Sep 21 07:24:27.719315: FIPS Product: YES Sep 21 07:24:27.719460: FIPS Kernel: NO Sep 21 07:24:27.719464: FIPS Mode: NO Sep 21 07:24:27.719467: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:24:27.719651: Initializing NSS Sep 21 07:24:27.719655: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:24:27.842009: NSS initialized Sep 21 07:24:27.842022: NSS crypto library initialized Sep 21 07:24:27.842025: FIPS HMAC integrity support [enabled] Sep 21 07:24:27.842027: FIPS mode disabled for pluto daemon Sep 21 07:24:27.999137: FIPS HMAC integrity verification self-test FAILED Sep 21 07:24:27.999243: libcap-ng support [enabled] Sep 21 07:24:27.999254: Linux audit support [enabled] Sep 21 07:24:27.999283: Linux audit activated Sep 21 07:24:27.999290: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17663 Sep 21 07:24:27.999293: core dump dir: /tmp Sep 21 07:24:27.999295: secrets file: /etc/ipsec.secrets Sep 21 07:24:27.999297: leak-detective disabled Sep 21 07:24:27.999299: NSS crypto [enabled] Sep 21 07:24:27.999301: XAUTH PAM support [enabled] Sep 21 07:24:27.999373: | libevent is using pluto's memory allocator Sep 21 07:24:27.999379: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:24:27.999393: | libevent_malloc: new ptr-libevent@0x56228dc8aed0 size 40 Sep 21 07:24:27.999396: | libevent_malloc: new ptr-libevent@0x56228dc8c180 size 40 Sep 21 07:24:27.999400: | libevent_malloc: new ptr-libevent@0x56228dc8c1b0 size 40 Sep 21 07:24:27.999402: | creating event base Sep 21 07:24:27.999405: | libevent_malloc: new ptr-libevent@0x56228dc8c140 size 56 Sep 21 07:24:27.999408: | libevent_malloc: new ptr-libevent@0x56228dc8c1e0 size 664 Sep 21 07:24:27.999419: | libevent_malloc: new ptr-libevent@0x56228dc8c480 size 24 Sep 21 07:24:27.999422: | libevent_malloc: new ptr-libevent@0x56228dc7dbd0 size 384 Sep 21 07:24:27.999431: | libevent_malloc: new ptr-libevent@0x56228dc8c4a0 size 16 Sep 21 07:24:27.999434: | libevent_malloc: new ptr-libevent@0x56228dc8c4c0 size 40 Sep 21 07:24:27.999436: | libevent_malloc: new ptr-libevent@0x56228dc8c4f0 size 48 Sep 21 07:24:27.999445: | libevent_realloc: new ptr-libevent@0x56228dc0e370 size 256 Sep 21 07:24:27.999447: | libevent_malloc: new ptr-libevent@0x56228dc8c530 size 16 Sep 21 07:24:27.999453: | libevent_free: release ptr-libevent@0x56228dc8c140 Sep 21 07:24:27.999456: | libevent initialized Sep 21 07:24:27.999460: | libevent_realloc: new ptr-libevent@0x56228dc8c550 size 64 Sep 21 07:24:27.999463: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:24:27.999480: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:24:27.999483: NAT-Traversal support [enabled] Sep 21 07:24:27.999485: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:24:27.999492: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:24:27.999496: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:24:27.999530: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:24:27.999534: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:24:27.999537: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:24:27.999590: Encryption algorithms: Sep 21 07:24:27.999599: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:24:27.999603: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:24:27.999607: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:24:27.999610: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:24:27.999613: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:24:27.999622: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:24:27.999626: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:24:27.999630: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:24:27.999633: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:24:27.999637: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:24:27.999640: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:24:27.999644: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:24:27.999647: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:24:27.999651: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:24:27.999654: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:24:27.999657: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:24:27.999660: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:24:27.999667: Hash algorithms: Sep 21 07:24:27.999670: MD5 IKEv1: IKE IKEv2: Sep 21 07:24:27.999673: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:24:27.999676: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:24:27.999679: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:24:27.999682: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:24:27.999694: PRF algorithms: Sep 21 07:24:27.999697: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:24:27.999700: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:24:27.999704: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:24:27.999707: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:24:27.999710: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:24:27.999713: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:24:27.999738: Integrity algorithms: Sep 21 07:24:27.999741: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:24:27.999745: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:24:27.999749: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:24:27.999752: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:24:27.999756: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:24:27.999759: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:24:27.999763: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:24:27.999765: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:24:27.999768: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:24:27.999780: DH algorithms: Sep 21 07:24:27.999787: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:24:27.999792: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:24:27.999795: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:24:27.999800: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:24:27.999803: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:24:27.999806: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:24:27.999809: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:24:27.999812: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:24:27.999815: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:24:27.999818: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:24:27.999821: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:24:27.999823: testing CAMELLIA_CBC: Sep 21 07:24:27.999826: Camellia: 16 bytes with 128-bit key Sep 21 07:24:27.999944: Camellia: 16 bytes with 128-bit key Sep 21 07:24:27.999972: Camellia: 16 bytes with 256-bit key Sep 21 07:24:28.000001: Camellia: 16 bytes with 256-bit key Sep 21 07:24:28.000028: testing AES_GCM_16: Sep 21 07:24:28.000032: empty string Sep 21 07:24:28.000060: one block Sep 21 07:24:28.000085: two blocks Sep 21 07:24:28.000110: two blocks with associated data Sep 21 07:24:28.000136: testing AES_CTR: Sep 21 07:24:28.000139: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:24:28.000165: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:24:28.000192: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:24:28.000219: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:24:28.000244: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:24:28.000271: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:24:28.000298: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:24:28.000324: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:24:28.000351: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:24:28.000380: testing AES_CBC: Sep 21 07:24:28.000382: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:24:28.000408: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:24:28.000436: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:24:28.000465: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:24:28.000499: testing AES_XCBC: Sep 21 07:24:28.000501: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:24:28.000621: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:24:28.000753: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:24:28.000881: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:24:28.001012: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:24:28.001157: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:24:28.001299: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:24:28.001616: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:24:28.001758: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:24:28.001920: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:24:28.002186: testing HMAC_MD5: Sep 21 07:24:28.002190: RFC 2104: MD5_HMAC test 1 Sep 21 07:24:28.002445: RFC 2104: MD5_HMAC test 2 Sep 21 07:24:28.002613: RFC 2104: MD5_HMAC test 3 Sep 21 07:24:28.002807: 8 CPU cores online Sep 21 07:24:28.002814: starting up 7 crypto helpers Sep 21 07:24:28.002851: started thread for crypto helper 0 Sep 21 07:24:28.002872: started thread for crypto helper 1 Sep 21 07:24:28.002902: started thread for crypto helper 2 Sep 21 07:24:28.002920: started thread for crypto helper 3 Sep 21 07:24:28.002937: started thread for crypto helper 4 Sep 21 07:24:28.002954: started thread for crypto helper 5 Sep 21 07:24:28.002974: started thread for crypto helper 6 Sep 21 07:24:28.002978: | checking IKEv1 state table Sep 21 07:24:28.002984: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:28.002987: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:24:28.002989: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:28.002991: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:24:28.002994: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:24:28.002996: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:24:28.002999: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:28.003001: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:28.003003: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:24:28.003005: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:24:28.003008: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:28.003010: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:28.003012: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:24:28.003015: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:28.003017: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:28.003019: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:24:28.003021: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:24:28.003023: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:28.003025: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:28.003026: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:24:28.003028: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:24:28.003030: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003032: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:24:28.003034: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003036: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:28.003038: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:24:28.003040: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:28.003042: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:24:28.003043: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:24:28.003045: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:24:28.003047: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:24:28.003049: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:24:28.003051: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:24:28.003053: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003055: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:24:28.003057: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003059: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:24:28.003061: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:24:28.003063: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:24:28.003064: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:24:28.003066: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:24:28.003068: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:24:28.003070: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:24:28.003072: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003074: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:24:28.003076: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003078: | INFO: category: informational flags: 0: Sep 21 07:24:28.003080: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003082: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:24:28.003084: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003086: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:24:28.003088: | -> XAUTH_R1 EVENT_NULL Sep 21 07:24:28.003090: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:24:28.003092: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:28.003094: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:24:28.003095: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:24:28.003098: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:24:28.003099: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:24:28.003102: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:24:28.003103: | -> UNDEFINED EVENT_NULL Sep 21 07:24:28.003105: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:24:28.003110: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:28.003112: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:24:28.003114: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:24:28.003116: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:24:28.003118: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:24:28.003124: | checking IKEv2 state table Sep 21 07:24:28.003129: | PARENT_I0: category: ignore flags: 0: Sep 21 07:24:28.003131: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:24:28.003133: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:28.003136: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:24:28.003138: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:24:28.003140: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:24:28.003142: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:24:28.003145: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:24:28.003147: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:24:28.003150: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:24:28.003152: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:24:28.003155: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:24:28.003158: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:24:28.003160: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:24:28.003163: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:24:28.003165: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:24:28.003168: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:28.003170: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:24:28.003173: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:24:28.003175: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:24:28.003178: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:24:28.003181: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:24:28.003183: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:24:28.003186: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:24:28.003188: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:24:28.003191: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:24:28.003193: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:24:28.003196: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:24:28.003199: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:24:28.003202: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:24:28.003205: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:24:28.003207: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:24:28.003210: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:24:28.003212: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:24:28.003215: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:24:28.003218: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:24:28.003221: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:24:28.003223: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:24:28.003226: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:24:28.003231: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:24:28.003233: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:24:28.003236: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:24:28.003239: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:24:28.003242: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:24:28.003245: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:24:28.003247: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:24:28.003250: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:24:28.003303: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:24:28.003364: | Hard-wiring algorithms Sep 21 07:24:28.003369: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:24:28.003373: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:24:28.003375: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:24:28.003377: | adding 3DES_CBC to kernel algorithm db Sep 21 07:24:28.003379: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:24:28.003381: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:24:28.003383: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:24:28.003385: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:24:28.003386: | adding AES_CTR to kernel algorithm db Sep 21 07:24:28.003388: | adding AES_CBC to kernel algorithm db Sep 21 07:24:28.003390: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:24:28.003392: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:24:28.003394: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:24:28.003396: | adding NULL to kernel algorithm db Sep 21 07:24:28.003398: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:24:28.003400: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:24:28.003402: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:24:28.003404: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:24:28.003406: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:24:28.003408: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:24:28.003410: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:24:28.003412: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:24:28.003414: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:24:28.003416: | adding NONE to kernel algorithm db Sep 21 07:24:28.003438: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:24:28.003443: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:24:28.003445: | setup kernel fd callback Sep 21 07:24:28.003448: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56228dc91bf0 Sep 21 07:24:28.003451: | libevent_malloc: new ptr-libevent@0x56228dc9dd10 size 128 Sep 21 07:24:28.003454: | libevent_malloc: new ptr-libevent@0x56228dc90ed0 size 16 Sep 21 07:24:28.003460: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56228dc91bb0 Sep 21 07:24:28.003464: | libevent_malloc: new ptr-libevent@0x56228dc9dda0 size 128 Sep 21 07:24:28.003466: | libevent_malloc: new ptr-libevent@0x56228dc90ef0 size 16 Sep 21 07:24:28.003699: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:24:28.003708: selinux support is enabled. Sep 21 07:24:28.003790: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:24:28.003976: | unbound context created - setting debug level to 5 Sep 21 07:24:28.004004: | /etc/hosts lookups activated Sep 21 07:24:28.004022: | /etc/resolv.conf usage activated Sep 21 07:24:28.004074: | outgoing-port-avoid set 0-65535 Sep 21 07:24:28.004095: | outgoing-port-permit set 32768-60999 Sep 21 07:24:28.004098: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:24:28.004101: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:24:28.004103: | Setting up events, loop start Sep 21 07:24:28.004106: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56228dc8c140 Sep 21 07:24:28.004112: | libevent_malloc: new ptr-libevent@0x56228dca8290 size 128 Sep 21 07:24:28.004114: | libevent_malloc: new ptr-libevent@0x56228dca8320 size 16 Sep 21 07:24:28.004120: | libevent_realloc: new ptr-libevent@0x56228dc0c6c0 size 256 Sep 21 07:24:28.004123: | libevent_malloc: new ptr-libevent@0x56228dca8340 size 8 Sep 21 07:24:28.004125: | libevent_realloc: new ptr-libevent@0x56228dc9d110 size 144 Sep 21 07:24:28.004127: | libevent_malloc: new ptr-libevent@0x56228dca8360 size 152 Sep 21 07:24:28.004131: | libevent_malloc: new ptr-libevent@0x56228dca8400 size 16 Sep 21 07:24:28.004134: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:24:28.004136: | libevent_malloc: new ptr-libevent@0x56228dca8420 size 8 Sep 21 07:24:28.004139: | libevent_malloc: new ptr-libevent@0x56228dca8440 size 152 Sep 21 07:24:28.004141: | signal event handler PLUTO_SIGTERM installed Sep 21 07:24:28.004143: | libevent_malloc: new ptr-libevent@0x56228dca84e0 size 8 Sep 21 07:24:28.004145: | libevent_malloc: new ptr-libevent@0x56228dca8500 size 152 Sep 21 07:24:28.004148: | signal event handler PLUTO_SIGHUP installed Sep 21 07:24:28.004150: | libevent_malloc: new ptr-libevent@0x56228dca85a0 size 8 Sep 21 07:24:28.004152: | libevent_realloc: release ptr-libevent@0x56228dc9d110 Sep 21 07:24:28.004155: | libevent_realloc: new ptr-libevent@0x56228dca85c0 size 256 Sep 21 07:24:28.004157: | libevent_malloc: new ptr-libevent@0x56228dc9d110 size 152 Sep 21 07:24:28.004160: | signal event handler PLUTO_SIGSYS installed Sep 21 07:24:28.004543: | created addconn helper (pid:17883) using fork+execve Sep 21 07:24:28.004557: | forked child 17883 Sep 21 07:24:28.004597: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:28.004621: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:24:28.004631: listening for IKE messages Sep 21 07:24:28.004685: | Inspecting interface lo Sep 21 07:24:28.004693: | found lo with address 127.0.0.1 Sep 21 07:24:28.004696: | Inspecting interface eth0 Sep 21 07:24:28.004700: | found eth0 with address 192.0.2.254 Sep 21 07:24:28.004702: | Inspecting interface eth1 Sep 21 07:24:28.004706: | found eth1 with address 192.1.2.23 Sep 21 07:24:28.004754: Kernel supports NIC esp-hw-offload Sep 21 07:24:28.004772: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:24:28.004806: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:28.004815: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:28.004819: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:24:28.004854: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:24:28.004884: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:28.004889: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:28.004892: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:24:28.004925: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:24:28.004956: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:28.004961: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:28.004965: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:24:28.005046: | no interfaces to sort Sep 21 07:24:28.005051: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:28.005060: | add_fd_read_event_handler: new ethX-pe@0x56228dca8930 Sep 21 07:24:28.005063: | libevent_malloc: new ptr-libevent@0x56228dca8970 size 128 Sep 21 07:24:28.005066: | libevent_malloc: new ptr-libevent@0x56228dca8a00 size 16 Sep 21 07:24:28.005075: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:24:28.005078: | add_fd_read_event_handler: new ethX-pe@0x56228dca8a20 Sep 21 07:24:28.005081: | libevent_malloc: new ptr-libevent@0x56228dca8a60 size 128 Sep 21 07:24:28.005083: | libevent_malloc: new ptr-libevent@0x56228dca8af0 size 16 Sep 21 07:24:28.005091: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:24:28.005094: | add_fd_read_event_handler: new ethX-pe@0x56228dca8b10 Sep 21 07:24:28.005097: | libevent_malloc: new ptr-libevent@0x56228dca8b50 size 128 Sep 21 07:24:28.005099: | libevent_malloc: new ptr-libevent@0x56228dca8be0 size 16 Sep 21 07:24:28.005104: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:24:28.005107: | add_fd_read_event_handler: new ethX-pe@0x56228dca8c00 Sep 21 07:24:28.005110: | libevent_malloc: new ptr-libevent@0x56228dca8c40 size 128 Sep 21 07:24:28.005112: | libevent_malloc: new ptr-libevent@0x56228dca8cd0 size 16 Sep 21 07:24:28.005117: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:24:28.005120: | add_fd_read_event_handler: new ethX-pe@0x56228dca8cf0 Sep 21 07:24:28.005123: | libevent_malloc: new ptr-libevent@0x56228dca8d30 size 128 Sep 21 07:24:28.005126: | libevent_malloc: new ptr-libevent@0x56228dca8dc0 size 16 Sep 21 07:24:28.005130: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:24:28.005133: | add_fd_read_event_handler: new ethX-pe@0x56228dca8de0 Sep 21 07:24:28.005135: | libevent_malloc: new ptr-libevent@0x56228dca8e20 size 128 Sep 21 07:24:28.005138: | libevent_malloc: new ptr-libevent@0x56228dca8eb0 size 16 Sep 21 07:24:28.005143: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:24:28.005148: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:28.005151: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:28.005170: loading secrets from "/etc/ipsec.secrets" Sep 21 07:24:28.005190: | id type added to secret(0x56228dc9ded0) PKK_PSK: @east Sep 21 07:24:28.005194: | id type added to secret(0x56228dc9ded0) PKK_PSK: @west Sep 21 07:24:28.005199: | Processing PSK at line 1: passed Sep 21 07:24:28.005201: | certs and keys locked by 'process_secret' Sep 21 07:24:28.005206: | certs and keys unlocked by 'process_secret' Sep 21 07:24:28.005211: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:24:28.005641: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:28.005651: | spent 0.585 milliseconds in whack Sep 21 07:24:28.020908: | starting up helper thread 0 Sep 21 07:24:28.020936: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:24:28.020943: | crypto helper 0 waiting (nothing to do) Sep 21 07:24:28.020956: | starting up helper thread 1 Sep 21 07:24:28.020962: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:24:28.020965: | crypto helper 1 waiting (nothing to do) Sep 21 07:24:28.020976: | starting up helper thread 3 Sep 21 07:24:28.020985: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:24:28.020987: | crypto helper 3 waiting (nothing to do) Sep 21 07:24:28.020998: | starting up helper thread 5 Sep 21 07:24:28.021002: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:24:28.021004: | crypto helper 5 waiting (nothing to do) Sep 21 07:24:28.024976: | starting up helper thread 2 Sep 21 07:24:28.024991: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:24:28.024994: | crypto helper 2 waiting (nothing to do) Sep 21 07:24:28.025800: | starting up helper thread 4 Sep 21 07:24:28.025813: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:24:28.025817: | crypto helper 4 waiting (nothing to do) Sep 21 07:24:28.025828: | starting up helper thread 6 Sep 21 07:24:28.025834: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:24:28.025837: | crypto helper 6 waiting (nothing to do) Sep 21 07:24:28.244991: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:28.245020: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:24:28.245026: listening for IKE messages Sep 21 07:24:28.245060: | Inspecting interface lo Sep 21 07:24:28.245072: | found lo with address 127.0.0.1 Sep 21 07:24:28.245075: | Inspecting interface eth0 Sep 21 07:24:28.245080: | found eth0 with address 192.0.2.254 Sep 21 07:24:28.245082: | Inspecting interface eth1 Sep 21 07:24:28.245086: | found eth1 with address 192.1.2.23 Sep 21 07:24:28.245165: | no interfaces to sort Sep 21 07:24:28.245173: | libevent_free: release ptr-libevent@0x56228dca8970 Sep 21 07:24:28.245177: | free_event_entry: release EVENT_NULL-pe@0x56228dca8930 Sep 21 07:24:28.245180: | add_fd_read_event_handler: new ethX-pe@0x56228dca8930 Sep 21 07:24:28.245183: | libevent_malloc: new ptr-libevent@0x56228dca8970 size 128 Sep 21 07:24:28.245190: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:24:28.245194: | libevent_free: release ptr-libevent@0x56228dca8a60 Sep 21 07:24:28.245197: | free_event_entry: release EVENT_NULL-pe@0x56228dca8a20 Sep 21 07:24:28.245199: | add_fd_read_event_handler: new ethX-pe@0x56228dca8a20 Sep 21 07:24:28.245202: | libevent_malloc: new ptr-libevent@0x56228dca8a60 size 128 Sep 21 07:24:28.245207: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:24:28.245210: | libevent_free: release ptr-libevent@0x56228dca8b50 Sep 21 07:24:28.245213: | free_event_entry: release EVENT_NULL-pe@0x56228dca8b10 Sep 21 07:24:28.245215: | add_fd_read_event_handler: new ethX-pe@0x56228dca8b10 Sep 21 07:24:28.245218: | libevent_malloc: new ptr-libevent@0x56228dca8b50 size 128 Sep 21 07:24:28.245223: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:24:28.245226: | libevent_free: release ptr-libevent@0x56228dca8c40 Sep 21 07:24:28.245228: | free_event_entry: release EVENT_NULL-pe@0x56228dca8c00 Sep 21 07:24:28.245231: | add_fd_read_event_handler: new ethX-pe@0x56228dca8c00 Sep 21 07:24:28.245233: | libevent_malloc: new ptr-libevent@0x56228dca8c40 size 128 Sep 21 07:24:28.245238: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:24:28.245241: | libevent_free: release ptr-libevent@0x56228dca8d30 Sep 21 07:24:28.245244: | free_event_entry: release EVENT_NULL-pe@0x56228dca8cf0 Sep 21 07:24:28.245247: | add_fd_read_event_handler: new ethX-pe@0x56228dca8cf0 Sep 21 07:24:28.245249: | libevent_malloc: new ptr-libevent@0x56228dca8d30 size 128 Sep 21 07:24:28.245254: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:24:28.245258: | libevent_free: release ptr-libevent@0x56228dca8e20 Sep 21 07:24:28.245260: | free_event_entry: release EVENT_NULL-pe@0x56228dca8de0 Sep 21 07:24:28.245263: | add_fd_read_event_handler: new ethX-pe@0x56228dca8de0 Sep 21 07:24:28.245265: | libevent_malloc: new ptr-libevent@0x56228dca8e20 size 128 Sep 21 07:24:28.245270: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:24:28.245273: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:28.245275: forgetting secrets Sep 21 07:24:28.245281: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:28.245295: loading secrets from "/etc/ipsec.secrets" Sep 21 07:24:28.245303: | id type added to secret(0x56228dc9ded0) PKK_PSK: @east Sep 21 07:24:28.245306: | id type added to secret(0x56228dc9ded0) PKK_PSK: @west Sep 21 07:24:28.245310: | Processing PSK at line 1: passed Sep 21 07:24:28.245313: | certs and keys locked by 'process_secret' Sep 21 07:24:28.245315: | certs and keys unlocked by 'process_secret' Sep 21 07:24:28.245319: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:24:28.245325: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:28.245332: | spent 0.344 milliseconds in whack Sep 21 07:24:28.245925: | processing signal PLUTO_SIGCHLD Sep 21 07:24:28.245944: | waitpid returned pid 17883 (exited with status 0) Sep 21 07:24:28.245949: | reaped addconn helper child (status 0) Sep 21 07:24:28.245953: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:28.245959: | spent 0.0231 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:28.318066: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:28.318121: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:28.318126: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:28.318129: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:28.318130: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:28.318134: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:28.318141: | Added new connection westnet-eastnet with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:28.318143: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:24:28.318148: | counting wild cards for @west is 0 Sep 21 07:24:28.318152: | counting wild cards for @east is 0 Sep 21 07:24:28.318164: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:24:28.318169: | new hp@0x56228dc75420 Sep 21 07:24:28.318172: added connection description "westnet-eastnet" Sep 21 07:24:28.318180: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:28.318192: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:24:28.318198: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:28.318205: | spent 0.119 milliseconds in whack Sep 21 07:24:28.321208: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:28.321235: add keyid @west Sep 21 07:24:28.321240: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:24:28.321243: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:24:28.321244: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:24:28.321246: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:24:28.321248: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:24:28.321250: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:24:28.321252: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:24:28.321254: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:24:28.321256: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:24:28.321258: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:24:28.321260: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:24:28.321262: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:24:28.321264: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:24:28.321266: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:24:28.321268: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:24:28.321270: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:24:28.321272: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:24:28.321275: | add pubkey 15 04 37 f9 Sep 21 07:24:28.321313: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:24:28.321316: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:24:28.321323: | keyid: *AQOm9dY/4 Sep 21 07:24:28.321325: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:24:28.321327: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:24:28.321329: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:24:28.321331: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:24:28.321333: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:24:28.321335: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:24:28.321337: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:24:28.321339: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:24:28.321341: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:24:28.321343: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:24:28.321351: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:24:28.321354: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:24:28.321355: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:24:28.321357: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:24:28.321359: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:24:28.321361: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:24:28.321363: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:24:28.321365: | n 37 f9 Sep 21 07:24:28.321367: | e 03 Sep 21 07:24:28.321369: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:24:28.321371: | CKAID 7f 0f 03 50 Sep 21 07:24:28.321378: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:28.321385: | spent 0.178 milliseconds in whack Sep 21 07:24:28.321431: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:28.321445: add keyid @east Sep 21 07:24:28.321449: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:24:28.321451: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:24:28.321453: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:24:28.321455: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:24:28.321457: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:24:28.321459: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:24:28.321461: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:24:28.321463: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:24:28.321465: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:24:28.321467: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:24:28.321469: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:24:28.321471: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:24:28.321473: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:24:28.321475: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:24:28.321477: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:24:28.321479: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:24:28.321481: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:24:28.321483: | add pubkey 51 51 48 ef Sep 21 07:24:28.321496: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:24:28.321499: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:24:28.321504: | keyid: *AQO9bJbr3 Sep 21 07:24:28.321507: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:24:28.321509: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:24:28.321511: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:24:28.321514: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:24:28.321516: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:24:28.321518: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:24:28.321520: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:24:28.321522: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:24:28.321524: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:24:28.321526: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:24:28.321528: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:24:28.321531: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:24:28.321533: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:24:28.321535: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:24:28.321538: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:24:28.321544: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:24:28.321546: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:24:28.321548: | n 48 ef Sep 21 07:24:28.321551: | e 03 Sep 21 07:24:28.321553: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:24:28.321555: | CKAID 8a 82 25 f1 Sep 21 07:24:28.321562: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:28.321567: | spent 0.135 milliseconds in whack Sep 21 07:24:29.701434: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:29.701466: | *received 88 bytes from 192.1.2.45:59149 on eth1 (192.1.2.23:500) Sep 21 07:24:29.701470: | b9 ce 3e ef c8 b6 61 dd 00 00 00 00 00 00 00 00 Sep 21 07:24:29.701472: | 01 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c Sep 21 07:24:29.701474: | 00 00 00 01 ff ff ff ff 00 00 00 00 01 01 00 01 Sep 21 07:24:29.701477: | 00 00 00 28 01 01 00 00 80 0b 00 01 00 0c 00 04 Sep 21 07:24:29.701479: | 00 01 51 80 80 01 00 07 80 0e 01 00 80 03 00 03 Sep 21 07:24:29.701481: | 80 02 00 02 80 04 00 05 Sep 21 07:24:29.701487: | start processing: from 192.1.2.45:59149 (in process_md() at demux.c:378) Sep 21 07:24:29.701491: | **parse ISAKMP Message: Sep 21 07:24:29.701493: | initiator cookie: Sep 21 07:24:29.701496: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:24:29.701498: | responder cookie: Sep 21 07:24:29.701500: | 00 00 00 00 00 00 00 00 Sep 21 07:24:29.701503: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:24:29.701505: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:24:29.701508: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:24:29.701510: | flags: none (0x0) Sep 21 07:24:29.701513: | Message ID: 0 (0x0) Sep 21 07:24:29.701515: | length: 88 (0x58) Sep 21 07:24:29.701518: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:24:29.701522: | State DB: IKEv1 state not found (find_state_ikev1_init) Sep 21 07:24:29.701524: | #null state always idle Sep 21 07:24:29.701527: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:24:29.701531: | ***parse ISAKMP Security Association Payload: Sep 21 07:24:29.701533: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:29.701535: | length: 60 (0x3c) Sep 21 07:24:29.701537: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:24:29.701540: | message 'main_inI1_outR1' HASH payload not checked early Sep 21 07:24:29.701543: | in statetime_start() with no state Sep 21 07:24:29.701548: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:59149 policy=IKEV1_ALLOW but ignoring ports Sep 21 07:24:29.701553: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:24:29.701557: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:24:29.701561: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet) Sep 21 07:24:29.701563: | find_next_host_connection returns westnet-eastnet Sep 21 07:24:29.701566: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:24:29.701568: | find_next_host_connection returns empty Sep 21 07:24:29.701591: | creating state object #1 at 0x56228dcab4f0 Sep 21 07:24:29.701594: | State DB: adding IKEv1 state #1 in UNDEFINED Sep 21 07:24:29.701602: | pstats #1 ikev1.isakmp started Sep 21 07:24:29.701606: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:24:29.701613: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in main_inI1_outR1() at ikev1_main.c:667) Sep 21 07:24:29.701617: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Sep 21 07:24:29.701620: | sender checking NAT-T: enabled; VID 0 Sep 21 07:24:29.701622: | ICOOKIE-DUMP: b9 ce 3e ef c8 b6 61 dd Sep 21 07:24:29.701625: "westnet-eastnet" #1: responding to Main Mode Sep 21 07:24:29.701655: | **emit ISAKMP Message: Sep 21 07:24:29.701662: | initiator cookie: Sep 21 07:24:29.701664: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:24:29.701666: | responder cookie: Sep 21 07:24:29.701668: | bb 8e b3 eb 56 cb 34 0c Sep 21 07:24:29.701671: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:24:29.701673: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:24:29.701676: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:24:29.701678: | flags: none (0x0) Sep 21 07:24:29.701680: | Message ID: 0 (0x0) Sep 21 07:24:29.701683: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:29.701686: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:24:29.701689: | ***emit ISAKMP Security Association Payload: Sep 21 07:24:29.701691: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:24:29.701693: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:24:29.701696: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:24:29.701699: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:24:29.701702: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:24:29.701712: "westnet-eastnet" #1: bitset IPsec DOI SIT of IPsec DOI SIT has unknown member(s): SIT_IDENTITY_ONLY+SIT_SECRECY+SIT_INTEGRITY+0x8+0x10+0x20+0x40+0x80+0x100+0x200+0x400+0x800+0x1000+0x2000+0x4000+0x8000+0x10000+0x20000+0x40000+0x80000+0x100000+0x200000+0x400000+0x800000+0x1000000+0x2000000+0x4000000+0x8000000+0x10000000+0x20000000+0x40000000+0x80000000 (0xffffffff) Sep 21 07:24:29.701716: | complete v1 state transition with SITUATION_NOT_SUPPORTED Sep 21 07:24:29.701721: | [RE]START processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:24:29.701723: | #1 is idle Sep 21 07:24:29.701814: "westnet-eastnet" #1: sending notification SITUATION_NOT_SUPPORTED to 192.1.2.45:59149 Sep 21 07:24:29.701821: | **emit ISAKMP Message: Sep 21 07:24:29.701824: | initiator cookie: Sep 21 07:24:29.701826: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:24:29.701828: | responder cookie: Sep 21 07:24:29.701830: | bb 8e b3 eb 56 cb 34 0c Sep 21 07:24:29.701833: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:29.701835: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:24:29.701837: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:24:29.701840: | flags: none (0x0) Sep 21 07:24:29.701842: | Message ID: 0 (0x0) Sep 21 07:24:29.701845: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:29.701847: | ***emit ISAKMP Notification Payload: Sep 21 07:24:29.701850: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:29.701852: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:24:29.701855: | protocol ID: 1 (0x1) Sep 21 07:24:29.701857: | SPI size: 0 (0x0) Sep 21 07:24:29.701859: | Notify Message Type: SITUATION_NOT_SUPPORTED (0x3) Sep 21 07:24:29.701862: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:24:29.701865: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' Sep 21 07:24:29.701868: | emitting length of ISAKMP Notification Payload: 12 Sep 21 07:24:29.701870: | emitting length of ISAKMP Message: 40 Sep 21 07:24:29.701876: | sending 40 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:59149 (using #1) Sep 21 07:24:29.701880: | b9 ce 3e ef c8 b6 61 dd bb 8e b3 eb 56 cb 34 0c Sep 21 07:24:29.701883: | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c Sep 21 07:24:29.701885: | 00 00 00 01 01 00 00 03 Sep 21 07:24:29.701905: | state transition function for STATE_MAIN_R0 failed: SITUATION_NOT_SUPPORTED Sep 21 07:24:29.701914: | stop processing: from 192.1.2.45:59149 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:24:29.701919: | stop processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in process_md() at demux.c:382) Sep 21 07:24:29.701921: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:29.701926: | spent 0.46 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:29.704037: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:29.704056: | *received 88 bytes from 192.1.2.45:34273 on eth1 (192.1.2.23:500) Sep 21 07:24:29.704060: | b9 ce 3e ef c8 b6 61 dd 00 00 00 00 00 00 00 00 Sep 21 07:24:29.704062: | 0f 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c Sep 21 07:24:29.704065: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01 Sep 21 07:24:29.704067: | 00 00 00 28 01 01 00 00 80 0b 00 01 00 0c 00 04 Sep 21 07:24:29.704069: | 00 01 51 80 80 01 00 07 80 0e 01 00 80 03 00 03 Sep 21 07:24:29.704071: | 80 02 00 02 80 04 00 05 Sep 21 07:24:29.704076: | start processing: from 192.1.2.45:34273 (in process_md() at demux.c:378) Sep 21 07:24:29.704079: | **parse ISAKMP Message: Sep 21 07:24:29.704081: | initiator cookie: Sep 21 07:24:29.704084: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:24:29.704086: | responder cookie: Sep 21 07:24:29.704088: | 00 00 00 00 00 00 00 00 Sep 21 07:24:29.704091: | next payload type: ISAKMP_NEXT_SAK (0xf) Sep 21 07:24:29.704093: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:24:29.704096: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:24:29.704098: | flags: none (0x0) Sep 21 07:24:29.704101: | Message ID: 0 (0x0) Sep 21 07:24:29.704103: | length: 88 (0x58) Sep 21 07:24:29.704106: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:24:29.704109: | State DB: found IKEv1 state #1 in MAIN_R0 (find_state_ikev1_init) Sep 21 07:24:29.704114: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in process_v1_packet() at ikev1.c:1392) Sep 21 07:24:29.704117: "westnet-eastnet" #1: discarding initial packet; already STATE_MAIN_R0 Sep 21 07:24:29.704122: | stop processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in process_v1_packet() at ikev1.c:1405) Sep 21 07:24:29.704126: | stop processing: from 192.1.2.45:34273 (in process_md() at demux.c:380) Sep 21 07:24:29.704129: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:29.704132: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:29.704136: | spent 0.0867 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:31.186843: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:31.187044: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:31.187049: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:31.187107: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:31.187110: | FOR_EACH_STATE_... in sort_states Sep 21 07:24:31.187125: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:31.187130: | spent 0.296 milliseconds in whack [New LWP 17698] [New LWP 17964] [New LWP 17968] [New LWP 17965] [New LWP 17970] [New LWP 17967] [New LWP 17966] [New LWP 17969] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f22d1b24e75 in raise () from /lib64/libc.so.6 [Current thread is 1 (Thread 0x7f22d0b80900 (LWP 17698))] #0 0x00007f22d1b24e75 in raise () from /lib64/libc.so.6 #1 0x00007f22d1b0f895 in abort () from /lib64/libc.so.6 #2 0x00007f22d1b67d4f in __libc_message () from /lib64/libc.so.6 #3 0x00007f22d1b6e5fc in malloc_printerr () from /lib64/libc.so.6 #4 0x00007f22d1b6ffb5 in _int_free () from /lib64/libc.so.6 #5 0x00005589581e4221 in free_id_content (id=0x558958b2c1e0) at /home/build/libreswan/lib/libswan/id.c:254 #6 free_id_content (id=id@entry=0x558958b2c1e0) at /home/build/libreswan/lib/libswan/id.c:247 #7 0x000055895816b98d in delete_end (e=e@entry=0x558958b2c1e0) at /home/build/libreswan/programs/pluto/connections.c:156 #8 0x000055895816bc7b in delete_sr (sr=0x558958b2c060) at /home/build/libreswan/programs/pluto/connections.c:171 #9 discard_connection (c=0x558958b2bf10, old_cur_connection=, connection_valid=) at /home/build/libreswan/programs/pluto/connections.c:281 #10 0x00005589581707a2 in delete_connection (c=0x558958b2bf10, relations=relations@entry=true) at /home/build/libreswan/programs/pluto/connections.c:216 #11 0x0000558958170aaa in delete_every_connection () at /home/build/libreswan/programs/pluto/connections.c:349 #12 0x0000558958185099 in exit_pluto (status=status@entry=0) at /home/build/libreswan/programs/pluto/plutomain.c:1832 #13 0x00005589581cc13e in whack_process (whackfd=..., m=m@entry=0x7ffe6da81dc0) at /home/build/libreswan/programs/pluto/rcv_whack.c:695 #14 0x00005589581cc3fd in whack_handle (whackctlfd=whackctlfd@entry=4) at /home/build/libreswan/programs/pluto/rcv_whack.c:810 #15 0x00005589581cc4cc in whack_handle_cb (fd=4, event=, arg=) at /home/build/libreswan/programs/pluto/rcv_whack.c:709 #16 0x00007f22d1cdfbb7 in ?? () from /lib64/libevent-2.1.so.6 #17 0x00007f22d1ce030f in event_base_loop () from /lib64/libevent-2.1.so.6 #18 0x000055895818988d in call_server () at /home/build/libreswan/programs/pluto/server.c:1489 #19 0x000055895814a06b in main (argc=, argv=) at /home/build/libreswan/programs/pluto/plutomain.c:1796 Sep 21 07:24:35.510079: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:35.510105: shutting down Sep 21 07:24:35.510112: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:24:35.510116: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:24:35.510122: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:35.510124: forgetting secrets Sep 21 07:24:35.510128: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:35.510132: | unreference key: 0x56228dca9eb0 @east cnt 1-- Sep 21 07:24:35.510137: | unreference key: 0x56228dca9c60 @west cnt 1-- Sep 21 07:24:35.510142: | start processing: connection "westnet-eastnet" (in delete_connection() at connections.c:189) Sep 21 07:24:35.510145: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:35.510147: | pass 0 Sep 21 07:24:35.510150: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:35.510152: | state #1 Sep 21 07:24:35.510155: | suspend processing: connection "westnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:35.510161: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:35.510164: | pstats #1 ikev1.isakmp deleted other Sep 21 07:24:35.510169: | [RE]START processing: state #1 connection "westnet-eastnet" from 192.1.2.45:59149 (in delete_state() at state.c:879) Sep 21 07:24:35.510173: "westnet-eastnet" #1: deleting state (STATE_MAIN_R0) aged 5.808s and NOT sending notification Sep 21 07:24:35.510176: | parent state #1: MAIN_R0(half-open IKE SA) => delete Sep 21 07:24:35.510445: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:24:35.510455: | stop processing: connection "westnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:24:35.510458: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:24:35.510461: | in connection_discard for connection westnet-eastnet Sep 21 07:24:35.510463: | State DB: deleting IKEv1 state #1 in MAIN_R0 Sep 21 07:24:35.510698: | parent state #1: MAIN_R0(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:24:35.510713: | stop processing: state #1 from 192.1.2.45:59149 (in delete_state() at state.c:1143) Sep 21 07:24:35.510717: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:24:35.510720: | pass 1 Sep 21 07:24:35.510722: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:35.510726: | free hp@0x56228dc75420 Sep 21 07:24:35.510729: | flush revival: connection 'westnet-eastnet' wasn't on the list Sep 21 07:24:35.510732: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:35.510735: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:24:35.510738: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:24:35.510749: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:24:35.510753: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:24:35.510756: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:24:35.510759: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:24:35.510762: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:24:35.510765: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:24:35.510769: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:24:35.510777: | libevent_free: release ptr-libevent@0x56228dca8970 Sep 21 07:24:35.510780: | free_event_entry: release EVENT_NULL-pe@0x56228dca8930 Sep 21 07:24:35.510887: | libevent_free: release ptr-libevent@0x56228dca8a60 Sep 21 07:24:35.510893: | free_event_entry: release EVENT_NULL-pe@0x56228dca8a20 Sep 21 07:24:35.510899: | libevent_free: release ptr-libevent@0x56228dca8b50 Sep 21 07:24:35.510902: | free_event_entry: release EVENT_NULL-pe@0x56228dca8b10 Sep 21 07:24:35.510908: | libevent_free: release ptr-libevent@0x56228dca8c40 Sep 21 07:24:35.510910: | free_event_entry: release EVENT_NULL-pe@0x56228dca8c00 Sep 21 07:24:35.510916: | libevent_free: release ptr-libevent@0x56228dca8d30 Sep 21 07:24:35.510919: | free_event_entry: release EVENT_NULL-pe@0x56228dca8cf0 Sep 21 07:24:35.510925: | libevent_free: release ptr-libevent@0x56228dca8e20 Sep 21 07:24:35.510927: | free_event_entry: release EVENT_NULL-pe@0x56228dca8de0 Sep 21 07:24:35.510932: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:35.511729: | libevent_free: release ptr-libevent@0x56228dca8290 Sep 21 07:24:35.511735: | free_event_entry: release EVENT_NULL-pe@0x56228dc8c140 Sep 21 07:24:35.511740: | libevent_free: release ptr-libevent@0x56228dc9dda0 Sep 21 07:24:35.511743: | free_event_entry: release EVENT_NULL-pe@0x56228dc91bb0 Sep 21 07:24:35.511747: | libevent_free: release ptr-libevent@0x56228dc9dd10 Sep 21 07:24:35.511749: | free_event_entry: release EVENT_NULL-pe@0x56228dc91bf0 Sep 21 07:24:35.511753: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:24:35.511755: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:24:35.511758: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:24:35.511760: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:24:35.511762: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:24:35.511765: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:24:35.511767: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:24:35.511770: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:24:35.511772: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:24:35.511777: | libevent_free: release ptr-libevent@0x56228dca8360 Sep 21 07:24:35.511779: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:24:35.511786: | libevent_free: release ptr-libevent@0x56228dca8440 Sep 21 07:24:35.511791: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:24:35.511794: | libevent_free: release ptr-libevent@0x56228dca8500 Sep 21 07:24:35.511796: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:24:35.511799: | libevent_free: release ptr-libevent@0x56228dc9d110 Sep 21 07:24:35.511801: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:24:35.511809: | releasing event base Sep 21 07:24:35.511822: | libevent_free: release ptr-libevent@0x56228dca85c0 Sep 21 07:24:35.511824: | libevent_free: release ptr-libevent@0x56228dc7dbd0 Sep 21 07:24:35.511828: | libevent_free: release ptr-libevent@0x56228dc8c480 Sep 21 07:24:35.511830: | libevent_free: release ptr-libevent@0x56228dc8c550 Sep 21 07:24:35.511833: | libevent_free: release ptr-libevent@0x56228dc8c4a0 Sep 21 07:24:35.511836: | libevent_free: release ptr-libevent@0x56228dca8320 Sep 21 07:24:35.511838: | libevent_free: release ptr-libevent@0x56228dca8400 Sep 21 07:24:35.511841: | libevent_free: release ptr-libevent@0x56228dc8c530 Sep 21 07:24:35.511843: | libevent_free: release ptr-libevent@0x56228dc90ed0 Sep 21 07:24:35.511845: | libevent_free: release ptr-libevent@0x56228dc90ef0 Sep 21 07:24:35.511848: | libevent_free: release ptr-libevent@0x56228dca8eb0 Sep 21 07:24:35.511850: | libevent_free: release ptr-libevent@0x56228dca8dc0 Sep 21 07:24:35.511852: | libevent_free: release ptr-libevent@0x56228dca8cd0 Sep 21 07:24:35.511855: | libevent_free: release ptr-libevent@0x56228dca8be0 Sep 21 07:24:35.511857: | libevent_free: release ptr-libevent@0x56228dca8af0 Sep 21 07:24:35.511859: | libevent_free: release ptr-libevent@0x56228dca8a00 Sep 21 07:24:35.511861: | libevent_free: release ptr-libevent@0x56228dc0e370 Sep 21 07:24:35.511864: | libevent_free: release ptr-libevent@0x56228dca84e0 Sep 21 07:24:35.511866: | libevent_free: release ptr-libevent@0x56228dca8420 Sep 21 07:24:35.511868: | libevent_free: release ptr-libevent@0x56228dca8340 Sep 21 07:24:35.511871: | libevent_free: release ptr-libevent@0x56228dca85a0 Sep 21 07:24:35.511873: | libevent_free: release ptr-libevent@0x56228dc0c6c0 Sep 21 07:24:35.511876: | libevent_free: release ptr-libevent@0x56228dc8c4c0 Sep 21 07:24:35.511878: | libevent_free: release ptr-libevent@0x56228dc8c4f0 Sep 21 07:24:35.511880: | libevent_free: release ptr-libevent@0x56228dc8c1e0 Sep 21 07:24:35.511883: | releasing global libevent data Sep 21 07:24:35.511885: | libevent_free: release ptr-libevent@0x56228dc8aed0 Sep 21 07:24:35.511888: | libevent_free: release ptr-libevent@0x56228dc8c180 Sep 21 07:24:35.511891: | libevent_free: release ptr-libevent@0x56228dc8c1b0