--- west.console.txt	2019-09-21 07:12:56.263539255 +0000
+++ OUTPUT/west.console.txt	2019-09-21 07:21:24.858281208 +0000
@@ -32,14 +32,12 @@
  iptables -L -n
 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
-NFLOG      all  --  0.0.0.0/0            0.0.0.0/0            policy match dir in pol ipsec nflog-prefix  all-ipsec nflog-group 50
 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            policy match dir in pol ipsec
 LOGDROP    all  --  192.0.2.0/24         0.0.0.0/0           
 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination         
-NFLOG      all  --  0.0.0.0/0            0.0.0.0/0            policy match dir out pol ipsec nflog-prefix  all-ipsec nflog-group 50
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
 LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
@@ -49,11 +47,15 @@
 002 "westnet-eastnet-ikev2" #1: initiating v2 parent SA
 1v2 "westnet-eastnet-ikev2" #1: initiate
 1v2 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
-1v2 "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
-002 "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east'
-003 "westnet-eastnet-ikev2" #2: Authenticated using RSA
-002 "westnet-eastnet-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0]
-004 "westnet-eastnet-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 1 seconds for response
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 2 seconds for response
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 4 seconds for response
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 8 seconds for response
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 16 seconds for response
+010 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: retransmission; will wait 32 seconds for response
+031 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our first IKEv2 message
+000 "westnet-eastnet-ikev2" #1: starting keying attempt 2 of an unlimited number, but releasing whack
 west #
  rm -fr /tmp/nflog-50.pcap
 west #
@@ -63,31 +65,13 @@
  ping -n -c 5 -I 192.0.1.254 192.0.2.254
 tcpdump: listening on nflog:50, link-type NFLOG (Linux netfilter log messages), capture size 262144 bytes
 PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
-64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.XXX ms
-64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.XXX ms
-64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.XXX ms
-64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.XXX ms
-8 packets captured
-8 packets received by filter
-0 packets dropped by kernel
-64 bytes from 192.0.2.254: icmp_seq=5 ttl=64 time=0.XXX ms
 --- 192.0.2.254 ping statistics ---
-5 packets transmitted, 5 received, 0% packet loss, time XXXX
-rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
-[1]+  Done                    tcpdump -c 8 -s 0 -w /tmp/nflog-50.pcap -i nflog:50
+5 packets transmitted, 0 received, 100% packet loss, time XXXX
 west #
  cp  /tmp/nflog-50.pcap OUTPUT/nflog-50.pcap
 west #
  tcpdump -n -r OUTPUT/nflog-50.pcap
-reading from file OUTPUT/nflog-50.pcap, link-type NFLOG (Linux netfilter log messages)
-IP 192.0.1.254 > 192.0.2.254: ICMP echo request, id XXXX, seq 1, length 64
-IP 192.0.2.254 > 192.0.1.254: ICMP echo reply, id XXXX, seq 1, length 64
-IP 192.0.1.254 > 192.0.2.254: ICMP echo request, id XXXX, seq 2, length 64
-IP 192.0.2.254 > 192.0.1.254: ICMP echo reply, id XXXX, seq 2, length 64
-IP 192.0.1.254 > 192.0.2.254: ICMP echo request, id XXXX, seq 3, length 64
-IP 192.0.2.254 > 192.0.1.254: ICMP echo reply, id XXXX, seq 3, length 64
-IP 192.0.1.254 > 192.0.2.254: ICMP echo request, id XXXX, seq 4, length 64
-IP 192.0.2.254 > 192.0.1.254: ICMP echo reply, id XXXX, seq 4, length 64
+tcpdump: truncated dump file; tried to read 4 file header bytes, only got 0
 west #
  echo done
 done
@@ -96,10 +80,6 @@
 west NOW
 XFRM state:
 XFRM policy:
-src 192.0.1.0/24 dst 192.0.2.0/24
-	dir out priority 1042407 ptype main
-	tmpl src 0.0.0.0 dst 0.0.0.0
-		proto esp reqid REQID mode transport
 XFRM done
 IPSEC mangle TABLES
 NEW_IPSEC_CONN mangle TABLES
@@ -114,7 +94,8 @@
 west #
 west #
  ipsec stop
-Redirecting to: [initsystem]
+PATH/bin/nsenter --mount=/run/mountns/west-nflog-01-global --net=/run/netns/west-nflog-01-global --uts=/run/utsns/west-nflog-01-global /bin/bash
+002 shutting down
 west #
  # show no nflog left behind
 west #