32.047629: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:20:32.047633: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:20:32.047636: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:20:32.047639: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:20:32.047643: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:20:32.047646: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:20:32.047649: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:20:32.047652: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:20:32.047655: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:20:32.047658: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:20:32.047661: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:20:32.047665: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:20:32.047668: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:20:32.047671: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:20:32.047674: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:20:32.047677: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:20:32.047680: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:20:32.047683: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:20:32.047687: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:20:32.047689: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:20:32.047692: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:20:32.047696: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:20:32.047699: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:20:32.047702: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:20:32.047705: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:20:32.047708: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:20:32.047711: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:20:32.047714: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:20:32.047718: | 28 00 01 08 00 0e 00 00 13 60 4a 8f 60 fe 37 bd Sep 21 07:20:32.047721: | 92 03 10 d8 34 79 8f 86 5c 36 32 96 71 08 7b 20 Sep 21 07:20:32.047724: | 59 c4 c7 c4 61 41 b7 11 8a 34 02 6d 97 72 e6 53 Sep 21 07:20:32.047727: | a0 df b4 b7 83 f0 ea a5 db fe a9 8b 91 37 d6 70 Sep 21 07:20:32.047730: | 03 59 24 91 49 4f a8 f3 cc 33 bb c8 27 49 d9 f7 Sep 21 07:20:32.047733: | db 57 36 6f 4f 0e 36 93 75 28 68 30 c1 de 19 8a Sep 21 07:20:32.047737: | 35 9c 8a a7 05 0a 54 cb 5b 4c 09 33 3f a8 28 4c Sep 21 07:20:32.047740: | df ca 0e 27 b6 4f 4b cb 04 1c 90 d0 77 3d 8c b8 Sep 21 07:20:32.047743: | 68 21 ac 7b 56 58 68 fd 4e c4 7c d3 f7 84 e6 c2 Sep 21 07:20:32.047746: | d5 4e b8 df 37 7c 63 3a ad 91 75 41 f4 28 5b 4f Sep 21 07:20:32.047750: | 90 45 20 ed 20 89 ef 1c 25 95 be d0 a6 c9 99 1e Sep 21 07:20:32.047753: | d0 90 02 15 dd 05 c7 e8 6b d0 8c 7c e4 90 57 d2 Sep 21 07:20:32.047756: | d4 8e 36 15 df 37 b3 c8 5e 01 6b 7e 09 35 b4 d3 Sep 21 07:20:32.047759: | d5 24 a6 20 17 36 61 01 27 70 78 3b 51 e3 f2 60 Sep 21 07:20:32.047762: | 40 f8 e1 64 ce ee 45 30 76 6f 80 b2 dc c7 b1 42 Sep 21 07:20:32.047768: | a7 87 69 30 c9 a8 18 5f b6 b0 1e 07 e2 31 a3 da Sep 21 07:20:32.047771: | f9 cd 85 5f 34 ec bb 0e 29 00 00 24 f2 ee a6 e2 Sep 21 07:20:32.047774: | 43 d8 f6 46 bf ec 79 cc c7 fb 8e 66 4e cb d2 b8 Sep 21 07:20:32.047777: | 3a e0 14 8c 42 99 2e 76 d4 f2 88 47 29 00 00 08 Sep 21 07:20:32.047780: | 00 00 40 2e 29 00 00 1c 00 00 40 04 33 47 5f 09 Sep 21 07:20:32.047787: | a6 ee 71 2d 00 45 f2 9b 9f bd 8e 32 e2 d3 00 e0 Sep 21 07:20:32.047793: | 00 00 00 1c 00 00 40 05 89 93 08 43 3f 65 43 07 Sep 21 07:20:32.047796: | b3 e2 e9 51 26 9b eb f7 92 01 d4 d0 Sep 21 07:20:32.047827: | libevent_free: release ptr-libevent@0x7f85a4006900 Sep 21 07:20:32.047832: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f85a4002b20 Sep 21 07:20:32.047841: | #6 spent 0.307 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:20:32.047848: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:20:32.070341: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:20:32.070363: shutting down Sep 21 07:20:32.070390: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:20:32.070394: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:20:32.070399: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:20:32.070402: forgetting secrets Sep 21 07:20:32.070407: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:20:32.070411: | unreference key: 0x5556cb4d88f0 @east cnt 1-- Sep 21 07:20:32.070415: | unreference key: 0x5556cb506840 @west cnt 1-- Sep 21 07:20:32.070419: | start processing: connection "westnet-eastnet-vti-01" (in delete_connection() at connections.c:189) Sep 21 07:20:32.070423: | removing pending policy for no connection {0x5556cb582ee0} Sep 21 07:20:32.070426: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:20:32.070428: | pass 0 Sep 21 07:20:32.070431: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:20:32.070433: | state #6 Sep 21 07:20:32.070437: | suspend processing: connection "westnet-eastnet-vti-01" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:20:32.070442: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:20:32.070445: | pstats #6 ikev2.ike deleted other Sep 21 07:20:32.070451: | #6 spent 3.29 milliseconds in total Sep 21 07:20:32.070455: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:20:32.070460: "westnet-eastnet-vti-01" #6: deleting state (STATE_PARENT_I1) aged 1.027s and NOT sending notification Sep 21 07:20:32.070463: | parent state #6: PARENT_I1(half-open IKE SA) => delete Sep 21 07:20:32.070466: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:20:32.070469: | #6 STATE_PARENT_I1: retransmits: cleared Sep 21 07:20:32.070486: | libevent_free: release ptr-libevent@0x5556cb582fd0 Sep 21 07:20:32.070489: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5556cb58c410 Sep 21 07:20:32.070492: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:20:32.070495: | picked newest_isakmp_sa #0 for #6 Sep 21 07:20:32.070498: "westnet-eastnet-vti-01" #6: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:20:32.070501: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 5 seconds Sep 21 07:20:32.070504: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:20:32.070510: | stop processing: connection "westnet-eastnet-vti-01" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:20:32.070513: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:20:32.070518: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:20:32.070521: | State DB: deleting IKEv2 state #6 in PARENT_I1 Sep 21 07:20:32.070524: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:20:32.070542: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:20:32.070546: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:20:32.070549: | pass 1 Sep 21 07:20:32.070551: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:20:32.070557: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:20:32.070563: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:20:32.070566: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:32.070624: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:20:32.070634: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:20:32.070637: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:32.070640: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:32.070643: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:32.070646: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:32.070649: | route owner of "westnet-eastnet-vti-01" unrouted: NULL Sep 21 07:20:32.070652: | running updown command "ipsec _updown" for verb unroute Sep 21 07:20:32.070655: | command executing unroute-client Sep 21 07:20:32.070684: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xf Sep 21 07:20:32.070687: | popen cmd is 1121 chars long Sep 21 07:20:32.070690: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:20:32.070693: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:20:32.070696: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Sep 21 07:20:32.070698: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Sep 21 07:20:32.070701: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEE: Sep 21 07:20:32.070703: | cmd( 400):R='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER: Sep 21 07:20:32.070706: | cmd( 480):_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=': Sep 21 07:20:32.070708: | cmd( 560):0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME=': Sep 21 07:20:32.070711: | cmd( 640):0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Sep 21 07:20:32.070713: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Sep 21 07:20:32.070716: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Sep 21 07:20:32.070720: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Sep 21 07:20:32.070722: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Sep 21 07:20:32.070725: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Sep 21 07:20:32.070727: | cmd(1120):1: Sep 21 07:20:32.084672: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084686: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084688: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084690: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084709: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084730: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084740: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084752: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084763: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084775: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084812: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084818: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084822: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084844: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084876: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.084903: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.085265: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.085276: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.085288: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.099433: | flush revival: connection 'westnet-eastnet-vti-01' revival flushed Sep 21 07:20:32.099446: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:20:32.099458: | start processing: connection "westnet-eastnet-vti-02" (in delete_connection() at connections.c:189) Sep 21 07:20:32.099461: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:20:32.099464: | pass 0 Sep 21 07:20:32.099466: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:20:32.099468: | pass 1 Sep 21 07:20:32.099470: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:20:32.099477: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'delete' for rt_kind 'unrouted' using protoports 10.0.1.0/24:0 --0->- 10.0.2.0/24:0 Sep 21 07:20:32.099483: | netlink_shunt_eroute for proto 0, and source 10.0.1.0/24:0 dest 10.0.2.0/24:0 Sep 21 07:20:32.099487: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:32.099527: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:20:32.099657: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:20:32.099662: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:20:32.099665: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:20:32.099669: | route owner of "westnet-eastnet-vti-02" unrouted: NULL Sep 21 07:20:32.099672: | running updown command "ipsec _updown" for verb unroute Sep 21 07:20:32.099675: | command executing unroute-client Sep 21 07:20:32.099704: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Sep 21 07:20:32.099711: | popen cmd is 1116 chars long Sep 21 07:20:32.099714: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:20:32.099716: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:20:32.099718: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Sep 21 07:20:32.099721: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Sep 21 07:20:32.099723: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER=': Sep 21 07:20:32.099725: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLI: Sep 21 07:20:32.099727: | cmd( 480):ENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PL: Sep 21 07:20:32.099729: | cmd( 560):UTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PL: Sep 21 07:20:32.099731: | cmd( 640):UTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_A: Sep 21 07:20:32.099733: | cmd( 720):LLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F: Sep 21 07:20:32.099735: | cmd( 800):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='': Sep 21 07:20:32.099737: | cmd( 880): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU: Sep 21 07:20:32.099739: | cmd( 960):RED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' : Sep 21 07:20:32.099741: | cmd(1040):VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:20:32.112982: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.112997: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113000: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113003: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113013: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113020: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113031: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113040: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113048: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113057: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113065: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113074: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113084: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113093: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113351: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113360: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.113369: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:20:32.120271: | free hp@0x5556cb54a550 Sep 21 07:20:32.120281: | flush revival: connection 'westnet-eastnet-vti-02' wasn't on the list Sep 21 07:20:32.120285: | stop processing: connection "westnet-eastnet-vti-02" (in discard_connection() at connections.c:249) Sep 21 07:20:32.120291: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:20:32.120292: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:20:32.120302: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:20:32.120304: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:20:32.120306: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:20:32.120308: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:20:32.120311: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:20:32.120318: | libevent_free: release ptr-libevent@0x5556cb57da20 Sep 21 07:20:32.120320: | free_event_entry: release EVENT_NULL-pe@0x5556cb566970 Sep 21 07:20:32.120327: | libevent_free: release ptr-libevent@0x5556cb57db10 Sep 21 07:20:32.120329: | free_event_entry: release EVENT_NULL-pe@0x5556cb57dad0 Sep 21 07:20:32.120333: | libevent_free: release ptr-libevent@0x5556cb57dc00 Sep 21 07:20:32.120335: | free_event_entry: release EVENT_NULL-pe@0x5556cb57dbc0 Sep 21 07:20:32.120339: | libevent_free: release ptr-libevent@0x5556cb57dcf0 Sep 21 07:20:32.120341: | free_event_entry: release EVENT_NULL-pe@0x5556cb57dcb0 Sep 21 07:20:32.120344: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:20:32.120742: | libevent_free: release ptr-libevent@0x5556cb57d4c0 Sep 21 07:20:32.120747: | free_event_entry: release EVENT_NULL-pe@0x5556cb561370 Sep 21 07:20:32.120749: | libevent_free: release ptr-libevent@0x5556cb572fd0 Sep 21 07:20:32.120751: | free_event_entry: release EVENT_NULL-pe@0x5556cb566de0 Sep 21 07:20:32.120753: | libevent_free: release ptr-libevent@0x5556cb572f40 Sep 21 07:20:32.120755: | free_event_entry: release EVENT_NULL-pe@0x5556cb566e20 Sep 21 07:20:32.120757: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:20:32.120759: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:20:32.120760: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:20:32.120762: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:20:32.120763: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:20:32.120765: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:20:32.120766: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:20:32.120768: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:20:32.120769: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:20:32.120773: | libevent_free: release ptr-libevent@0x5556cb57d590 Sep 21 07:20:32.120775: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:20:32.120777: | libevent_free: release ptr-libevent@0x5556cb57d670 Sep 21 07:20:32.120778: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:20:32.120780: | libevent_free: release ptr-libevent@0x5556cb57d730 Sep 21 07:20:32.120781: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:20:32.120819: | libevent_free: release ptr-libevent@0x5556cb572340 Sep 21 07:20:32.120822: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:20:32.120823: | releasing event base Sep 21 07:20:32.120833: | libevent_free: release ptr-libevent@0x5556cb57d7f0 Sep 21 07:20:32.120834: | libevent_free: release ptr-libevent@0x5556cb552de0 Sep 21 07:20:32.120837: | libevent_free: release ptr-libevent@0x5556cb5616b0 Sep 21 07:20:32.120838: | libevent_free: release ptr-libevent@0x5556cb58c320 Sep 21 07:20:32.120840: | libevent_free: release ptr-libevent@0x5556cb5616d0 Sep 21 07:20:32.120842: | libevent_free: release ptr-libevent@0x5556cb57d550 Sep 21 07:20:32.120843: | libevent_free: release ptr-libevent@0x5556cb57d630 Sep 21 07:20:32.120845: | libevent_free: release ptr-libevent@0x5556cb561760 Sep 21 07:20:32.120850: | libevent_free: release ptr-libevent@0x5556cb566100 Sep 21 07:20:32.120851: | libevent_free: release ptr-libevent@0x5556cb566120 Sep 21 07:20:32.120853: | libevent_free: release ptr-libevent@0x5556cb57dd80 Sep 21 07:20:32.120854: | libevent_free: release ptr-libevent@0x5556cb57dc90 Sep 21 07:20:32.120856: | libevent_free: release ptr-libevent@0x5556cb57dba0 Sep 21 07:20:32.120857: | libevent_free: release ptr-libevent@0x5556cb57dab0 Sep 21 07:20:32.120858: | libevent_free: release ptr-libevent@0x5556cb4e3370 Sep 21 07:20:32.120860: | libevent_free: release ptr-libevent@0x5556cb57d710 Sep 21 07:20:32.120861: | libevent_free: release ptr-libevent@0x5556cb57d650 Sep 21 07:20:32.120863: | libevent_free: release ptr-libevent@0x5556cb57d570 Sep 21 07:20:32.120864: | libevent_free: release ptr-libevent@0x5556cb57d7d0 Sep 21 07:20:32.120865: | libevent_free: release ptr-libevent@0x5556cb4e16c0 Sep 21 07:20:32.120867: | libevent_free: release ptr-libevent@0x5556cb5616f0 Sep 21 07:20:32.120869: | libevent_free: release ptr-libevent@0x5556cb561720 Sep 21 07:20:32.120870: | libevent_free: release ptr-libevent@0x5556cb561410 Sep 21 07:20:32.120871: | releasing global libevent data Sep 21 07:20:32.120873: | libevent_free: release ptr-libevent@0x5556cb560100 Sep 21 07:20:32.120875: | libevent_free: release ptr-libevent@0x5556cb5613b0 Sep 21 07:20:32.120877: | libevent_free: release ptr-libevent@0x5556cb5613e0