Sep 21 07:24:51.660045: FIPS Product: YES Sep 21 07:24:51.660089: FIPS Kernel: NO Sep 21 07:24:51.660093: FIPS Mode: NO Sep 21 07:24:51.660096: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:24:51.660295: Initializing NSS Sep 21 07:24:51.660301: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:24:51.713943: NSS initialized Sep 21 07:24:51.713959: NSS crypto library initialized Sep 21 07:24:51.713962: FIPS HMAC integrity support [enabled] Sep 21 07:24:51.713964: FIPS mode disabled for pluto daemon Sep 21 07:24:51.789195: FIPS HMAC integrity verification self-test FAILED Sep 21 07:24:51.789309: libcap-ng support [enabled] Sep 21 07:24:51.789323: Linux audit support [enabled] Sep 21 07:24:51.789353: Linux audit activated Sep 21 07:24:51.789361: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:7530 Sep 21 07:24:51.789365: core dump dir: /tmp Sep 21 07:24:51.789368: secrets file: /etc/ipsec.secrets Sep 21 07:24:51.789370: leak-detective disabled Sep 21 07:24:51.789371: NSS crypto [enabled] Sep 21 07:24:51.789373: XAUTH PAM support [enabled] Sep 21 07:24:51.789446: | libevent is using pluto's memory allocator Sep 21 07:24:51.789453: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:24:51.789468: | libevent_malloc: new ptr-libevent@0x56524ddbb480 size 40 Sep 21 07:24:51.789474: | libevent_malloc: new ptr-libevent@0x56524ddbc730 size 40 Sep 21 07:24:51.789478: | libevent_malloc: new ptr-libevent@0x56524ddbc760 size 40 Sep 21 07:24:51.789480: | creating event base Sep 21 07:24:51.789482: | libevent_malloc: new ptr-libevent@0x56524ddbc6f0 size 56 Sep 21 07:24:51.789486: | libevent_malloc: new ptr-libevent@0x56524ddbc790 size 664 Sep 21 07:24:51.789497: | libevent_malloc: new ptr-libevent@0x56524ddbca30 size 24 Sep 21 07:24:51.789501: | libevent_malloc: new ptr-libevent@0x56524ddae1f0 size 384 Sep 21 07:24:51.789511: | libevent_malloc: new ptr-libevent@0x56524ddbca50 size 16 Sep 21 07:24:51.789514: | libevent_malloc: new ptr-libevent@0x56524ddbca70 size 40 Sep 21 07:24:51.789516: | libevent_malloc: new ptr-libevent@0x56524ddbcaa0 size 48 Sep 21 07:24:51.789524: | libevent_realloc: new ptr-libevent@0x56524dd40370 size 256 Sep 21 07:24:51.789527: | libevent_malloc: new ptr-libevent@0x56524ddbcae0 size 16 Sep 21 07:24:51.789533: | libevent_free: release ptr-libevent@0x56524ddbc6f0 Sep 21 07:24:51.789537: | libevent initialized Sep 21 07:24:51.789541: | libevent_realloc: new ptr-libevent@0x56524ddbcb00 size 64 Sep 21 07:24:51.789545: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:24:51.789565: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:24:51.789568: NAT-Traversal support [enabled] Sep 21 07:24:51.789571: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:24:51.789578: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:24:51.789581: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:24:51.789621: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:24:51.789625: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:24:51.789628: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:24:51.789678: Encryption algorithms: Sep 21 07:24:51.789689: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:24:51.789693: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:24:51.789696: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:24:51.789699: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:24:51.789703: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:24:51.789713: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:24:51.789717: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:24:51.789720: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:24:51.789723: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:24:51.789727: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:24:51.789730: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:24:51.789733: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:24:51.789736: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:24:51.789740: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:24:51.789743: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:24:51.789746: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:24:51.789749: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:24:51.789756: Hash algorithms: Sep 21 07:24:51.789759: MD5 IKEv1: IKE IKEv2: Sep 21 07:24:51.789761: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:24:51.789764: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:24:51.789766: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:24:51.789768: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:24:51.789779: PRF algorithms: Sep 21 07:24:51.789781: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:24:51.789794: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:24:51.789797: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:24:51.789800: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:24:51.789802: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:24:51.789804: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:24:51.789825: Integrity algorithms: Sep 21 07:24:51.789828: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:24:51.789831: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:24:51.789834: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:24:51.789837: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:24:51.789840: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:24:51.789842: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:24:51.789845: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:24:51.789848: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:24:51.789850: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:24:51.789861: DH algorithms: Sep 21 07:24:51.789864: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:24:51.789867: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:24:51.789869: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:24:51.789874: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:24:51.789877: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:24:51.789879: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:24:51.789882: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:24:51.789885: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:24:51.789887: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:24:51.789890: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:24:51.789892: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:24:51.789895: testing CAMELLIA_CBC: Sep 21 07:24:51.789897: Camellia: 16 bytes with 128-bit key Sep 21 07:24:51.790022: Camellia: 16 bytes with 128-bit key Sep 21 07:24:51.790048: Camellia: 16 bytes with 256-bit key Sep 21 07:24:51.790074: Camellia: 16 bytes with 256-bit key Sep 21 07:24:51.790102: testing AES_GCM_16: Sep 21 07:24:51.790105: empty string Sep 21 07:24:51.790131: one block Sep 21 07:24:51.790157: two blocks Sep 21 07:24:51.790185: two blocks with associated data Sep 21 07:24:51.790212: testing AES_CTR: Sep 21 07:24:51.790215: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:24:51.790242: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:24:51.790271: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:24:51.790300: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:24:51.790328: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:24:51.790358: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:24:51.790388: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:24:51.790416: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:24:51.790443: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:24:51.790470: testing AES_CBC: Sep 21 07:24:51.790473: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:24:51.790500: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:24:51.790531: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:24:51.790564: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:24:51.790598: testing AES_XCBC: Sep 21 07:24:51.790602: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:24:51.790727: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:24:51.790867: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:24:51.790983: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:24:51.791115: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:24:51.791239: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:24:51.791375: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:24:51.791671: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:24:51.791807: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:24:51.791957: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:24:51.792185: testing HMAC_MD5: Sep 21 07:24:51.792190: RFC 2104: MD5_HMAC test 1 Sep 21 07:24:51.792392: RFC 2104: MD5_HMAC test 2 Sep 21 07:24:51.792559: RFC 2104: MD5_HMAC test 3 Sep 21 07:24:51.792737: 8 CPU cores online Sep 21 07:24:51.792741: starting up 7 crypto helpers Sep 21 07:24:51.792774: started thread for crypto helper 0 Sep 21 07:24:51.792800: started thread for crypto helper 1 Sep 21 07:24:51.792831: started thread for crypto helper 2 Sep 21 07:24:51.792854: started thread for crypto helper 3 Sep 21 07:24:51.792877: started thread for crypto helper 4 Sep 21 07:24:51.792897: started thread for crypto helper 5 Sep 21 07:24:51.792926: started thread for crypto helper 6 Sep 21 07:24:51.792932: | checking IKEv1 state table Sep 21 07:24:51.792940: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:51.792943: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:24:51.792946: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:51.792948: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:24:51.792951: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:24:51.792953: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:24:51.792956: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:51.792958: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:51.792961: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:24:51.792963: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:24:51.792965: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:51.792968: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:51.792971: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:24:51.792973: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:51.792976: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:51.792978: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:24:51.792981: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:24:51.792983: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:51.792985: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:51.792988: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:24:51.792990: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:24:51.792993: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.792996: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:24:51.792998: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793001: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:51.793003: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:24:51.793006: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:51.793008: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:24:51.793011: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:24:51.793014: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:24:51.793016: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:24:51.793018: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:24:51.793021: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:24:51.793023: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793026: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:24:51.793029: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793031: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:24:51.793033: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:24:51.793036: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:24:51.793038: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:24:51.793041: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:24:51.793044: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:24:51.793047: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:24:51.793049: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793052: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:24:51.793054: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793057: | INFO: category: informational flags: 0: Sep 21 07:24:51.793060: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793062: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:24:51.793064: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793067: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:24:51.793070: | -> XAUTH_R1 EVENT_NULL Sep 21 07:24:51.793072: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:24:51.793075: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:51.793078: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:24:51.793080: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:24:51.793083: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:24:51.793085: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:24:51.793088: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:24:51.793091: | -> UNDEFINED EVENT_NULL Sep 21 07:24:51.793094: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:24:51.793099: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:51.793102: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:24:51.793105: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:24:51.793107: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:24:51.793110: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:24:51.793116: | checking IKEv2 state table Sep 21 07:24:51.793123: | PARENT_I0: category: ignore flags: 0: Sep 21 07:24:51.793126: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:24:51.793128: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:51.793131: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:24:51.793134: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:24:51.793137: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:24:51.793140: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:24:51.793143: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:24:51.793146: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:24:51.793148: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:24:51.793151: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:24:51.793154: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:24:51.793157: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:24:51.793160: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:24:51.793162: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:24:51.793164: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:24:51.793167: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:51.793170: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:24:51.793173: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:24:51.793176: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:24:51.793179: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:24:51.793182: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:24:51.793184: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:24:51.793187: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:24:51.793190: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:24:51.793193: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:24:51.793196: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:24:51.793198: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:24:51.793201: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:24:51.793204: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:24:51.793208: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:24:51.793210: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:24:51.793213: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:24:51.793216: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:24:51.793219: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:24:51.793222: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:24:51.793224: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:24:51.793227: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:24:51.793230: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:24:51.793236: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:24:51.793239: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:24:51.793242: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:24:51.793245: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:24:51.793248: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:24:51.793251: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:24:51.793253: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:24:51.793257: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:24:51.793332: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:24:51.793401: | Hard-wiring algorithms Sep 21 07:24:51.793406: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:24:51.793410: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:24:51.793413: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:24:51.793415: | adding 3DES_CBC to kernel algorithm db Sep 21 07:24:51.793418: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:24:51.793421: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:24:51.793423: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:24:51.793426: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:24:51.793428: | adding AES_CTR to kernel algorithm db Sep 21 07:24:51.793430: | adding AES_CBC to kernel algorithm db Sep 21 07:24:51.793433: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:24:51.793435: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:24:51.793437: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:24:51.793440: | adding NULL to kernel algorithm db Sep 21 07:24:51.793442: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:24:51.793445: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:24:51.793447: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:24:51.793449: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:24:51.793451: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:24:51.793453: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:24:51.793456: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:24:51.793458: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:24:51.793461: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:24:51.793463: | adding NONE to kernel algorithm db Sep 21 07:24:51.793484: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:24:51.793491: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:24:51.793494: | setup kernel fd callback Sep 21 07:24:51.793497: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56524ddc6eb0 Sep 21 07:24:51.793501: | libevent_malloc: new ptr-libevent@0x56524ddce380 size 128 Sep 21 07:24:51.793504: | libevent_malloc: new ptr-libevent@0x56524ddbcc40 size 16 Sep 21 07:24:51.793511: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56524ddc1750 Sep 21 07:24:51.793514: | libevent_malloc: new ptr-libevent@0x56524ddce410 size 128 Sep 21 07:24:51.793516: | libevent_malloc: new ptr-libevent@0x56524ddc16a0 size 16 Sep 21 07:24:51.793529: | starting up helper thread 5 Sep 21 07:24:51.793542: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:24:51.793545: | crypto helper 5 waiting (nothing to do) Sep 21 07:24:51.793552: | starting up helper thread 3 Sep 21 07:24:51.793557: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:24:51.793560: | crypto helper 3 waiting (nothing to do) Sep 21 07:24:51.793565: | starting up helper thread 1 Sep 21 07:24:51.793570: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:24:51.793573: | crypto helper 1 waiting (nothing to do) Sep 21 07:24:51.793587: | starting up helper thread 0 Sep 21 07:24:51.793592: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:24:51.793598: | crypto helper 0 waiting (nothing to do) Sep 21 07:24:51.793746: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:24:51.793755: selinux support is enabled. Sep 21 07:24:51.794006: | starting up helper thread 4 Sep 21 07:24:51.794020: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:24:51.794022: | crypto helper 4 waiting (nothing to do) Sep 21 07:24:51.794029: | starting up helper thread 2 Sep 21 07:24:51.794035: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:24:51.794037: | crypto helper 2 waiting (nothing to do) Sep 21 07:24:51.794069: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:24:51.794252: | unbound context created - setting debug level to 5 Sep 21 07:24:51.794287: | /etc/hosts lookups activated Sep 21 07:24:51.794306: | /etc/resolv.conf usage activated Sep 21 07:24:51.794366: | outgoing-port-avoid set 0-65535 Sep 21 07:24:51.794394: | outgoing-port-permit set 32768-60999 Sep 21 07:24:51.794397: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:24:51.794400: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:24:51.794403: | Setting up events, loop start Sep 21 07:24:51.794407: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56524ddc14a0 Sep 21 07:24:51.794411: | libevent_malloc: new ptr-libevent@0x56524ddd8980 size 128 Sep 21 07:24:51.794414: | libevent_malloc: new ptr-libevent@0x56524ddd8a10 size 16 Sep 21 07:24:51.794422: | libevent_realloc: new ptr-libevent@0x56524dd3e5b0 size 256 Sep 21 07:24:51.794424: | libevent_malloc: new ptr-libevent@0x56524ddd8a30 size 8 Sep 21 07:24:51.794427: | libevent_realloc: new ptr-libevent@0x56524ddcd680 size 144 Sep 21 07:24:51.794430: | libevent_malloc: new ptr-libevent@0x56524ddd8a50 size 152 Sep 21 07:24:51.794433: | libevent_malloc: new ptr-libevent@0x56524ddd8af0 size 16 Sep 21 07:24:51.794437: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:24:51.794441: | libevent_malloc: new ptr-libevent@0x56524ddd8b10 size 8 Sep 21 07:24:51.794443: | libevent_malloc: new ptr-libevent@0x56524ddd8b30 size 152 Sep 21 07:24:51.794446: | signal event handler PLUTO_SIGTERM installed Sep 21 07:24:51.794449: | libevent_malloc: new ptr-libevent@0x56524ddd8bd0 size 8 Sep 21 07:24:51.794452: | libevent_malloc: new ptr-libevent@0x56524ddd8bf0 size 152 Sep 21 07:24:51.794455: | signal event handler PLUTO_SIGHUP installed Sep 21 07:24:51.794457: | libevent_malloc: new ptr-libevent@0x56524ddd8c90 size 8 Sep 21 07:24:51.794460: | libevent_realloc: release ptr-libevent@0x56524ddcd680 Sep 21 07:24:51.794463: | libevent_realloc: new ptr-libevent@0x56524ddd8cb0 size 256 Sep 21 07:24:51.794466: | libevent_malloc: new ptr-libevent@0x56524ddcd680 size 152 Sep 21 07:24:51.794468: | signal event handler PLUTO_SIGSYS installed Sep 21 07:24:51.794862: | created addconn helper (pid:7710) using fork+execve Sep 21 07:24:51.794880: | forked child 7710 Sep 21 07:24:51.794921: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:51.794943: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:24:51.794951: listening for IKE messages Sep 21 07:24:51.795008: | Inspecting interface lo Sep 21 07:24:51.795017: | found lo with address 127.0.0.1 Sep 21 07:24:51.795020: | Inspecting interface eth0 Sep 21 07:24:51.795023: | found eth0 with address 192.0.2.254 Sep 21 07:24:51.795026: | Inspecting interface eth1 Sep 21 07:24:51.795030: | found eth1 with address 192.1.2.23 Sep 21 07:24:51.795089: Kernel supports NIC esp-hw-offload Sep 21 07:24:51.795110: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:24:51.795144: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:51.795150: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:51.795154: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:24:51.795190: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:24:51.795231: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:51.795236: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:51.795241: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:24:51.795276: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:24:51.795306: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:51.795310: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:51.795314: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:24:51.795402: | no interfaces to sort Sep 21 07:24:51.795407: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:51.795416: | add_fd_read_event_handler: new ethX-pe@0x56524ddc2220 Sep 21 07:24:51.795419: | libevent_malloc: new ptr-libevent@0x56524ddd9020 size 128 Sep 21 07:24:51.795423: | libevent_malloc: new ptr-libevent@0x56524ddd90b0 size 16 Sep 21 07:24:51.795432: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:24:51.795435: | add_fd_read_event_handler: new ethX-pe@0x56524ddd90d0 Sep 21 07:24:51.795438: | libevent_malloc: new ptr-libevent@0x56524ddd9110 size 128 Sep 21 07:24:51.795441: | libevent_malloc: new ptr-libevent@0x56524ddd91a0 size 16 Sep 21 07:24:51.795446: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:24:51.795448: | add_fd_read_event_handler: new ethX-pe@0x56524ddd91c0 Sep 21 07:24:51.795451: | libevent_malloc: new ptr-libevent@0x56524ddd9200 size 128 Sep 21 07:24:51.795453: | libevent_malloc: new ptr-libevent@0x56524ddd9290 size 16 Sep 21 07:24:51.795458: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:24:51.795461: | add_fd_read_event_handler: new ethX-pe@0x56524ddd92b0 Sep 21 07:24:51.795463: | libevent_malloc: new ptr-libevent@0x56524ddd92f0 size 128 Sep 21 07:24:51.795466: | libevent_malloc: new ptr-libevent@0x56524ddd9380 size 16 Sep 21 07:24:51.795470: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:24:51.795473: | add_fd_read_event_handler: new ethX-pe@0x56524ddd93a0 Sep 21 07:24:51.795476: | libevent_malloc: new ptr-libevent@0x56524ddd93e0 size 128 Sep 21 07:24:51.795479: | libevent_malloc: new ptr-libevent@0x56524ddd9470 size 16 Sep 21 07:24:51.795483: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:24:51.795486: | add_fd_read_event_handler: new ethX-pe@0x56524ddd9490 Sep 21 07:24:51.795488: | libevent_malloc: new ptr-libevent@0x56524ddd94d0 size 128 Sep 21 07:24:51.795491: | libevent_malloc: new ptr-libevent@0x56524ddd9560 size 16 Sep 21 07:24:51.795495: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:24:51.795501: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:51.795504: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:51.795526: loading secrets from "/etc/ipsec.secrets" Sep 21 07:24:51.795547: | id type added to secret(0x56524ddce560) PKK_PSK: @east Sep 21 07:24:51.795552: | id type added to secret(0x56524ddce560) PKK_PSK: @west Sep 21 07:24:51.795556: | Processing PSK at line 1: passed Sep 21 07:24:51.795558: | certs and keys locked by 'process_secret' Sep 21 07:24:51.795563: | certs and keys unlocked by 'process_secret' Sep 21 07:24:51.795569: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:24:51.795969: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:51.795986: | spent 0.626 milliseconds in whack Sep 21 07:24:51.796010: | starting up helper thread 6 Sep 21 07:24:51.796017: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:24:51.796023: | crypto helper 6 waiting (nothing to do) Sep 21 07:24:51.838322: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:51.838347: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:24:51.838353: listening for IKE messages Sep 21 07:24:51.838391: | Inspecting interface lo Sep 21 07:24:51.838403: | found lo with address 127.0.0.1 Sep 21 07:24:51.838407: | Inspecting interface eth0 Sep 21 07:24:51.838411: | found eth0 with address 192.0.2.254 Sep 21 07:24:51.838413: | Inspecting interface eth1 Sep 21 07:24:51.838417: | found eth1 with address 192.1.2.23 Sep 21 07:24:51.838495: | no interfaces to sort Sep 21 07:24:51.838505: | libevent_free: release ptr-libevent@0x56524ddd9020 Sep 21 07:24:51.838509: | free_event_entry: release EVENT_NULL-pe@0x56524ddc2220 Sep 21 07:24:51.838512: | add_fd_read_event_handler: new ethX-pe@0x56524ddc2220 Sep 21 07:24:51.838515: | libevent_malloc: new ptr-libevent@0x56524ddd9020 size 128 Sep 21 07:24:51.838523: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:24:51.838527: | libevent_free: release ptr-libevent@0x56524ddd9110 Sep 21 07:24:51.838530: | free_event_entry: release EVENT_NULL-pe@0x56524ddd90d0 Sep 21 07:24:51.838532: | add_fd_read_event_handler: new ethX-pe@0x56524ddd90d0 Sep 21 07:24:51.838535: | libevent_malloc: new ptr-libevent@0x56524ddd9110 size 128 Sep 21 07:24:51.838540: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:24:51.838543: | libevent_free: release ptr-libevent@0x56524ddd9200 Sep 21 07:24:51.838546: | free_event_entry: release EVENT_NULL-pe@0x56524ddd91c0 Sep 21 07:24:51.838549: | add_fd_read_event_handler: new ethX-pe@0x56524ddd91c0 Sep 21 07:24:51.838551: | libevent_malloc: new ptr-libevent@0x56524ddd9200 size 128 Sep 21 07:24:51.838556: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:24:51.838560: | libevent_free: release ptr-libevent@0x56524ddd92f0 Sep 21 07:24:51.838562: | free_event_entry: release EVENT_NULL-pe@0x56524ddd92b0 Sep 21 07:24:51.838565: | add_fd_read_event_handler: new ethX-pe@0x56524ddd92b0 Sep 21 07:24:51.838567: | libevent_malloc: new ptr-libevent@0x56524ddd92f0 size 128 Sep 21 07:24:51.838572: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:24:51.838576: | libevent_free: release ptr-libevent@0x56524ddd93e0 Sep 21 07:24:51.838578: | free_event_entry: release EVENT_NULL-pe@0x56524ddd93a0 Sep 21 07:24:51.838581: | add_fd_read_event_handler: new ethX-pe@0x56524ddd93a0 Sep 21 07:24:51.838583: | libevent_malloc: new ptr-libevent@0x56524ddd93e0 size 128 Sep 21 07:24:51.838588: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:24:51.838592: | libevent_free: release ptr-libevent@0x56524ddd94d0 Sep 21 07:24:51.838594: | free_event_entry: release EVENT_NULL-pe@0x56524ddd9490 Sep 21 07:24:51.838597: | add_fd_read_event_handler: new ethX-pe@0x56524ddd9490 Sep 21 07:24:51.838599: | libevent_malloc: new ptr-libevent@0x56524ddd94d0 size 128 Sep 21 07:24:51.838604: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:24:51.838607: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:51.838609: forgetting secrets Sep 21 07:24:51.838615: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:51.838628: loading secrets from "/etc/ipsec.secrets" Sep 21 07:24:51.838635: | id type added to secret(0x56524ddce560) PKK_PSK: @east Sep 21 07:24:51.838638: | id type added to secret(0x56524ddce560) PKK_PSK: @west Sep 21 07:24:51.838642: | Processing PSK at line 1: passed Sep 21 07:24:51.838645: | certs and keys locked by 'process_secret' Sep 21 07:24:51.838647: | certs and keys unlocked by 'process_secret' Sep 21 07:24:51.838652: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:24:51.838658: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:51.838667: | spent 0.353 milliseconds in whack Sep 21 07:24:51.839149: | processing signal PLUTO_SIGCHLD Sep 21 07:24:51.839164: | waitpid returned pid 7710 (exited with status 0) Sep 21 07:24:51.839168: | reaped addconn helper child (status 0) Sep 21 07:24:51.839173: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:51.839178: | spent 0.0169 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:51.933656: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:51.933685: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:51.933688: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:51.933691: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:51.933693: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:51.933697: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:51.933705: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:51.933759: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:51.933765: | from whack: got --esp= Sep 21 07:24:51.933810: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:51.933817: | counting wild cards for @west is 0 Sep 21 07:24:51.933820: | counting wild cards for @east is 0 Sep 21 07:24:51.933830: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:24:51.933834: | new hp@0x56524dda59b0 Sep 21 07:24:51.933837: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:51.933848: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:51.933860: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:24:51.933869: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:51.933876: | spent 0.22 milliseconds in whack Sep 21 07:24:52.019895: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:52.020101: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:52.020107: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:52.020171: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:52.020184: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:52.020192: | spent 0.305 milliseconds in whack Sep 21 07:24:54.693561: | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:54.693588: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:24:54.693591: | 62 24 df fc e3 88 ff a3 00 00 00 00 00 00 00 00 Sep 21 07:24:54.693593: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:24:54.693595: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:24:54.693597: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:24:54.693599: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:24:54.693601: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:24:54.693603: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:24:54.693605: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:24:54.693607: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:24:54.693609: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:24:54.693611: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:24:54.693613: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:24:54.693615: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:24:54.693618: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:24:54.693620: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:24:54.693622: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:24:54.693624: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:24:54.693629: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:24:54.693631: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:24:54.693634: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:24:54.693636: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:24:54.693638: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:24:54.693639: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:24:54.693641: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:24:54.693643: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:24:54.693646: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:24:54.693648: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:24:54.693650: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:24:54.693652: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:24:54.693654: | 28 00 01 08 00 0e 00 00 10 30 41 28 27 c3 cd 78 Sep 21 07:24:54.693656: | 59 80 35 72 0e f4 72 4b 03 9a 58 6e 70 46 99 78 Sep 21 07:24:54.693658: | 95 40 91 bc 69 94 87 dd 85 a8 6f 97 da 58 9c 11 Sep 21 07:24:54.693660: | 00 31 bb 51 b0 44 88 04 b4 0a 10 dc 18 bd c2 47 Sep 21 07:24:54.693769: | bc c5 fb 28 4e 8e 58 9c c6 fa de 21 a7 9e 9f 3c Sep 21 07:24:54.693772: | bc 4f 94 f3 f6 95 3a 5b 5d 3d 3e d3 40 2f 52 b0 Sep 21 07:24:54.693774: | 70 59 bf 97 52 a8 7f ee 60 49 f9 b7 1f 4a a8 5d Sep 21 07:24:54.693777: | 6c 5d 1d d5 15 bd 4f a0 a8 85 8f d3 95 b0 0e 75 Sep 21 07:24:54.693779: | 6e 93 e2 83 b9 5a e6 16 de 08 9b 2e 8c 8e bb 85 Sep 21 07:24:54.693781: | 7b d4 88 49 68 eb 3b de 6a 09 00 4c 1e 8f 71 e7 Sep 21 07:24:54.693791: | 90 6a 55 7b be fa 2c 0a 2e 05 96 b6 51 bf 87 f1 Sep 21 07:24:54.693796: | 3e bc bd 1e 92 5d 7c e9 3d 85 3f db b3 c7 23 af Sep 21 07:24:54.693798: | 5c bd eb f3 e5 ea 28 03 5b ce 4a 79 f1 d4 96 b6 Sep 21 07:24:54.693799: | f4 68 7d 3a 62 6c 41 da 6d a8 c8 5b 9a 47 c0 7e Sep 21 07:24:54.693801: | 11 d2 e5 2e b4 86 13 f1 a2 71 46 1a 10 d5 a0 dc Sep 21 07:24:54.693802: | e9 2e 25 32 a6 c0 e9 d8 67 26 17 8f 0f 83 36 34 Sep 21 07:24:54.693803: | 6c 74 f5 03 f5 be 44 24 29 00 00 24 6c a3 c2 a4 Sep 21 07:24:54.693805: | 63 7f b9 bb a4 73 fd 5f b4 4b d5 d9 62 56 5f 55 Sep 21 07:24:54.693806: | 6e d1 5c 48 91 1d d4 d8 dc 62 a2 31 29 00 00 08 Sep 21 07:24:54.693808: | 00 00 40 2e 29 00 00 1c 00 00 40 04 39 79 83 c0 Sep 21 07:24:54.693809: | f2 9c 74 04 cd 32 68 63 60 c5 7d 1d f4 0a 08 6a Sep 21 07:24:54.693810: | 00 00 00 1c 00 00 40 05 bc 8c 28 17 36 b2 15 dc Sep 21 07:24:54.693812: | b1 6c 25 f4 84 f6 f6 cd 56 a5 75 8d Sep 21 07:24:54.693818: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:24:54.693822: | **parse ISAKMP Message: Sep 21 07:24:54.693825: | initiator cookie: Sep 21 07:24:54.693827: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.693829: | responder cookie: Sep 21 07:24:54.693831: | 00 00 00 00 00 00 00 00 Sep 21 07:24:54.693834: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:24:54.693836: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.693838: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:24:54.693841: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:24:54.693843: | Message ID: 0 (0x0) Sep 21 07:24:54.693846: | length: 828 (0x33c) Sep 21 07:24:54.693849: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:24:54.693852: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:24:54.693855: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:24:54.693858: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:24:54.693861: | ***parse IKEv2 Security Association Payload: Sep 21 07:24:54.693864: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:24:54.693866: | flags: none (0x0) Sep 21 07:24:54.693869: | length: 436 (0x1b4) Sep 21 07:24:54.693875: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:24:54.693877: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:24:54.693881: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:24:54.693883: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:24:54.693886: | flags: none (0x0) Sep 21 07:24:54.693888: | length: 264 (0x108) Sep 21 07:24:54.693891: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.693893: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:24:54.693895: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:24:54.693898: | ***parse IKEv2 Nonce Payload: Sep 21 07:24:54.693900: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.693903: | flags: none (0x0) Sep 21 07:24:54.693905: | length: 36 (0x24) Sep 21 07:24:54.693907: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:24:54.693909: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:24:54.693912: | ***parse IKEv2 Notify Payload: Sep 21 07:24:54.693914: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.693916: | flags: none (0x0) Sep 21 07:24:54.693918: | length: 8 (0x8) Sep 21 07:24:54.693921: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.693923: | SPI size: 0 (0x0) Sep 21 07:24:54.693926: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:24:54.693929: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:24:54.693931: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:24:54.693934: | ***parse IKEv2 Notify Payload: Sep 21 07:24:54.693936: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.693938: | flags: none (0x0) Sep 21 07:24:54.693940: | length: 28 (0x1c) Sep 21 07:24:54.693942: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.693945: | SPI size: 0 (0x0) Sep 21 07:24:54.693947: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:24:54.693950: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:24:54.693952: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:24:54.693954: | ***parse IKEv2 Notify Payload: Sep 21 07:24:54.693957: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.693959: | flags: none (0x0) Sep 21 07:24:54.693961: | length: 28 (0x1c) Sep 21 07:24:54.693963: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.693966: | SPI size: 0 (0x0) Sep 21 07:24:54.693968: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:24:54.693970: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:24:54.693973: | DDOS disabled and no cookie sent, continuing Sep 21 07:24:54.693979: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:24:54.693985: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:24:54.693988: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:24:54.693992: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:24:54.693995: | find_next_host_connection returns empty Sep 21 07:24:54.693999: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:24:54.694002: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:24:54.694004: | find_next_host_connection returns empty Sep 21 07:24:54.694008: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:24:54.694013: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:24:54.694017: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:24:54.694020: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:24:54.694023: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:24:54.694028: | find_next_host_connection returns empty Sep 21 07:24:54.694032: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:24:54.694035: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:24:54.694037: | find_next_host_connection returns empty Sep 21 07:24:54.694041: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Sep 21 07:24:54.694046: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:24:54.694050: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:24:54.694053: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:24:54.694056: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:24:54.694058: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:54.694061: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:24:54.694063: | find_next_host_connection returns empty Sep 21 07:24:54.694066: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Sep 21 07:24:54.694094: | creating state object #1 at 0x56524dddc6e0 Sep 21 07:24:54.694098: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:24:54.694106: | pstats #1 ikev2.ike started Sep 21 07:24:54.694110: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:24:54.694112: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:24:54.694117: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:24:54.694125: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:24:54.694128: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:24:54.694132: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:24:54.694135: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:24:54.694142: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:24:54.694146: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:24:54.694148: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:24:54.694151: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:24:54.694153: | Now let's proceed with state specific processing Sep 21 07:24:54.694155: | calling processor Respond to IKE_SA_INIT Sep 21 07:24:54.694161: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:24:54.694163: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Sep 21 07:24:54.694171: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.694178: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.694182: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.694186: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.694189: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.694197: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.694201: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.694205: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.694214: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.694218: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:24:54.694221: | local proposal 1 type ENCR has 1 transforms Sep 21 07:24:54.694223: | local proposal 1 type PRF has 2 transforms Sep 21 07:24:54.694225: | local proposal 1 type INTEG has 1 transforms Sep 21 07:24:54.694227: | local proposal 1 type DH has 8 transforms Sep 21 07:24:54.694229: | local proposal 1 type ESN has 0 transforms Sep 21 07:24:54.694232: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:24:54.694234: | local proposal 2 type ENCR has 1 transforms Sep 21 07:24:54.694236: | local proposal 2 type PRF has 2 transforms Sep 21 07:24:54.694238: | local proposal 2 type INTEG has 1 transforms Sep 21 07:24:54.694240: | local proposal 2 type DH has 8 transforms Sep 21 07:24:54.694242: | local proposal 2 type ESN has 0 transforms Sep 21 07:24:54.694245: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:24:54.694247: | local proposal 3 type ENCR has 1 transforms Sep 21 07:24:54.694250: | local proposal 3 type PRF has 2 transforms Sep 21 07:24:54.694252: | local proposal 3 type INTEG has 2 transforms Sep 21 07:24:54.694254: | local proposal 3 type DH has 8 transforms Sep 21 07:24:54.694256: | local proposal 3 type ESN has 0 transforms Sep 21 07:24:54.694259: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:24:54.694261: | local proposal 4 type ENCR has 1 transforms Sep 21 07:24:54.694263: | local proposal 4 type PRF has 2 transforms Sep 21 07:24:54.694332: | local proposal 4 type INTEG has 2 transforms Sep 21 07:24:54.694339: | local proposal 4 type DH has 8 transforms Sep 21 07:24:54.694341: | local proposal 4 type ESN has 0 transforms Sep 21 07:24:54.694345: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:24:54.694348: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.694351: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.694354: | length: 100 (0x64) Sep 21 07:24:54.694356: | prop #: 1 (0x1) Sep 21 07:24:54.694359: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.694361: | spi size: 0 (0x0) Sep 21 07:24:54.694363: | # transforms: 11 (0xb) Sep 21 07:24:54.694367: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:24:54.694370: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694375: | length: 12 (0xc) Sep 21 07:24:54.694377: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.694379: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.694385: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.694388: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.694390: | length/value: 256 (0x100) Sep 21 07:24:54.694395: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:24:54.694397: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694402: | length: 8 (0x8) Sep 21 07:24:54.694405: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694407: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.694411: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:24:54.694414: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:24:54.694418: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:24:54.694421: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:24:54.694424: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694429: | length: 8 (0x8) Sep 21 07:24:54.694432: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694434: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.694437: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694443: | length: 8 (0x8) Sep 21 07:24:54.694445: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694448: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.694452: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:24:54.694455: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:24:54.694458: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:24:54.694462: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:24:54.694465: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694470: | length: 8 (0x8) Sep 21 07:24:54.694473: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694475: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.694478: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694483: | length: 8 (0x8) Sep 21 07:24:54.694486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694488: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.694491: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694496: | length: 8 (0x8) Sep 21 07:24:54.694498: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694500: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.694502: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694507: | length: 8 (0x8) Sep 21 07:24:54.694509: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694511: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.694512: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694515: | length: 8 (0x8) Sep 21 07:24:54.694517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694518: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.694520: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694524: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694525: | length: 8 (0x8) Sep 21 07:24:54.694527: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694528: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.694530: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694532: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.694533: | length: 8 (0x8) Sep 21 07:24:54.694535: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694536: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.694539: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:24:54.694542: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:24:54.694543: | remote proposal 1 matches local proposal 1 Sep 21 07:24:54.694545: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.694547: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.694548: | length: 100 (0x64) Sep 21 07:24:54.694550: | prop #: 2 (0x2) Sep 21 07:24:54.694551: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.694553: | spi size: 0 (0x0) Sep 21 07:24:54.694554: | # transforms: 11 (0xb) Sep 21 07:24:54.694557: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:24:54.694558: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694561: | length: 12 (0xc) Sep 21 07:24:54.694563: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.694565: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.694566: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.694568: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.694570: | length/value: 128 (0x80) Sep 21 07:24:54.694571: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694574: | length: 8 (0x8) Sep 21 07:24:54.694576: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694578: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.694579: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694582: | length: 8 (0x8) Sep 21 07:24:54.694584: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694585: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.694587: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694590: | length: 8 (0x8) Sep 21 07:24:54.694592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694593: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.694595: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694598: | length: 8 (0x8) Sep 21 07:24:54.694599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694601: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.694603: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694606: | length: 8 (0x8) Sep 21 07:24:54.694607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694609: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.694610: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694613: | length: 8 (0x8) Sep 21 07:24:54.694615: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694616: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.694620: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694621: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694623: | length: 8 (0x8) Sep 21 07:24:54.694624: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694626: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.694628: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694631: | length: 8 (0x8) Sep 21 07:24:54.694632: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694634: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.694635: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694638: | length: 8 (0x8) Sep 21 07:24:54.694640: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694641: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.694643: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694645: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.694646: | length: 8 (0x8) Sep 21 07:24:54.694648: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694649: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.694651: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:24:54.694653: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:24:54.694655: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.694657: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.694658: | length: 116 (0x74) Sep 21 07:24:54.694660: | prop #: 3 (0x3) Sep 21 07:24:54.694661: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.694663: | spi size: 0 (0x0) Sep 21 07:24:54.694664: | # transforms: 13 (0xd) Sep 21 07:24:54.694666: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:24:54.694668: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694671: | length: 12 (0xc) Sep 21 07:24:54.694672: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.694674: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.694675: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.694677: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.694679: | length/value: 256 (0x100) Sep 21 07:24:54.694680: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694683: | length: 8 (0x8) Sep 21 07:24:54.694685: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694686: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.694688: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694691: | length: 8 (0x8) Sep 21 07:24:54.694693: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694694: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.694696: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694699: | length: 8 (0x8) Sep 21 07:24:54.694700: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.694702: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.694703: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694705: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694706: | length: 8 (0x8) Sep 21 07:24:54.694708: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.694710: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.694711: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694715: | length: 8 (0x8) Sep 21 07:24:54.694717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694718: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.694720: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694723: | length: 8 (0x8) Sep 21 07:24:54.694724: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694726: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.694727: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694730: | length: 8 (0x8) Sep 21 07:24:54.694732: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694733: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.694735: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694738: | length: 8 (0x8) Sep 21 07:24:54.694740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694741: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.694743: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694746: | length: 8 (0x8) Sep 21 07:24:54.694747: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694749: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.694750: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694753: | length: 8 (0x8) Sep 21 07:24:54.694755: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694756: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.694758: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694761: | length: 8 (0x8) Sep 21 07:24:54.694763: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694764: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.694766: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694767: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.694769: | length: 8 (0x8) Sep 21 07:24:54.694770: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694772: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.694774: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:24:54.694776: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:24:54.694778: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.694779: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.694781: | length: 116 (0x74) Sep 21 07:24:54.694782: | prop #: 4 (0x4) Sep 21 07:24:54.694791: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.694792: | spi size: 0 (0x0) Sep 21 07:24:54.694794: | # transforms: 13 (0xd) Sep 21 07:24:54.694796: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:24:54.694798: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694800: | length: 12 (0xc) Sep 21 07:24:54.694802: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.694804: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.694805: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.694807: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.694808: | length/value: 128 (0x80) Sep 21 07:24:54.694810: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694813: | length: 8 (0x8) Sep 21 07:24:54.694815: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694817: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.694819: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694822: | length: 8 (0x8) Sep 21 07:24:54.694823: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.694825: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.694826: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694828: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694829: | length: 8 (0x8) Sep 21 07:24:54.694831: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.694832: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.694834: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694837: | length: 8 (0x8) Sep 21 07:24:54.694839: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.694840: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.694842: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694843: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694845: | length: 8 (0x8) Sep 21 07:24:54.694846: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694848: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.694849: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694852: | length: 8 (0x8) Sep 21 07:24:54.694854: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694855: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.694857: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694860: | length: 8 (0x8) Sep 21 07:24:54.694862: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694863: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.694865: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694868: | length: 8 (0x8) Sep 21 07:24:54.694869: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694871: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.694872: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694875: | length: 8 (0x8) Sep 21 07:24:54.694877: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694878: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.694880: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694883: | length: 8 (0x8) Sep 21 07:24:54.694884: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694886: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.694888: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.694891: | length: 8 (0x8) Sep 21 07:24:54.694892: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694894: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.694895: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.694897: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.694898: | length: 8 (0x8) Sep 21 07:24:54.694900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.694901: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.694904: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:24:54.694905: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:24:54.694910: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:24:54.694913: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:24:54.694915: | converting proposal to internal trans attrs Sep 21 07:24:54.694918: | natd_hash: rcookie is zero Sep 21 07:24:54.694931: | natd_hash: hasher=0x56524cc4d7a0(20) Sep 21 07:24:54.694933: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.694934: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:24:54.694936: | natd_hash: ip= c0 01 02 17 Sep 21 07:24:54.694937: | natd_hash: port= 01 f4 Sep 21 07:24:54.694939: | natd_hash: hash= bc 8c 28 17 36 b2 15 dc b1 6c 25 f4 84 f6 f6 cd Sep 21 07:24:54.694940: | natd_hash: hash= 56 a5 75 8d Sep 21 07:24:54.694942: | natd_hash: rcookie is zero Sep 21 07:24:54.694946: | natd_hash: hasher=0x56524cc4d7a0(20) Sep 21 07:24:54.694947: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.694949: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:24:54.694950: | natd_hash: ip= c0 01 02 2d Sep 21 07:24:54.694952: | natd_hash: port= 01 f4 Sep 21 07:24:54.694953: | natd_hash: hash= 39 79 83 c0 f2 9c 74 04 cd 32 68 63 60 c5 7d 1d Sep 21 07:24:54.694954: | natd_hash: hash= f4 0a 08 6a Sep 21 07:24:54.694956: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:24:54.694957: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:24:54.694959: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:24:54.694961: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Sep 21 07:24:54.694965: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:24:54.694967: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56524dddc610 Sep 21 07:24:54.694970: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:24:54.694972: | libevent_malloc: new ptr-libevent@0x56524ddde850 size 128 Sep 21 07:24:54.694983: | #1 spent 0.766 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:24:54.694985: | crypto helper 5 resuming Sep 21 07:24:54.694990: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.694991: | crypto helper 5 starting work-order 1 for state #1 Sep 21 07:24:54.694993: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:24:54.694996: | crypto helper 5 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:24:54.694996: | suspending state #1 and saving MD Sep 21 07:24:54.695005: | #1 is busy; has a suspended MD Sep 21 07:24:54.695010: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:24:54.695014: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:24:54.695018: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:24:54.695023: | #1 spent 1.28 milliseconds in ikev2_process_packet() Sep 21 07:24:54.695028: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:24:54.695031: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:54.695034: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:54.695038: | spent 1.3 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:54.695607: | crypto helper 5 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000612 seconds Sep 21 07:24:54.695613: | (#1) spent 0.617 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:24:54.695615: | crypto helper 5 sending results from work-order 1 for state #1 to event queue Sep 21 07:24:54.695617: | scheduling resume sending helper answer for #1 Sep 21 07:24:54.695619: | libevent_malloc: new ptr-libevent@0x7f7884006900 size 128 Sep 21 07:24:54.695626: | crypto helper 5 waiting (nothing to do) Sep 21 07:24:54.695633: | processing resume sending helper answer for #1 Sep 21 07:24:54.695638: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:24:54.695640: | crypto helper 5 replies to request ID 1 Sep 21 07:24:54.695642: | calling continuation function 0x56524cb77630 Sep 21 07:24:54.695644: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:24:54.695669: | **emit ISAKMP Message: Sep 21 07:24:54.695671: | initiator cookie: Sep 21 07:24:54.695673: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.695674: | responder cookie: Sep 21 07:24:54.695675: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.695677: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:54.695679: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.695681: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:24:54.695683: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:24:54.695684: | Message ID: 0 (0x0) Sep 21 07:24:54.695686: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:54.695688: | Emitting ikev2_proposal ... Sep 21 07:24:54.695690: | ***emit IKEv2 Security Association Payload: Sep 21 07:24:54.695691: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.695693: | flags: none (0x0) Sep 21 07:24:54.695695: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:24:54.695697: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.695699: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.695700: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.695702: | prop #: 1 (0x1) Sep 21 07:24:54.695704: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.695705: | spi size: 0 (0x0) Sep 21 07:24:54.695707: | # transforms: 3 (0x3) Sep 21 07:24:54.695708: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.695710: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.695712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.695713: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.695715: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.695717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.695719: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.695720: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.695722: | length/value: 256 (0x100) Sep 21 07:24:54.695724: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.695726: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.695727: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.695729: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.695732: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.695734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.695736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.695737: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.695739: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.695741: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.695742: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.695744: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.695746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.695747: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.695749: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.695751: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:24:54.695752: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.695754: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:24:54.695756: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:24:54.695758: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:24:54.695759: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.695761: | flags: none (0x0) Sep 21 07:24:54.695763: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.695765: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:24:54.695767: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.695770: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:24:54.695774: | ikev2 g^x 01 bc 9e 43 7e a6 76 14 d5 06 e6 2a 18 53 e9 9d Sep 21 07:24:54.695779: | ikev2 g^x ab 00 d5 2f 87 f4 70 90 4b 19 f3 3a 8b 7c 91 d3 Sep 21 07:24:54.695781: | ikev2 g^x 56 80 65 05 da 45 d8 e9 65 11 a7 1c eb 6a 5f b4 Sep 21 07:24:54.695801: | ikev2 g^x eb fe a8 d6 db 98 34 40 ad fb ce 99 e6 88 40 c9 Sep 21 07:24:54.695804: | ikev2 g^x 2d f5 f6 89 8e 3e ba 66 c7 8d c1 fe 57 af ae fb Sep 21 07:24:54.695807: | ikev2 g^x 8d 8c e6 eb e5 dd 63 17 cc 8e 91 91 b6 e7 e8 5f Sep 21 07:24:54.695810: | ikev2 g^x 14 ae 31 7f 16 ba e4 78 7e e0 36 55 f5 2c a8 97 Sep 21 07:24:54.695812: | ikev2 g^x 5c fa 51 59 bd f7 57 87 9a fd db 41 d7 38 13 cf Sep 21 07:24:54.695815: | ikev2 g^x 3d 1d 42 58 35 df 07 03 e6 31 3c 5e 57 2a 68 b3 Sep 21 07:24:54.695818: | ikev2 g^x eb 7f 1b fb 58 cb dd cb 1e ec d4 ea 83 1d cc cb Sep 21 07:24:54.695821: | ikev2 g^x 5c e2 be 3f 9a 8e 1c b6 0d f6 cc 10 0b 9b 65 de Sep 21 07:24:54.695823: | ikev2 g^x 0f a7 94 de a2 d4 9e 83 03 b8 c4 44 16 93 46 08 Sep 21 07:24:54.695826: | ikev2 g^x 20 d1 df fc aa a8 f1 6a b7 e5 13 0d a8 49 66 f2 Sep 21 07:24:54.695828: | ikev2 g^x d3 6c 69 cb 94 1c e4 e2 ed 46 cc 89 2c 00 68 e9 Sep 21 07:24:54.695831: | ikev2 g^x 77 e3 0b b9 d6 07 ef 34 ea bb 3b 3d 9b 90 5a a3 Sep 21 07:24:54.695833: | ikev2 g^x 41 59 34 8b 11 d9 32 68 20 0b 55 87 9d 4e ca 9e Sep 21 07:24:54.695836: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:24:54.695839: | ***emit IKEv2 Nonce Payload: Sep 21 07:24:54.695843: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.695846: | flags: none (0x0) Sep 21 07:24:54.695849: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:24:54.695856: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:24:54.695859: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.695863: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:24:54.695866: | IKEv2 nonce 84 32 a2 9f b0 33 e2 1e 35 fe 54 e3 9b 22 aa ac Sep 21 07:24:54.695868: | IKEv2 nonce 4d d9 63 c3 4c c1 4b a3 98 97 f4 52 1e 3f b3 0a Sep 21 07:24:54.695870: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:24:54.695873: | Adding a v2N Payload Sep 21 07:24:54.695875: | ***emit IKEv2 Notify Payload: Sep 21 07:24:54.695878: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.695880: | flags: none (0x0) Sep 21 07:24:54.695883: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.695885: | SPI size: 0 (0x0) Sep 21 07:24:54.695888: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:24:54.695892: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:54.695896: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.695899: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:24:54.695902: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:24:54.695912: | natd_hash: hasher=0x56524cc4d7a0(20) Sep 21 07:24:54.695915: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.695918: | natd_hash: rcookie= 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.695921: | natd_hash: ip= c0 01 02 17 Sep 21 07:24:54.695924: | natd_hash: port= 01 f4 Sep 21 07:24:54.695927: | natd_hash: hash= d4 ec c7 77 b5 79 0b aa c9 04 5f ff 73 1e 64 18 Sep 21 07:24:54.695929: | natd_hash: hash= 4a 11 8a 2b Sep 21 07:24:54.695932: | Adding a v2N Payload Sep 21 07:24:54.695934: | ***emit IKEv2 Notify Payload: Sep 21 07:24:54.695936: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.695938: | flags: none (0x0) Sep 21 07:24:54.695939: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.695941: | SPI size: 0 (0x0) Sep 21 07:24:54.695943: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:24:54.695945: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:54.695947: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.695949: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:24:54.695950: | Notify data d4 ec c7 77 b5 79 0b aa c9 04 5f ff 73 1e 64 18 Sep 21 07:24:54.695952: | Notify data 4a 11 8a 2b Sep 21 07:24:54.695953: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:24:54.695958: | natd_hash: hasher=0x56524cc4d7a0(20) Sep 21 07:24:54.695960: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.695961: | natd_hash: rcookie= 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.695963: | natd_hash: ip= c0 01 02 2d Sep 21 07:24:54.695964: | natd_hash: port= 01 f4 Sep 21 07:24:54.695966: | natd_hash: hash= 6c 50 50 b3 bf 82 fa 0d aa bf 31 a6 79 43 22 8a Sep 21 07:24:54.695967: | natd_hash: hash= 7f 9b 50 d1 Sep 21 07:24:54.695968: | Adding a v2N Payload Sep 21 07:24:54.695970: | ***emit IKEv2 Notify Payload: Sep 21 07:24:54.695971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.695973: | flags: none (0x0) Sep 21 07:24:54.695975: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.695976: | SPI size: 0 (0x0) Sep 21 07:24:54.695978: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:24:54.695980: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:54.695981: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.695985: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:24:54.695987: | Notify data 6c 50 50 b3 bf 82 fa 0d aa bf 31 a6 79 43 22 8a Sep 21 07:24:54.695988: | Notify data 7f 9b 50 d1 Sep 21 07:24:54.695989: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:24:54.695991: | emitting length of ISAKMP Message: 432 Sep 21 07:24:54.695996: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.695998: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:24:54.696000: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:24:54.696002: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:24:54.696004: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:24:54.696007: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:24:54.696010: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:24:54.696013: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:24:54.696016: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:24:54.696023: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:24:54.696025: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.696026: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:24:54.696028: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:24:54.696029: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:24:54.696031: | 04 00 00 0e 28 00 01 08 00 0e 00 00 01 bc 9e 43 Sep 21 07:24:54.696032: | 7e a6 76 14 d5 06 e6 2a 18 53 e9 9d ab 00 d5 2f Sep 21 07:24:54.696033: | 87 f4 70 90 4b 19 f3 3a 8b 7c 91 d3 56 80 65 05 Sep 21 07:24:54.696035: | da 45 d8 e9 65 11 a7 1c eb 6a 5f b4 eb fe a8 d6 Sep 21 07:24:54.696036: | db 98 34 40 ad fb ce 99 e6 88 40 c9 2d f5 f6 89 Sep 21 07:24:54.696038: | 8e 3e ba 66 c7 8d c1 fe 57 af ae fb 8d 8c e6 eb Sep 21 07:24:54.696039: | e5 dd 63 17 cc 8e 91 91 b6 e7 e8 5f 14 ae 31 7f Sep 21 07:24:54.696041: | 16 ba e4 78 7e e0 36 55 f5 2c a8 97 5c fa 51 59 Sep 21 07:24:54.696042: | bd f7 57 87 9a fd db 41 d7 38 13 cf 3d 1d 42 58 Sep 21 07:24:54.696043: | 35 df 07 03 e6 31 3c 5e 57 2a 68 b3 eb 7f 1b fb Sep 21 07:24:54.696045: | 58 cb dd cb 1e ec d4 ea 83 1d cc cb 5c e2 be 3f Sep 21 07:24:54.696046: | 9a 8e 1c b6 0d f6 cc 10 0b 9b 65 de 0f a7 94 de Sep 21 07:24:54.696048: | a2 d4 9e 83 03 b8 c4 44 16 93 46 08 20 d1 df fc Sep 21 07:24:54.696049: | aa a8 f1 6a b7 e5 13 0d a8 49 66 f2 d3 6c 69 cb Sep 21 07:24:54.696051: | 94 1c e4 e2 ed 46 cc 89 2c 00 68 e9 77 e3 0b b9 Sep 21 07:24:54.696052: | d6 07 ef 34 ea bb 3b 3d 9b 90 5a a3 41 59 34 8b Sep 21 07:24:54.696053: | 11 d9 32 68 20 0b 55 87 9d 4e ca 9e 29 00 00 24 Sep 21 07:24:54.696055: | 84 32 a2 9f b0 33 e2 1e 35 fe 54 e3 9b 22 aa ac Sep 21 07:24:54.696056: | 4d d9 63 c3 4c c1 4b a3 98 97 f4 52 1e 3f b3 0a Sep 21 07:24:54.696058: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:24:54.696059: | d4 ec c7 77 b5 79 0b aa c9 04 5f ff 73 1e 64 18 Sep 21 07:24:54.696061: | 4a 11 8a 2b 00 00 00 1c 00 00 40 05 6c 50 50 b3 Sep 21 07:24:54.696062: | bf 82 fa 0d aa bf 31 a6 79 43 22 8a 7f 9b 50 d1 Sep 21 07:24:54.696096: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:24:54.696103: | libevent_free: release ptr-libevent@0x56524ddde850 Sep 21 07:24:54.696106: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56524dddc610 Sep 21 07:24:54.696113: | event_schedule: new EVENT_SO_DISCARD-pe@0x56524dddc610 Sep 21 07:24:54.696117: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:24:54.696120: | libevent_malloc: new ptr-libevent@0x56524ddde850 size 128 Sep 21 07:24:54.696124: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:24:54.696129: | #1 spent 0.463 milliseconds in resume sending helper answer Sep 21 07:24:54.696135: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:24:54.696138: | libevent_free: release ptr-libevent@0x7f7884006900 Sep 21 07:24:54.698734: | spent 0.00213 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:54.698751: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:24:54.698754: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.698757: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:24:54.698759: | 5d 73 e1 1b 38 c7 aa aa 9c d5 b0 84 b6 76 28 9b Sep 21 07:24:54.698761: | 68 26 f0 92 0f ed c2 31 95 00 4d 55 f5 e3 8e 8e Sep 21 07:24:54.698763: | 0d 36 bb 72 10 74 7f 7e 4d 21 be ea 26 04 da d3 Sep 21 07:24:54.698765: | 13 0a 24 9a 9e b1 47 42 27 94 b0 d7 24 fb 9d 1b Sep 21 07:24:54.698767: | 1f aa 19 64 c9 db 74 ff 85 85 9e f6 9f 52 35 f6 Sep 21 07:24:54.698769: | 43 93 34 35 c5 7d bd d2 2f 42 48 9c 32 d6 2f 44 Sep 21 07:24:54.698771: | 7c e2 f0 27 68 1e 3d 07 c1 63 43 64 a2 48 f5 24 Sep 21 07:24:54.698773: | 92 ba 11 1c 9b 59 b7 01 56 99 35 e8 cc 72 69 25 Sep 21 07:24:54.698775: | e2 a6 0a 8c 3b 59 b2 e4 4e 4b 78 22 24 7a 1a f6 Sep 21 07:24:54.698777: | da 9f 45 61 71 d2 35 60 b5 48 2b a6 f9 78 e4 a6 Sep 21 07:24:54.698779: | cb 97 4e f9 29 89 07 75 2c 54 91 5d 78 6e ac 5d Sep 21 07:24:54.698781: | 87 bc fe 7e 36 00 6e c0 95 9d be 48 18 cd a8 63 Sep 21 07:24:54.698787: | 8b dc 21 59 40 bb 0d 0a 96 02 62 0f 97 75 00 95 Sep 21 07:24:54.698791: | 75 2b d8 c9 26 84 7d 6d 55 58 24 00 57 ba 8b d2 Sep 21 07:24:54.698800: | e9 2b 4e cf b8 11 ea 43 ce 32 d3 6d db 00 62 28 Sep 21 07:24:54.698802: | 75 55 17 00 52 59 35 2c 00 5a 51 30 a0 c1 e6 e0 Sep 21 07:24:54.698804: | 00 2d c0 f2 9f 7c 32 6a 75 f5 e6 d6 62 23 12 31 Sep 21 07:24:54.698807: | 0b 2f f5 7d e6 7a 63 fc e4 b3 ca 1b 70 df 66 38 Sep 21 07:24:54.698809: | 05 0b 49 47 b0 20 6e 90 4a 3f c2 a2 44 78 3e 94 Sep 21 07:24:54.698811: | 27 4e 52 81 51 c4 58 5d dd db c3 58 db b7 b9 8f Sep 21 07:24:54.698813: | 89 45 29 40 49 20 13 59 b8 cb ef d4 41 Sep 21 07:24:54.698818: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:24:54.698821: | **parse ISAKMP Message: Sep 21 07:24:54.698823: | initiator cookie: Sep 21 07:24:54.698825: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.698826: | responder cookie: Sep 21 07:24:54.698828: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.698830: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:24:54.698831: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.698833: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:24:54.698835: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:24:54.698836: | Message ID: 1 (0x1) Sep 21 07:24:54.698838: | length: 365 (0x16d) Sep 21 07:24:54.698840: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:24:54.698842: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:24:54.698846: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:24:54.698850: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:24:54.698852: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:24:54.698855: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:24:54.698860: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:24:54.698863: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:24:54.698866: | unpacking clear payload Sep 21 07:24:54.698868: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:24:54.698871: | ***parse IKEv2 Encryption Payload: Sep 21 07:24:54.698873: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:24:54.698876: | flags: none (0x0) Sep 21 07:24:54.698878: | length: 337 (0x151) Sep 21 07:24:54.698881: | processing payload: ISAKMP_NEXT_v2SK (len=333) Sep 21 07:24:54.698885: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:24:54.698888: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:24:54.698891: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:24:54.698894: | Now let's proceed with state specific processing Sep 21 07:24:54.698896: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:24:54.698899: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:24:54.698903: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:24:54.698906: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:24:54.698908: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:24:54.698911: | libevent_free: release ptr-libevent@0x56524ddde850 Sep 21 07:24:54.698913: | free_event_entry: release EVENT_SO_DISCARD-pe@0x56524dddc610 Sep 21 07:24:54.698916: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56524dddc610 Sep 21 07:24:54.698919: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:24:54.698922: | libevent_malloc: new ptr-libevent@0x56524ddde850 size 128 Sep 21 07:24:54.698933: | #1 spent 0.0319 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:24:54.698939: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.698943: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:24:54.698945: | suspending state #1 and saving MD Sep 21 07:24:54.698948: | #1 is busy; has a suspended MD Sep 21 07:24:54.698952: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:24:54.698955: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:24:54.698960: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:24:54.698964: | #1 spent 0.212 milliseconds in ikev2_process_packet() Sep 21 07:24:54.698968: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:24:54.698971: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:54.698974: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:54.698978: | spent 0.225 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:54.699154: | crypto helper 3 resuming Sep 21 07:24:54.699163: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:24:54.699168: | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:24:54.700025: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:24:54.700464: | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001296 seconds Sep 21 07:24:54.700474: | (#1) spent 1.19 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:24:54.700479: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:24:54.700481: | scheduling resume sending helper answer for #1 Sep 21 07:24:54.700484: | libevent_malloc: new ptr-libevent@0x7f787c006b90 size 128 Sep 21 07:24:54.700492: | crypto helper 3 waiting (nothing to do) Sep 21 07:24:54.700501: | processing resume sending helper answer for #1 Sep 21 07:24:54.700508: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:24:54.700511: | crypto helper 3 replies to request ID 2 Sep 21 07:24:54.700516: | calling continuation function 0x56524cb77630 Sep 21 07:24:54.700519: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:24:54.700522: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:24:54.700536: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:24:54.700540: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:24:54.700544: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:24:54.700547: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:24:54.700550: | flags: none (0x0) Sep 21 07:24:54.700552: | length: 12 (0xc) Sep 21 07:24:54.700554: | ID type: ID_FQDN (0x2) Sep 21 07:24:54.700557: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:24:54.700559: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:24:54.700562: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:24:54.700563: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:24:54.700565: | flags: none (0x0) Sep 21 07:24:54.700566: | length: 12 (0xc) Sep 21 07:24:54.700568: | ID type: ID_FQDN (0x2) Sep 21 07:24:54.700569: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:24:54.700571: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:24:54.700573: | **parse IKEv2 Authentication Payload: Sep 21 07:24:54.700574: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:24:54.700576: | flags: none (0x0) Sep 21 07:24:54.700577: | length: 72 (0x48) Sep 21 07:24:54.700579: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:24:54.700580: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:24:54.700582: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:24:54.700583: | **parse IKEv2 Security Association Payload: Sep 21 07:24:54.700585: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:24:54.700587: | flags: none (0x0) Sep 21 07:24:54.700588: | length: 164 (0xa4) Sep 21 07:24:54.700590: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:24:54.700591: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:24:54.700593: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:24:54.700594: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:24:54.700596: | flags: none (0x0) Sep 21 07:24:54.700597: | length: 24 (0x18) Sep 21 07:24:54.700599: | number of TS: 1 (0x1) Sep 21 07:24:54.700600: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:24:54.700602: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:24:54.700603: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:24:54.700605: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.700606: | flags: none (0x0) Sep 21 07:24:54.700608: | length: 24 (0x18) Sep 21 07:24:54.700609: | number of TS: 1 (0x1) Sep 21 07:24:54.700611: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:24:54.700612: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:24:54.700614: | Now let's proceed with state specific processing Sep 21 07:24:54.700616: | calling processor Responder: process IKE_AUTH request Sep 21 07:24:54.700620: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:24:54.700624: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:24:54.700629: | received IDr payload - extracting our alleged ID Sep 21 07:24:54.700632: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:54.700634: | match_id a=@west Sep 21 07:24:54.700636: | b=@west Sep 21 07:24:54.700637: | results matched Sep 21 07:24:54.700640: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:24:54.700642: | Warning: not switching back to template of current instance Sep 21 07:24:54.700644: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:24:54.700645: | This connection's local id is @east (ID_FQDN) Sep 21 07:24:54.700648: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Sep 21 07:24:54.700651: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:24:54.700654: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:24:54.700657: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:24:54.700660: | 1: compared key @west to @east / @west -> 004 Sep 21 07:24:54.700663: | 2: compared key @east to @east / @west -> 014 Sep 21 07:24:54.700665: | line 1: match=014 Sep 21 07:24:54.700668: | match 014 beats previous best_match 000 match=0x56524ddce560 (line=1) Sep 21 07:24:54.700670: | concluding with best_match=014 best=0x56524ddce560 (lineno=1) Sep 21 07:24:54.700673: | returning because exact peer id match Sep 21 07:24:54.700676: | offered CA: '%none' Sep 21 07:24:54.700679: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Sep 21 07:24:54.700700: | verifying AUTH payload Sep 21 07:24:54.700704: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Sep 21 07:24:54.700708: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:24:54.700710: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:24:54.700713: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:24:54.700716: | 1: compared key @west to @east / @west -> 004 Sep 21 07:24:54.700720: | 2: compared key @east to @east / @west -> 014 Sep 21 07:24:54.700722: | line 1: match=014 Sep 21 07:24:54.700725: | match 014 beats previous best_match 000 match=0x56524ddce560 (line=1) Sep 21 07:24:54.700727: | concluding with best_match=014 best=0x56524ddce560 (lineno=1) Sep 21 07:24:54.700768: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Sep 21 07:24:54.700773: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:24:54.700776: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:24:54.700778: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:24:54.700781: | libevent_free: release ptr-libevent@0x56524ddde850 Sep 21 07:24:54.700791: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56524dddc610 Sep 21 07:24:54.700797: | event_schedule: new EVENT_SA_REKEY-pe@0x56524dddc610 Sep 21 07:24:54.700800: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:24:54.700802: | libevent_malloc: new ptr-libevent@0x56524ddde850 size 128 Sep 21 07:24:54.700997: | pstats #1 ikev2.ike established Sep 21 07:24:54.701007: | **emit ISAKMP Message: Sep 21 07:24:54.701010: | initiator cookie: Sep 21 07:24:54.701013: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.701016: | responder cookie: Sep 21 07:24:54.701018: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.701021: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:54.701024: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.701028: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:24:54.701031: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:24:54.701033: | Message ID: 1 (0x1) Sep 21 07:24:54.701037: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:54.701043: | IKEv2 CERT: send a certificate? Sep 21 07:24:54.701047: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:24:54.701049: | ***emit IKEv2 Encryption Payload: Sep 21 07:24:54.701053: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.701055: | flags: none (0x0) Sep 21 07:24:54.701060: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:24:54.701063: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.701067: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:24:54.701077: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:24:54.701090: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:24:54.701093: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.701096: | flags: none (0x0) Sep 21 07:24:54.701098: | ID type: ID_FQDN (0x2) Sep 21 07:24:54.701102: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:24:54.701105: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.701109: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:24:54.701111: | my identity 65 61 73 74 Sep 21 07:24:54.701114: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:24:54.701120: | assembled IDr payload Sep 21 07:24:54.701123: | CHILD SA proposals received Sep 21 07:24:54.701125: | going to assemble AUTH payload Sep 21 07:24:54.701128: | ****emit IKEv2 Authentication Payload: Sep 21 07:24:54.701130: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:24:54.701133: | flags: none (0x0) Sep 21 07:24:54.701135: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:24:54.701139: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:24:54.701142: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:24:54.701146: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.701149: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Sep 21 07:24:54.701154: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:24:54.701156: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:24:54.701159: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:24:54.701163: | 1: compared key @west to @east / @west -> 004 Sep 21 07:24:54.701166: | 2: compared key @east to @east / @west -> 014 Sep 21 07:24:54.701169: | line 1: match=014 Sep 21 07:24:54.701172: | match 014 beats previous best_match 000 match=0x56524ddce560 (line=1) Sep 21 07:24:54.701174: | concluding with best_match=014 best=0x56524ddce560 (lineno=1) Sep 21 07:24:54.701221: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:24:54.701225: | PSK auth d8 fe 26 3c be af 2e 87 53 53 bf 28 9d de ef e6 Sep 21 07:24:54.701227: | PSK auth ee 55 84 2b ad 4a 81 46 50 b4 05 b9 cf f0 f3 33 Sep 21 07:24:54.701230: | PSK auth fa 4b 07 89 d4 34 4a 09 d9 98 9e cf 31 07 4b f7 Sep 21 07:24:54.701232: | PSK auth 59 d7 74 6b 10 72 1d fe 4c 76 bb 09 97 b8 1b 02 Sep 21 07:24:54.701235: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:24:54.701242: | creating state object #2 at 0x56524dddfcb0 Sep 21 07:24:54.701246: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:24:54.701250: | pstats #2 ikev2.child started Sep 21 07:24:54.701253: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:24:54.701259: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:24:54.701267: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:24:54.701272: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:24:54.701277: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:24:54.701280: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:24:54.701283: | TSi: parsing 1 traffic selectors Sep 21 07:24:54.701286: | ***parse IKEv2 Traffic Selector: Sep 21 07:24:54.701289: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.701292: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.701294: | length: 16 (0x10) Sep 21 07:24:54.701296: | start port: 0 (0x0) Sep 21 07:24:54.701299: | end port: 65535 (0xffff) Sep 21 07:24:54.701302: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:24:54.701304: | TS low c0 00 01 00 Sep 21 07:24:54.701307: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:24:54.701309: | TS high c0 00 01 ff Sep 21 07:24:54.701312: | TSi: parsed 1 traffic selectors Sep 21 07:24:54.701314: | TSr: parsing 1 traffic selectors Sep 21 07:24:54.701316: | ***parse IKEv2 Traffic Selector: Sep 21 07:24:54.701319: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.701322: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.701324: | length: 16 (0x10) Sep 21 07:24:54.701326: | start port: 0 (0x0) Sep 21 07:24:54.701328: | end port: 65535 (0xffff) Sep 21 07:24:54.701331: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:24:54.701333: | TS low c0 00 02 00 Sep 21 07:24:54.701336: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:24:54.701338: | TS high c0 00 02 ff Sep 21 07:24:54.701340: | TSr: parsed 1 traffic selectors Sep 21 07:24:54.701343: | looking for best SPD in current connection Sep 21 07:24:54.701349: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:24:54.701354: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:24:54.701361: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:24:54.701364: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:24:54.701367: | TSi[0] port match: YES fitness 65536 Sep 21 07:24:54.701370: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:24:54.701373: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:24:54.701377: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:24:54.701383: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:24:54.701386: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:24:54.701388: | TSr[0] port match: YES fitness 65536 Sep 21 07:24:54.701391: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:24:54.701394: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:24:54.701397: | best fit so far: TSi[0] TSr[0] Sep 21 07:24:54.701399: | found better spd route for TSi[0],TSr[0] Sep 21 07:24:54.701401: | looking for better host pair Sep 21 07:24:54.701407: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:24:54.701411: | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found Sep 21 07:24:54.701414: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Sep 21 07:24:54.701417: | match_id a=@west Sep 21 07:24:54.701419: | b=@west Sep 21 07:24:54.701421: | results matched Sep 21 07:24:54.701427: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:24:54.701433: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:24:54.701439: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:24:54.701442: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:24:54.701444: | TSi[0] port match: YES fitness 65536 Sep 21 07:24:54.701447: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:24:54.701451: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:24:54.701456: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:24:54.701462: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:24:54.701465: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:24:54.701468: | TSr[0] port match: YES fitness 65536 Sep 21 07:24:54.701471: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:24:54.701474: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:24:54.701477: | best fit so far: TSi[0] TSr[0] Sep 21 07:24:54.701480: | did not find a better connection using host pair Sep 21 07:24:54.701482: | printing contents struct traffic_selector Sep 21 07:24:54.701485: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:24:54.701488: | ipprotoid: 0 Sep 21 07:24:54.701491: | port range: 0-65535 Sep 21 07:24:54.701495: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:24:54.701498: | printing contents struct traffic_selector Sep 21 07:24:54.701501: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:24:54.701503: | ipprotoid: 0 Sep 21 07:24:54.701506: | port range: 0-65535 Sep 21 07:24:54.701510: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:24:54.701515: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:24:54.701523: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:24:54.701531: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:24:54.701534: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:24:54.701539: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:24:54.701544: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:24:54.701551: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.701557: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:24:54.701563: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.701574: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.701578: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:24:54.701582: | local proposal 1 type ENCR has 1 transforms Sep 21 07:24:54.701585: | local proposal 1 type PRF has 0 transforms Sep 21 07:24:54.701589: | local proposal 1 type INTEG has 1 transforms Sep 21 07:24:54.701591: | local proposal 1 type DH has 1 transforms Sep 21 07:24:54.701595: | local proposal 1 type ESN has 1 transforms Sep 21 07:24:54.701599: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:24:54.701602: | local proposal 2 type ENCR has 1 transforms Sep 21 07:24:54.701605: | local proposal 2 type PRF has 0 transforms Sep 21 07:24:54.701608: | local proposal 2 type INTEG has 1 transforms Sep 21 07:24:54.701616: | local proposal 2 type DH has 1 transforms Sep 21 07:24:54.701619: | local proposal 2 type ESN has 1 transforms Sep 21 07:24:54.701623: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:24:54.701626: | local proposal 3 type ENCR has 1 transforms Sep 21 07:24:54.701629: | local proposal 3 type PRF has 0 transforms Sep 21 07:24:54.701632: | local proposal 3 type INTEG has 2 transforms Sep 21 07:24:54.701635: | local proposal 3 type DH has 1 transforms Sep 21 07:24:54.701638: | local proposal 3 type ESN has 1 transforms Sep 21 07:24:54.701642: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:24:54.701645: | local proposal 4 type ENCR has 1 transforms Sep 21 07:24:54.701648: | local proposal 4 type PRF has 0 transforms Sep 21 07:24:54.701651: | local proposal 4 type INTEG has 2 transforms Sep 21 07:24:54.701654: | local proposal 4 type DH has 1 transforms Sep 21 07:24:54.701657: | local proposal 4 type ESN has 1 transforms Sep 21 07:24:54.701661: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:24:54.701665: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.701668: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.701672: | length: 32 (0x20) Sep 21 07:24:54.701674: | prop #: 1 (0x1) Sep 21 07:24:54.701677: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.701680: | spi size: 4 (0x4) Sep 21 07:24:54.701683: | # transforms: 2 (0x2) Sep 21 07:24:54.701687: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:24:54.701690: | remote SPI e4 41 f1 8e Sep 21 07:24:54.701694: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:24:54.701698: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.701704: | length: 12 (0xc) Sep 21 07:24:54.701707: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.701710: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.701713: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.701716: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.701719: | length/value: 256 (0x100) Sep 21 07:24:54.701725: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:24:54.701728: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701731: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.701734: | length: 8 (0x8) Sep 21 07:24:54.701737: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.701740: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.701745: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:24:54.701750: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:24:54.701754: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:24:54.701759: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:24:54.701763: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:24:54.701770: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:24:54.701774: | remote proposal 1 matches local proposal 1 Sep 21 07:24:54.701777: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.701781: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.701796: | length: 32 (0x20) Sep 21 07:24:54.701800: | prop #: 2 (0x2) Sep 21 07:24:54.701803: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.701806: | spi size: 4 (0x4) Sep 21 07:24:54.701810: | # transforms: 2 (0x2) Sep 21 07:24:54.701814: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:24:54.701820: | remote SPI e4 41 f1 8e Sep 21 07:24:54.701825: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:24:54.701829: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.701835: | length: 12 (0xc) Sep 21 07:24:54.701838: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.701841: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.701844: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.701847: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.701850: | length/value: 128 (0x80) Sep 21 07:24:54.701854: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701857: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.701859: | length: 8 (0x8) Sep 21 07:24:54.701863: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.701866: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.701870: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:24:54.701874: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:24:54.701878: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.701881: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.701884: | length: 48 (0x30) Sep 21 07:24:54.701887: | prop #: 3 (0x3) Sep 21 07:24:54.701890: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.701892: | spi size: 4 (0x4) Sep 21 07:24:54.701895: | # transforms: 4 (0x4) Sep 21 07:24:54.701899: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:24:54.701902: | remote SPI e4 41 f1 8e Sep 21 07:24:54.701905: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:24:54.701909: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.701915: | length: 12 (0xc) Sep 21 07:24:54.701918: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.701922: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.701925: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.701928: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.701931: | length/value: 256 (0x100) Sep 21 07:24:54.701935: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.701942: | length: 8 (0x8) Sep 21 07:24:54.701945: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.701948: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.701952: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701955: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.701958: | length: 8 (0x8) Sep 21 07:24:54.701961: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.701964: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.701968: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.701972: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.701975: | length: 8 (0x8) Sep 21 07:24:54.701978: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.701980: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.701985: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:24:54.701989: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:24:54.701992: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.701995: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.701998: | length: 48 (0x30) Sep 21 07:24:54.702001: | prop #: 4 (0x4) Sep 21 07:24:54.702003: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.702006: | spi size: 4 (0x4) Sep 21 07:24:54.702011: | # transforms: 4 (0x4) Sep 21 07:24:54.702015: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:24:54.702018: | remote SPI e4 41 f1 8e Sep 21 07:24:54.702022: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:24:54.702025: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.702028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.702031: | length: 12 (0xc) Sep 21 07:24:54.702034: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.702037: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.702040: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.702043: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.702219: | length/value: 128 (0x80) Sep 21 07:24:54.702225: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.702229: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.702232: | length: 8 (0x8) Sep 21 07:24:54.702234: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.702238: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.702242: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.702245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.702247: | length: 8 (0x8) Sep 21 07:24:54.702251: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.702254: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.702257: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.702261: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.702263: | length: 8 (0x8) Sep 21 07:24:54.702340: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.702346: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.702351: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:24:54.702355: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:24:54.702360: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=e441f18e;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:24:54.702366: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e441f18e;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:24:54.702370: | converting proposal to internal trans attrs Sep 21 07:24:54.702440: | netlink_get_spi: allocated 0xedf69ddd for esp.0@192.1.2.23 Sep 21 07:24:54.702444: | Emitting ikev2_proposal ... Sep 21 07:24:54.702447: | ****emit IKEv2 Security Association Payload: Sep 21 07:24:54.702451: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.702454: | flags: none (0x0) Sep 21 07:24:54.702458: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:24:54.702462: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.702465: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.702468: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.702471: | prop #: 1 (0x1) Sep 21 07:24:54.702474: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.702476: | spi size: 4 (0x4) Sep 21 07:24:54.702479: | # transforms: 2 (0x2) Sep 21 07:24:54.702483: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.702486: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:24:54.702489: | our spi ed f6 9d dd Sep 21 07:24:54.702492: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.702495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.702500: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.702504: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.702507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.702510: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.702513: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.702516: | length/value: 256 (0x100) Sep 21 07:24:54.702519: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.702522: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.702525: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.702528: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.702531: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.702535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.702539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.702542: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.702545: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:24:54.702549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.702552: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:24:54.702556: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:24:54.702560: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:24:54.702564: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.702566: | flags: none (0x0) Sep 21 07:24:54.702569: | number of TS: 1 (0x1) Sep 21 07:24:54.702574: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:24:54.702579: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.702582: | *****emit IKEv2 Traffic Selector: Sep 21 07:24:54.702585: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.702588: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.702591: | start port: 0 (0x0) Sep 21 07:24:54.702594: | end port: 65535 (0xffff) Sep 21 07:24:54.702598: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:24:54.702601: | IP start c0 00 01 00 Sep 21 07:24:54.702605: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:24:54.702608: | IP end c0 00 01 ff Sep 21 07:24:54.702611: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:24:54.702614: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:24:54.702617: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:24:54.702620: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.702623: | flags: none (0x0) Sep 21 07:24:54.702627: | number of TS: 1 (0x1) Sep 21 07:24:54.702632: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:24:54.702637: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.702642: | *****emit IKEv2 Traffic Selector: Sep 21 07:24:54.702646: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.702648: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.702651: | start port: 0 (0x0) Sep 21 07:24:54.702653: | end port: 65535 (0xffff) Sep 21 07:24:54.702657: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:24:54.702662: | IP start c0 00 02 00 Sep 21 07:24:54.702664: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:24:54.702665: | IP end c0 00 02 ff Sep 21 07:24:54.702667: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:24:54.702668: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:24:54.702670: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:24:54.702673: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:24:54.702806: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:24:54.702816: | #1 spent 1.79 milliseconds Sep 21 07:24:54.702818: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:24:54.702820: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:24:54.702822: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:24:54.702825: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:24:54.702826: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:24:54.702831: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:24:54.702835: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:24:54.702837: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:24:54.702839: | AES_GCM_16 requires 4 salt bytes Sep 21 07:24:54.702842: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:24:54.702848: | setting IPsec SA replay-window to 32 Sep 21 07:24:54.702852: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:24:54.702856: | netlink: enabling tunnel mode Sep 21 07:24:54.702859: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:24:54.702861: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:24:54.702949: | netlink response for Add SA esp.e441f18e@192.1.2.45 included non-error error Sep 21 07:24:54.703045: | set up outgoing SA, ref=0/0 Sep 21 07:24:54.703049: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:24:54.703052: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:24:54.703054: | AES_GCM_16 requires 4 salt bytes Sep 21 07:24:54.703056: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:24:54.703059: | setting IPsec SA replay-window to 32 Sep 21 07:24:54.703062: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:24:54.703065: | netlink: enabling tunnel mode Sep 21 07:24:54.703067: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:24:54.703069: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:24:54.703180: | netlink response for Add SA esp.edf69ddd@192.1.2.23 included non-error error Sep 21 07:24:54.703187: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:54.703194: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:24:54.703198: | IPsec Sa SPD priority set to 1042407 Sep 21 07:24:54.703629: | raw_eroute result=success Sep 21 07:24:54.703642: | set up incoming SA, ref=0/0 Sep 21 07:24:54.703651: | sr for #2: unrouted Sep 21 07:24:54.703654: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:24:54.703657: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:24:54.703660: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:24:54.703668: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:24:54.703672: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:24:54.703680: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:24:54.703685: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:54.703700: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Sep 21 07:24:54.703704: | IPsec Sa SPD priority set to 1042407 Sep 21 07:24:54.703732: | raw_eroute result=success Sep 21 07:24:54.704015: | running updown command "ipsec _updown" for verb up Sep 21 07:24:54.704021: | command executing up-client Sep 21 07:24:54.704050: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Sep 21 07:24:54.704054: | popen cmd is 1046 chars long Sep 21 07:24:54.704057: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:24:54.704060: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Sep 21 07:24:54.704062: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Sep 21 07:24:54.704065: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Sep 21 07:24:54.704068: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Sep 21 07:24:54.704070: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Sep 21 07:24:54.704073: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:24:54.704075: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Sep 21 07:24:54.704078: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:24:54.704080: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:24:54.704083: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:24:54.704085: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:24:54.704088: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe441f18e SPI_OUT=0xedf69ddd ipsec _updow: Sep 21 07:24:54.704090: | cmd(1040):n 2>&1: Sep 21 07:24:54.732546: | route_and_eroute: firewall_notified: true Sep 21 07:24:54.732559: | running updown command "ipsec _updown" for verb prepare Sep 21 07:24:54.732563: | command executing prepare-client Sep 21 07:24:54.732593: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:24:54.732599: | popen cmd is 1051 chars long Sep 21 07:24:54.732602: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:24:54.732605: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Sep 21 07:24:54.732608: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:24:54.732610: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:24:54.732613: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Sep 21 07:24:54.732615: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:24:54.732618: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:24:54.732620: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:24:54.732622: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:24:54.732625: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:24:54.732627: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:24:54.732630: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:24:54.732632: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe441f18e SPI_OUT=0xedf69ddd ipsec _: Sep 21 07:24:54.732635: | cmd(1040):updown 2>&1: Sep 21 07:24:54.774719: | running updown command "ipsec _updown" for verb route Sep 21 07:24:54.774738: | command executing route-client Sep 21 07:24:54.774779: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:24:54.774791: | popen cmd is 1049 chars long Sep 21 07:24:54.774796: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:24:54.774799: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Sep 21 07:24:54.774803: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Sep 21 07:24:54.774807: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Sep 21 07:24:54.774811: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Sep 21 07:24:54.774814: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:24:54.774818: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:24:54.774821: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:24:54.774825: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:24:54.774833: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:24:54.774836: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:24:54.774840: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:24:54.774844: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe441f18e SPI_OUT=0xedf69ddd ipsec _up: Sep 21 07:24:54.774846: | cmd(1040):down 2>&1: Sep 21 07:24:54.816648: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x56524ddd9ef0,sr=0x56524ddd9ef0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:24:54.819582: | #1 spent 1.03 milliseconds in install_ipsec_sa() Sep 21 07:24:54.819597: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:24:54.819601: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:24:54.819605: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:24:54.819609: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:24:54.819612: | emitting length of IKEv2 Encryption Payload: 197 Sep 21 07:24:54.819614: | emitting length of ISAKMP Message: 225 Sep 21 07:24:54.819632: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:24:54.819638: | #1 spent 2.89 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:24:54.819646: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.819651: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.819656: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:24:54.819659: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:24:54.819663: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:24:54.819666: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:24:54.819672: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:24:54.819677: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:24:54.819680: | pstats #2 ikev2.child established Sep 21 07:24:54.819688: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Sep 21 07:24:54.819692: | NAT-T: encaps is 'auto' Sep 21 07:24:54.819698: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xe441f18e <0xedf69ddd xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:24:54.819703: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:24:54.819709: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:24:54.819712: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.819714: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:24:54.819717: | 12 3f 26 3e 25 ef b1 32 d6 68 c5 00 02 00 02 d8 Sep 21 07:24:54.819719: | a7 d6 cf bc 4c 85 9d 30 d6 ff 28 30 53 3f 9d 09 Sep 21 07:24:54.819722: | 11 93 7c 1b 06 ec 8f 8c 50 30 42 a6 e0 d3 42 d2 Sep 21 07:24:54.819724: | 17 6f b4 91 c7 26 39 fa 69 1e 2a 6d dc 76 1c 62 Sep 21 07:24:54.819726: | 3d b1 02 a4 2c 1f d6 f6 ac 4f b5 fb 53 5b 25 03 Sep 21 07:24:54.819729: | 53 ad c6 be ad 8c 85 25 c0 ab bf b8 70 e3 fa 80 Sep 21 07:24:54.819735: | 11 3b 28 27 b5 10 b9 38 ea c6 8e 3a 16 34 61 f8 Sep 21 07:24:54.819737: | 08 f6 23 2e fd 80 a9 ca 72 91 0b b6 0b 6e 23 5d Sep 21 07:24:54.819740: | e4 e7 ee 82 4a 75 dc ef b2 46 91 7d c3 a2 30 7e Sep 21 07:24:54.819742: | e5 31 15 f0 87 65 dc c4 74 be 4e c7 c4 84 2b 9b Sep 21 07:24:54.819744: | 06 99 ac fe f1 3c 47 89 15 ab ef 18 3e e2 e8 09 Sep 21 07:24:54.819747: | f5 1f 44 a3 8e 12 fe 4a 48 65 c7 f6 d5 45 04 03 Sep 21 07:24:54.819749: | de Sep 21 07:24:54.819815: | releasing whack for #2 (sock=fd@-1) Sep 21 07:24:54.819821: | releasing whack and unpending for parent #1 Sep 21 07:24:54.819825: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:54.819829: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:24:54.819833: | event_schedule: new EVENT_SA_REKEY-pe@0x7f7884002b20 Sep 21 07:24:54.819837: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:24:54.819841: | libevent_malloc: new ptr-libevent@0x56524dde36a0 size 128 Sep 21 07:24:54.819853: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:24:54.819858: | #1 spent 3.16 milliseconds in resume sending helper answer Sep 21 07:24:54.819864: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:24:54.819868: | libevent_free: release ptr-libevent@0x7f787c006b90 Sep 21 07:24:54.819880: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.819885: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.819890: | spent 0.0049 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:54.819893: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.819896: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.819900: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:54.819902: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.819905: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.819909: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:56.801363: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:56.801605: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:56.801611: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:56.801688: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:56.801692: | FOR_EACH_STATE_... in sort_states Sep 21 07:24:56.801708: | get_sa_info esp.edf69ddd@192.1.2.23 Sep 21 07:24:56.801726: | get_sa_info esp.e441f18e@192.1.2.45 Sep 21 07:24:56.801751: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:56.801761: | spent 0.399 milliseconds in whack Sep 21 07:24:58.254870: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:58.254893: shutting down Sep 21 07:24:58.254902: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:24:58.254907: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:24:58.254913: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:58.254915: forgetting secrets Sep 21 07:24:58.254919: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:58.254924: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:24:58.254928: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:58.254931: | pass 0 Sep 21 07:24:58.254933: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:58.254936: | state #2 Sep 21 07:24:58.254940: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:58.254947: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:58.254954: | pstats #2 ikev2.child deleted completed Sep 21 07:24:58.254959: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Sep 21 07:24:58.254964: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_R) aged 3.553s and sending notification Sep 21 07:24:58.254968: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:24:58.254974: | get_sa_info esp.e441f18e@192.1.2.45 Sep 21 07:24:58.254990: | get_sa_info esp.edf69ddd@192.1.2.23 Sep 21 07:24:58.254999: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Sep 21 07:24:58.255003: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:24:58.255006: | Opening output PBS informational exchange delete request Sep 21 07:24:58.255009: | **emit ISAKMP Message: Sep 21 07:24:58.255012: | initiator cookie: Sep 21 07:24:58.255015: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:58.255018: | responder cookie: Sep 21 07:24:58.255020: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.255023: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:58.255026: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.255029: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:24:58.255032: | flags: none (0x0) Sep 21 07:24:58.255035: | Message ID: 0 (0x0) Sep 21 07:24:58.255038: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:58.255042: | ***emit IKEv2 Encryption Payload: Sep 21 07:24:58.255045: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.255047: | flags: none (0x0) Sep 21 07:24:58.255050: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:24:58.255053: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:24:58.255057: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:24:58.255065: | ****emit IKEv2 Delete Payload: Sep 21 07:24:58.255068: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.255070: | flags: none (0x0) Sep 21 07:24:58.255073: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:24:58.255075: | SPI size: 4 (0x4) Sep 21 07:24:58.255078: | number of SPIs: 1 (0x1) Sep 21 07:24:58.255081: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:24:58.255083: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:24:58.255087: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:24:58.255089: | local spis ed f6 9d dd Sep 21 07:24:58.255091: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:24:58.255094: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:24:58.255097: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:24:58.255100: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:24:58.255103: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:24:58.255105: | emitting length of ISAKMP Message: 69 Sep 21 07:24:58.255131: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Sep 21 07:24:58.255134: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.255137: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:24:58.255139: | 39 f7 bf dd 3d b8 1a 73 26 7c d5 ba 3b 86 ec f3 Sep 21 07:24:58.255142: | 14 89 d7 f6 dd 59 4f a7 a0 46 88 81 83 af f1 a7 Sep 21 07:24:58.255144: | bd ed 3a 03 fe Sep 21 07:24:58.255187: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:24:58.255193: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:24:58.255198: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:24:58.255202: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:24:58.255207: | libevent_free: release ptr-libevent@0x56524dde36a0 Sep 21 07:24:58.255210: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f7884002b20 Sep 21 07:24:58.256001: | running updown command "ipsec _updown" for verb down Sep 21 07:24:58.256010: | command executing down-client Sep 21 07:24:58.256038: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050694' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Sep 21 07:24:58.256042: | popen cmd is 1057 chars long Sep 21 07:24:58.256045: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:24:58.256047: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.: Sep 21 07:24:58.256050: | cmd( 160):1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Sep 21 07:24:58.256053: | cmd( 240):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Sep 21 07:24:58.256055: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO: Sep 21 07:24:58.256058: | cmd( 400):_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1: Sep 21 07:24:58.256060: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:24:58.256063: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050694' PLUTO_CO: Sep 21 07:24:58.256065: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Sep 21 07:24:58.256067: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Sep 21 07:24:58.256070: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Sep 21 07:24:58.256073: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Sep 21 07:24:58.256075: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe441f18e SPI_OUT=0xedf69ddd i: Sep 21 07:24:58.256077: | cmd(1040):psec _updown 2>&1: Sep 21 07:24:58.270478: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Sep 21 07:24:58.270498: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Sep 21 07:24:58.270502: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.270506: | IPsec Sa SPD priority set to 1042407 Sep 21 07:24:58.270551: | delete esp.e441f18e@192.1.2.45 Sep 21 07:24:58.270696: | netlink response for Del SA esp.e441f18e@192.1.2.45 included non-error error Sep 21 07:24:58.270756: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.270769: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:24:58.270912: | raw_eroute result=success Sep 21 07:24:58.270921: | delete esp.edf69ddd@192.1.2.23 Sep 21 07:24:58.271001: | netlink response for Del SA esp.edf69ddd@192.1.2.23 included non-error error Sep 21 07:24:58.271012: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:24:58.271015: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:24:58.271018: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:58.271021: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Sep 21 07:24:58.271026: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:24:58.271032: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Sep 21 07:24:58.271038: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:24:58.271041: | state #1 Sep 21 07:24:58.271044: | pass 1 Sep 21 07:24:58.271047: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:58.271049: | state #1 Sep 21 07:24:58.271054: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:58.271057: | pstats #1 ikev2.ike deleted completed Sep 21 07:24:58.271062: | #1 spent 6.93 milliseconds in total Sep 21 07:24:58.271067: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Sep 21 07:24:58.271071: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_PARENT_R2) aged 3.576s and sending notification Sep 21 07:24:58.271074: | parent state #1: PARENT_R2(established IKE SA) => delete Sep 21 07:24:58.271140: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:24:58.271144: | Opening output PBS informational exchange delete request Sep 21 07:24:58.271147: | **emit ISAKMP Message: Sep 21 07:24:58.271150: | initiator cookie: Sep 21 07:24:58.271153: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:58.271155: | responder cookie: Sep 21 07:24:58.271158: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.271161: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:58.271163: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.271166: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:24:58.271169: | flags: none (0x0) Sep 21 07:24:58.271172: | Message ID: 1 (0x1) Sep 21 07:24:58.271175: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:58.271178: | ***emit IKEv2 Encryption Payload: Sep 21 07:24:58.271181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.271183: | flags: none (0x0) Sep 21 07:24:58.271187: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:24:58.271189: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:24:58.271193: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:24:58.271202: | ****emit IKEv2 Delete Payload: Sep 21 07:24:58.271205: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.271207: | flags: none (0x0) Sep 21 07:24:58.271210: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:24:58.271213: | SPI size: 0 (0x0) Sep 21 07:24:58.271215: | number of SPIs: 0 (0x0) Sep 21 07:24:58.271218: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:24:58.271221: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:24:58.271224: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:24:58.271229: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:24:58.271232: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:24:58.271236: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:24:58.271238: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:24:58.271241: | emitting length of ISAKMP Message: 65 Sep 21 07:24:58.271263: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:24:58.271266: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.271269: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:24:58.271271: | 68 15 66 e9 3e d4 ad ff f9 2c b7 c6 5d 70 eb 39 Sep 21 07:24:58.271273: | 30 57 ed 1a 73 51 63 3e 1f 90 30 bf 5e 9e 5e ee Sep 21 07:24:58.271276: | 55 Sep 21 07:24:58.271313: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:24:58.271317: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:24:58.271322: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Sep 21 07:24:58.271327: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Sep 21 07:24:58.271330: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:24:58.271335: | libevent_free: release ptr-libevent@0x56524ddde850 Sep 21 07:24:58.271338: | free_event_entry: release EVENT_SA_REKEY-pe@0x56524dddc610 Sep 21 07:24:58.271341: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:24:58.271344: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:58.271347: | State DB: deleting IKEv2 state #1 in PARENT_R2 Sep 21 07:24:58.271350: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:24:58.271368: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Sep 21 07:24:58.271382: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:24:58.271388: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Sep 21 07:24:58.271394: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Sep 21 07:24:58.271397: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.271424: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.271434: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:24:58.271438: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:24:58.271441: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:24:58.271444: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Sep 21 07:24:58.271447: | running updown command "ipsec _updown" for verb unroute Sep 21 07:24:58.271450: | command executing unroute-client Sep 21 07:24:58.271477: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Sep 21 07:24:58.271483: | popen cmd is 1038 chars long Sep 21 07:24:58.271486: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:24:58.271489: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Sep 21 07:24:58.271491: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:24:58.271494: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:24:58.271497: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' P: Sep 21 07:24:58.271499: | cmd( 400):LUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192: Sep 21 07:24:58.271502: | cmd( 480):.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Sep 21 07:24:58.271505: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Sep 21 07:24:58.271507: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Sep 21 07:24:58.271510: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:24:58.271513: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:24:58.271515: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:24:58.271518: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:24:58.286371: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286384: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286387: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286389: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286392: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286395: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286397: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286400: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286402: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286404: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286407: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286409: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286411: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286413: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286416: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286418: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286420: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286422: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286425: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286427: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286429: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286432: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286434: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286436: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286438: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286444: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286446: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.286449: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287589: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287639: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287671: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287705: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287734: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287768: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287826: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287835: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287837: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287850: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287863: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287878: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287889: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287904: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287922: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287935: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287948: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287961: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287975: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.287988: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288001: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288017: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288030: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288044: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288058: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288071: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288084: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288097: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288111: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288124: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288137: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288150: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288163: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288177: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288190: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288203: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288217: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288230: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288245: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288258: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288270: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288283: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288296: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288310: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288324: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288337: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288350: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288363: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288377: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288390: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288403: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288418: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288431: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288445: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288458: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288471: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288484: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288497: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288512: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288525: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288538: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288551: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288564: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288578: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288592: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288605: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288619: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288632: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288646: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288659: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288673: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288686: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288699: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288713: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288726: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288739: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288752: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288770: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288789: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.288802: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:58.373367: | free hp@0x56524dda59b0 Sep 21 07:24:58.373378: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' wasn't on the list Sep 21 07:24:58.373382: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:58.373390: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:24:58.373392: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:24:58.373404: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:24:58.373408: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:24:58.373411: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:24:58.373414: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:24:58.373417: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:24:58.373420: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:24:58.373424: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:24:58.373432: | libevent_free: release ptr-libevent@0x56524ddd9020 Sep 21 07:24:58.373439: | free_event_entry: release EVENT_NULL-pe@0x56524ddc2220 Sep 21 07:24:58.373448: | libevent_free: release ptr-libevent@0x56524ddd9110 Sep 21 07:24:58.373451: | free_event_entry: release EVENT_NULL-pe@0x56524ddd90d0 Sep 21 07:24:58.373457: | libevent_free: release ptr-libevent@0x56524ddd9200 Sep 21 07:24:58.373460: | free_event_entry: release EVENT_NULL-pe@0x56524ddd91c0 Sep 21 07:24:58.373466: | libevent_free: release ptr-libevent@0x56524ddd92f0 Sep 21 07:24:58.373468: | free_event_entry: release EVENT_NULL-pe@0x56524ddd92b0 Sep 21 07:24:58.373474: | libevent_free: release ptr-libevent@0x56524ddd93e0 Sep 21 07:24:58.373477: | free_event_entry: release EVENT_NULL-pe@0x56524ddd93a0 Sep 21 07:24:58.373483: | libevent_free: release ptr-libevent@0x56524ddd94d0 Sep 21 07:24:58.373486: | free_event_entry: release EVENT_NULL-pe@0x56524ddd9490 Sep 21 07:24:58.373491: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:58.374535: | libevent_free: release ptr-libevent@0x56524ddd8980 Sep 21 07:24:58.374545: | free_event_entry: release EVENT_NULL-pe@0x56524ddc14a0 Sep 21 07:24:58.374550: | libevent_free: release ptr-libevent@0x56524ddce410 Sep 21 07:24:58.374553: | free_event_entry: release EVENT_NULL-pe@0x56524ddc1750 Sep 21 07:24:58.374556: | libevent_free: release ptr-libevent@0x56524ddce380 Sep 21 07:24:58.374559: | free_event_entry: release EVENT_NULL-pe@0x56524ddc6eb0 Sep 21 07:24:58.374562: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:24:58.374565: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:24:58.374567: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:24:58.374570: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:24:58.374572: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:24:58.374575: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:24:58.374577: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:24:58.374579: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:24:58.374582: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:24:58.374587: | libevent_free: release ptr-libevent@0x56524ddd8a50 Sep 21 07:24:58.374589: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:24:58.374592: | libevent_free: release ptr-libevent@0x56524ddd8b30 Sep 21 07:24:58.374595: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:24:58.374598: | libevent_free: release ptr-libevent@0x56524ddd8bf0 Sep 21 07:24:58.374600: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:24:58.374604: | libevent_free: release ptr-libevent@0x56524ddcd680 Sep 21 07:24:58.374606: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:24:58.374608: | releasing event base Sep 21 07:24:58.374621: | libevent_free: release ptr-libevent@0x56524ddd8cb0 Sep 21 07:24:58.374624: | libevent_free: release ptr-libevent@0x56524ddae1f0 Sep 21 07:24:58.374627: | libevent_free: release ptr-libevent@0x56524ddbca30 Sep 21 07:24:58.374630: | libevent_free: release ptr-libevent@0x56524ddbcb00 Sep 21 07:24:58.374632: | libevent_free: release ptr-libevent@0x56524ddbca50 Sep 21 07:24:58.374635: | libevent_free: release ptr-libevent@0x56524ddd8a10 Sep 21 07:24:58.374637: | libevent_free: release ptr-libevent@0x56524ddd8af0 Sep 21 07:24:58.374640: | libevent_free: release ptr-libevent@0x56524ddbcae0 Sep 21 07:24:58.374642: | libevent_free: release ptr-libevent@0x56524ddbcc40 Sep 21 07:24:58.374645: | libevent_free: release ptr-libevent@0x56524ddc16a0 Sep 21 07:24:58.374647: | libevent_free: release ptr-libevent@0x56524ddd9560 Sep 21 07:24:58.374649: | libevent_free: release ptr-libevent@0x56524ddd9470 Sep 21 07:24:58.374652: | libevent_free: release ptr-libevent@0x56524ddd9380 Sep 21 07:24:58.374654: | libevent_free: release ptr-libevent@0x56524ddd9290 Sep 21 07:24:58.374657: | libevent_free: release ptr-libevent@0x56524ddd91a0 Sep 21 07:24:58.374659: | libevent_free: release ptr-libevent@0x56524ddd90b0 Sep 21 07:24:58.374662: | libevent_free: release ptr-libevent@0x56524dd40370 Sep 21 07:24:58.374669: | libevent_free: release ptr-libevent@0x56524ddd8bd0 Sep 21 07:24:58.374671: | libevent_free: release ptr-libevent@0x56524ddd8b10 Sep 21 07:24:58.374674: | libevent_free: release ptr-libevent@0x56524ddd8a30 Sep 21 07:24:58.374676: | libevent_free: release ptr-libevent@0x56524ddd8c90 Sep 21 07:24:58.374679: | libevent_free: release ptr-libevent@0x56524dd3e5b0 Sep 21 07:24:58.374681: | libevent_free: release ptr-libevent@0x56524ddbca70 Sep 21 07:24:58.374684: | libevent_free: release ptr-libevent@0x56524ddbcaa0 Sep 21 07:24:58.374686: | libevent_free: release ptr-libevent@0x56524ddbc790 Sep 21 07:24:58.374689: | releasing global libevent data Sep 21 07:24:58.374692: | libevent_free: release ptr-libevent@0x56524ddbb480 Sep 21 07:24:58.374695: | libevent_free: release ptr-libevent@0x56524ddbc730 Sep 21 07:24:58.374697: | libevent_free: release ptr-libevent@0x56524ddbc760