Sep 21 07:24:54.218201: FIPS Product: YES Sep 21 07:24:54.218247: FIPS Kernel: NO Sep 21 07:24:54.218250: FIPS Mode: NO Sep 21 07:24:54.218253: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:24:54.218442: Initializing NSS Sep 21 07:24:54.218447: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:24:54.279162: NSS initialized Sep 21 07:24:54.279182: NSS crypto library initialized Sep 21 07:24:54.279185: FIPS HMAC integrity support [enabled] Sep 21 07:24:54.279187: FIPS mode disabled for pluto daemon Sep 21 07:24:54.351808: FIPS HMAC integrity verification self-test FAILED Sep 21 07:24:54.351921: libcap-ng support [enabled] Sep 21 07:24:54.351931: Linux audit support [enabled] Sep 21 07:24:54.351961: Linux audit activated Sep 21 07:24:54.351974: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9819 Sep 21 07:24:54.351978: core dump dir: /tmp Sep 21 07:24:54.351980: secrets file: /etc/ipsec.secrets Sep 21 07:24:54.351982: leak-detective disabled Sep 21 07:24:54.351984: NSS crypto [enabled] Sep 21 07:24:54.351986: XAUTH PAM support [enabled] Sep 21 07:24:54.352062: | libevent is using pluto's memory allocator Sep 21 07:24:54.352069: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:24:54.352084: | libevent_malloc: new ptr-libevent@0x55ac141da480 size 40 Sep 21 07:24:54.352093: | libevent_malloc: new ptr-libevent@0x55ac141da4b0 size 40 Sep 21 07:24:54.352096: | libevent_malloc: new ptr-libevent@0x55ac141db7a0 size 40 Sep 21 07:24:54.352098: | creating event base Sep 21 07:24:54.352101: | libevent_malloc: new ptr-libevent@0x55ac141db760 size 56 Sep 21 07:24:54.352104: | libevent_malloc: new ptr-libevent@0x55ac141db7d0 size 664 Sep 21 07:24:54.352115: | libevent_malloc: new ptr-libevent@0x55ac141dba70 size 24 Sep 21 07:24:54.352119: | libevent_malloc: new ptr-libevent@0x55ac141cd1d0 size 384 Sep 21 07:24:54.352129: | libevent_malloc: new ptr-libevent@0x55ac141dba90 size 16 Sep 21 07:24:54.352132: | libevent_malloc: new ptr-libevent@0x55ac141dbab0 size 40 Sep 21 07:24:54.352134: | libevent_malloc: new ptr-libevent@0x55ac141dbae0 size 48 Sep 21 07:24:54.352142: | libevent_realloc: new ptr-libevent@0x55ac1415f370 size 256 Sep 21 07:24:54.352145: | libevent_malloc: new ptr-libevent@0x55ac141dbb20 size 16 Sep 21 07:24:54.352152: | libevent_free: release ptr-libevent@0x55ac141db760 Sep 21 07:24:54.352156: | libevent initialized Sep 21 07:24:54.352159: | libevent_realloc: new ptr-libevent@0x55ac141dbb40 size 64 Sep 21 07:24:54.352167: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:24:54.352181: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:24:54.352183: NAT-Traversal support [enabled] Sep 21 07:24:54.352186: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:24:54.352192: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:24:54.352195: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:24:54.352229: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:24:54.352233: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:24:54.352236: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:24:54.352285: Encryption algorithms: Sep 21 07:24:54.352296: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:24:54.352300: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:24:54.352303: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:24:54.352306: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:24:54.352310: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:24:54.352321: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:24:54.352325: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:24:54.352328: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:24:54.352332: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:24:54.352335: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:24:54.352339: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:24:54.352343: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:24:54.352346: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:24:54.352349: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:24:54.352353: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:24:54.352356: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:24:54.352359: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:24:54.352367: Hash algorithms: Sep 21 07:24:54.352369: MD5 IKEv1: IKE IKEv2: Sep 21 07:24:54.352373: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:24:54.352376: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:24:54.352378: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:24:54.352381: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:24:54.352396: PRF algorithms: Sep 21 07:24:54.352399: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:24:54.352403: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:24:54.352406: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:24:54.352410: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:24:54.352413: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:24:54.352416: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:24:54.352442: Integrity algorithms: Sep 21 07:24:54.352446: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:24:54.352450: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:24:54.352454: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:24:54.352458: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:24:54.352463: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:24:54.352465: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:24:54.352469: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:24:54.352472: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:24:54.352475: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:24:54.352488: DH algorithms: Sep 21 07:24:54.352492: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:24:54.352495: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:24:54.352497: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:24:54.352503: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:24:54.352506: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:24:54.352509: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:24:54.352512: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:24:54.352515: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:24:54.352518: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:24:54.352522: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:24:54.352524: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:24:54.352528: testing CAMELLIA_CBC: Sep 21 07:24:54.352530: Camellia: 16 bytes with 128-bit key Sep 21 07:24:54.352657: Camellia: 16 bytes with 128-bit key Sep 21 07:24:54.352691: Camellia: 16 bytes with 256-bit key Sep 21 07:24:54.352723: Camellia: 16 bytes with 256-bit key Sep 21 07:24:54.352752: testing AES_GCM_16: Sep 21 07:24:54.352756: empty string Sep 21 07:24:54.352789: one block Sep 21 07:24:54.352819: two blocks Sep 21 07:24:54.352849: two blocks with associated data Sep 21 07:24:54.352877: testing AES_CTR: Sep 21 07:24:54.352883: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:24:54.354630: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:24:54.355345: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:24:54.355392: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:24:54.355428: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:24:54.355462: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:24:54.355499: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:24:54.355530: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:24:54.355562: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:24:54.355596: testing AES_CBC: Sep 21 07:24:54.355600: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:24:54.355632: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:24:54.355667: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:24:54.355703: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:24:54.355747: testing AES_XCBC: Sep 21 07:24:54.355750: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:24:54.355891: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:24:54.356033: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:24:54.356163: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:24:54.356293: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:24:54.356424: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:24:54.356563: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:24:54.356877: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:24:54.357015: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:24:54.357156: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:24:54.357406: testing HMAC_MD5: Sep 21 07:24:54.357410: RFC 2104: MD5_HMAC test 1 Sep 21 07:24:54.357594: RFC 2104: MD5_HMAC test 2 Sep 21 07:24:54.357756: RFC 2104: MD5_HMAC test 3 Sep 21 07:24:54.357951: 8 CPU cores online Sep 21 07:24:54.357958: starting up 7 crypto helpers Sep 21 07:24:54.357998: started thread for crypto helper 0 Sep 21 07:24:54.358020: started thread for crypto helper 1 Sep 21 07:24:54.358039: started thread for crypto helper 2 Sep 21 07:24:54.358059: started thread for crypto helper 3 Sep 21 07:24:54.358080: started thread for crypto helper 4 Sep 21 07:24:54.358100: started thread for crypto helper 5 Sep 21 07:24:54.358124: started thread for crypto helper 6 Sep 21 07:24:54.358132: | checking IKEv1 state table Sep 21 07:24:54.358140: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:54.358143: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:24:54.358147: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:54.358149: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:24:54.358153: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:24:54.358155: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:24:54.358158: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:54.358161: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:54.358164: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:24:54.358167: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:24:54.358169: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:54.358172: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:24:54.358175: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:24:54.358178: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:54.358180: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:54.358183: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:24:54.358186: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:24:54.358189: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:54.358192: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:54.358194: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:24:54.358197: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:24:54.358200: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358203: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:24:54.358206: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358209: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:54.358212: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:24:54.358215: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:54.358218: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:24:54.358220: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:24:54.358224: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:24:54.358226: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:24:54.358229: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:24:54.358232: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:24:54.358235: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358238: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:24:54.358241: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358244: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:24:54.358247: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:24:54.358250: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:24:54.358253: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:24:54.358256: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:24:54.358259: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:24:54.358262: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:24:54.358906: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358919: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:24:54.358922: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358926: | INFO: category: informational flags: 0: Sep 21 07:24:54.358928: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358931: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:24:54.358934: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358937: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:24:54.358940: | -> XAUTH_R1 EVENT_NULL Sep 21 07:24:54.358943: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:24:54.358946: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:24:54.358949: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:24:54.358952: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:24:54.358955: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:24:54.358958: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:24:54.358961: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:24:54.358964: | -> UNDEFINED EVENT_NULL Sep 21 07:24:54.358967: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:24:54.358974: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:24:54.358977: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:24:54.358980: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:24:54.358983: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:24:54.358986: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:24:54.358993: | checking IKEv2 state table Sep 21 07:24:54.359000: | PARENT_I0: category: ignore flags: 0: Sep 21 07:24:54.359003: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:24:54.359007: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:24:54.359010: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:24:54.359014: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:24:54.359017: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:24:54.359021: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:24:54.359025: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:24:54.359028: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:24:54.359031: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:24:54.359034: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:24:54.359038: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:24:54.359041: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:24:54.359044: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:24:54.359047: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:24:54.359050: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:24:54.359054: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:24:54.359057: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:24:54.359060: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:24:54.359064: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:24:54.359067: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:24:54.359070: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:24:54.359074: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:24:54.359077: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:24:54.359080: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:24:54.359083: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:24:54.359086: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:24:54.359090: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:24:54.359093: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:24:54.359097: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:24:54.359100: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:24:54.359104: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:24:54.359107: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:24:54.359111: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:24:54.359114: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:24:54.359118: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:24:54.359121: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:24:54.359125: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:24:54.359129: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:24:54.359134: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:24:54.359138: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:24:54.359141: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:24:54.359145: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:24:54.359149: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:24:54.359152: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:24:54.359155: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:24:54.359159: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:24:54.359252: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:24:54.359266: | starting up helper thread 2 Sep 21 07:24:54.359283: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:24:54.359287: | crypto helper 2 waiting (nothing to do) Sep 21 07:24:54.359295: | starting up helper thread 3 Sep 21 07:24:54.359301: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:24:54.359303: | crypto helper 3 waiting (nothing to do) Sep 21 07:24:54.359307: | Hard-wiring algorithms Sep 21 07:24:54.359311: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:24:54.359316: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:24:54.359318: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:24:54.359321: | adding 3DES_CBC to kernel algorithm db Sep 21 07:24:54.359324: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:24:54.359327: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:24:54.359330: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:24:54.359333: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:24:54.359335: | adding AES_CTR to kernel algorithm db Sep 21 07:24:54.359338: | adding AES_CBC to kernel algorithm db Sep 21 07:24:54.359341: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:24:54.359344: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:24:54.359347: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:24:54.359350: | adding NULL to kernel algorithm db Sep 21 07:24:54.359353: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:24:54.359356: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:24:54.359359: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:24:54.359362: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:24:54.359365: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:24:54.359368: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:24:54.359371: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:24:54.359373: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:24:54.359376: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:24:54.359379: | adding NONE to kernel algorithm db Sep 21 07:24:54.359560: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:24:54.359569: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:24:54.359572: | setup kernel fd callback Sep 21 07:24:54.359576: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55ac141e5ef0 Sep 21 07:24:54.359580: | libevent_malloc: new ptr-libevent@0x55ac141ed3c0 size 128 Sep 21 07:24:54.359584: | libevent_malloc: new ptr-libevent@0x55ac141dbc80 size 16 Sep 21 07:24:54.359591: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55ac141e0790 Sep 21 07:24:54.359595: | libevent_malloc: new ptr-libevent@0x55ac141ed450 size 128 Sep 21 07:24:54.359598: | libevent_malloc: new ptr-libevent@0x55ac141e06e0 size 16 Sep 21 07:24:54.359923: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:24:54.359935: selinux support is enabled. Sep 21 07:24:54.360020: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:24:54.360276: | starting up helper thread 0 Sep 21 07:24:54.360288: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:24:54.360295: | crypto helper 0 waiting (nothing to do) Sep 21 07:24:54.360302: | starting up helper thread 1 Sep 21 07:24:54.360305: | unbound context created - setting debug level to 5 Sep 21 07:24:54.360312: | starting up helper thread 6 Sep 21 07:24:54.360318: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:24:54.360320: | crypto helper 6 waiting (nothing to do) Sep 21 07:24:54.360308: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:24:54.360326: | crypto helper 1 waiting (nothing to do) Sep 21 07:24:54.360346: | /etc/hosts lookups activated Sep 21 07:24:54.360361: | /etc/resolv.conf usage activated Sep 21 07:24:54.362355: | outgoing-port-avoid set 0-65535 Sep 21 07:24:54.362390: | outgoing-port-permit set 32768-60999 Sep 21 07:24:54.362394: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:24:54.362398: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:24:54.362402: | Setting up events, loop start Sep 21 07:24:54.362405: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55ac141e04e0 Sep 21 07:24:54.362409: | libevent_malloc: new ptr-libevent@0x55ac141f79c0 size 128 Sep 21 07:24:54.362414: | libevent_malloc: new ptr-libevent@0x55ac141f7a50 size 16 Sep 21 07:24:54.362424: | libevent_realloc: new ptr-libevent@0x55ac1415d5b0 size 256 Sep 21 07:24:54.362427: | libevent_malloc: new ptr-libevent@0x55ac141f7a70 size 8 Sep 21 07:24:54.362430: | libevent_realloc: new ptr-libevent@0x55ac141ec6c0 size 144 Sep 21 07:24:54.362433: | libevent_malloc: new ptr-libevent@0x55ac141f7a90 size 152 Sep 21 07:24:54.362436: | libevent_malloc: new ptr-libevent@0x55ac141f7b30 size 16 Sep 21 07:24:54.362440: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:24:54.362443: | libevent_malloc: new ptr-libevent@0x55ac141f7b50 size 8 Sep 21 07:24:54.362445: | libevent_malloc: new ptr-libevent@0x55ac141f7b70 size 152 Sep 21 07:24:54.362448: | signal event handler PLUTO_SIGTERM installed Sep 21 07:24:54.362451: | libevent_malloc: new ptr-libevent@0x55ac141f7c10 size 8 Sep 21 07:24:54.362453: | libevent_malloc: new ptr-libevent@0x55ac141f7c30 size 152 Sep 21 07:24:54.362456: | signal event handler PLUTO_SIGHUP installed Sep 21 07:24:54.362459: | libevent_malloc: new ptr-libevent@0x55ac141f7cd0 size 8 Sep 21 07:24:54.362461: | libevent_realloc: release ptr-libevent@0x55ac141ec6c0 Sep 21 07:24:54.362464: | libevent_realloc: new ptr-libevent@0x55ac141f7cf0 size 256 Sep 21 07:24:54.362467: | libevent_malloc: new ptr-libevent@0x55ac141ec6c0 size 152 Sep 21 07:24:54.362469: | signal event handler PLUTO_SIGSYS installed Sep 21 07:24:54.362879: | created addconn helper (pid:10047) using fork+execve Sep 21 07:24:54.362897: | forked child 10047 Sep 21 07:24:54.362943: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:54.362965: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:24:54.362973: listening for IKE messages Sep 21 07:24:54.363030: | Inspecting interface lo Sep 21 07:24:54.363037: | found lo with address 127.0.0.1 Sep 21 07:24:54.363040: | Inspecting interface eth0 Sep 21 07:24:54.363044: | found eth0 with address 192.0.1.254 Sep 21 07:24:54.363046: | Inspecting interface eth1 Sep 21 07:24:54.363050: | found eth1 with address 192.1.2.45 Sep 21 07:24:54.363100: Kernel supports NIC esp-hw-offload Sep 21 07:24:54.363119: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:24:54.363149: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:54.363154: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:54.363158: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:24:54.363192: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:24:54.363221: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:54.363226: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:54.363236: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:24:54.363269: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:24:54.363298: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:24:54.363303: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:24:54.363307: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:24:54.363391: | no interfaces to sort Sep 21 07:24:54.363396: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:54.363406: | add_fd_read_event_handler: new ethX-pe@0x55ac141e1260 Sep 21 07:24:54.363410: | libevent_malloc: new ptr-libevent@0x55ac141f8060 size 128 Sep 21 07:24:54.363413: | libevent_malloc: new ptr-libevent@0x55ac141f80f0 size 16 Sep 21 07:24:54.363423: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:24:54.363426: | add_fd_read_event_handler: new ethX-pe@0x55ac141f8110 Sep 21 07:24:54.363428: | libevent_malloc: new ptr-libevent@0x55ac141f8150 size 128 Sep 21 07:24:54.363431: | libevent_malloc: new ptr-libevent@0x55ac141f81e0 size 16 Sep 21 07:24:54.363436: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:24:54.363438: | add_fd_read_event_handler: new ethX-pe@0x55ac141f8200 Sep 21 07:24:54.363441: | libevent_malloc: new ptr-libevent@0x55ac141f8240 size 128 Sep 21 07:24:54.363444: | libevent_malloc: new ptr-libevent@0x55ac141f82d0 size 16 Sep 21 07:24:54.363449: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:24:54.363451: | add_fd_read_event_handler: new ethX-pe@0x55ac141f82f0 Sep 21 07:24:54.363454: | libevent_malloc: new ptr-libevent@0x55ac141f8330 size 128 Sep 21 07:24:54.363456: | libevent_malloc: new ptr-libevent@0x55ac141f83c0 size 16 Sep 21 07:24:54.363461: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:24:54.363464: | add_fd_read_event_handler: new ethX-pe@0x55ac141f83e0 Sep 21 07:24:54.363466: | libevent_malloc: new ptr-libevent@0x55ac141f8420 size 128 Sep 21 07:24:54.363468: | libevent_malloc: new ptr-libevent@0x55ac141f84b0 size 16 Sep 21 07:24:54.363472: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:24:54.363475: | add_fd_read_event_handler: new ethX-pe@0x55ac141f84d0 Sep 21 07:24:54.363477: | libevent_malloc: new ptr-libevent@0x55ac141f8510 size 128 Sep 21 07:24:54.363480: | libevent_malloc: new ptr-libevent@0x55ac141f85a0 size 16 Sep 21 07:24:54.363484: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:24:54.363490: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:54.363493: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:54.363516: loading secrets from "/etc/ipsec.secrets" Sep 21 07:24:54.363536: | id type added to secret(0x55ac141ed5a0) PKK_PSK: @west Sep 21 07:24:54.363541: | id type added to secret(0x55ac141ed5a0) PKK_PSK: @east Sep 21 07:24:54.363546: | Processing PSK at line 1: passed Sep 21 07:24:54.363548: | certs and keys locked by 'process_secret' Sep 21 07:24:54.363553: | certs and keys unlocked by 'process_secret' Sep 21 07:24:54.363558: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:24:54.363655: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:54.363664: | spent 0.59 milliseconds in whack Sep 21 07:24:54.364835: | starting up helper thread 4 Sep 21 07:24:54.364851: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:24:54.364864: | crypto helper 4 waiting (nothing to do) Sep 21 07:24:54.364865: | starting up helper thread 5 Sep 21 07:24:54.364874: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:24:54.364877: | crypto helper 5 waiting (nothing to do) Sep 21 07:24:54.409434: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:54.409479: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:24:54.409489: listening for IKE messages Sep 21 07:24:54.409531: | Inspecting interface lo Sep 21 07:24:54.409544: | found lo with address 127.0.0.1 Sep 21 07:24:54.409547: | Inspecting interface eth0 Sep 21 07:24:54.409551: | found eth0 with address 192.0.1.254 Sep 21 07:24:54.409553: | Inspecting interface eth1 Sep 21 07:24:54.409556: | found eth1 with address 192.1.2.45 Sep 21 07:24:54.409646: | no interfaces to sort Sep 21 07:24:54.409658: | libevent_free: release ptr-libevent@0x55ac141f8060 Sep 21 07:24:54.409662: | free_event_entry: release EVENT_NULL-pe@0x55ac141e1260 Sep 21 07:24:54.409665: | add_fd_read_event_handler: new ethX-pe@0x55ac141e1260 Sep 21 07:24:54.409668: | libevent_malloc: new ptr-libevent@0x55ac141f8060 size 128 Sep 21 07:24:54.409676: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:24:54.409680: | libevent_free: release ptr-libevent@0x55ac141f8150 Sep 21 07:24:54.409683: | free_event_entry: release EVENT_NULL-pe@0x55ac141f8110 Sep 21 07:24:54.409685: | add_fd_read_event_handler: new ethX-pe@0x55ac141f8110 Sep 21 07:24:54.409687: | libevent_malloc: new ptr-libevent@0x55ac141f8150 size 128 Sep 21 07:24:54.409692: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:24:54.409696: | libevent_free: release ptr-libevent@0x55ac141f8240 Sep 21 07:24:54.409698: | free_event_entry: release EVENT_NULL-pe@0x55ac141f8200 Sep 21 07:24:54.409701: | add_fd_read_event_handler: new ethX-pe@0x55ac141f8200 Sep 21 07:24:54.409703: | libevent_malloc: new ptr-libevent@0x55ac141f8240 size 128 Sep 21 07:24:54.409708: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:24:54.409711: | libevent_free: release ptr-libevent@0x55ac141f8330 Sep 21 07:24:54.409714: | free_event_entry: release EVENT_NULL-pe@0x55ac141f82f0 Sep 21 07:24:54.409716: | add_fd_read_event_handler: new ethX-pe@0x55ac141f82f0 Sep 21 07:24:54.409718: | libevent_malloc: new ptr-libevent@0x55ac141f8330 size 128 Sep 21 07:24:54.409723: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:24:54.409726: | libevent_free: release ptr-libevent@0x55ac141f8420 Sep 21 07:24:54.409729: | free_event_entry: release EVENT_NULL-pe@0x55ac141f83e0 Sep 21 07:24:54.409732: | add_fd_read_event_handler: new ethX-pe@0x55ac141f83e0 Sep 21 07:24:54.409734: | libevent_malloc: new ptr-libevent@0x55ac141f8420 size 128 Sep 21 07:24:54.409739: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:24:54.409743: | libevent_free: release ptr-libevent@0x55ac141f8510 Sep 21 07:24:54.409745: | free_event_entry: release EVENT_NULL-pe@0x55ac141f84d0 Sep 21 07:24:54.409748: | add_fd_read_event_handler: new ethX-pe@0x55ac141f84d0 Sep 21 07:24:54.409750: | libevent_malloc: new ptr-libevent@0x55ac141f8510 size 128 Sep 21 07:24:54.409755: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:24:54.409758: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:54.409760: forgetting secrets Sep 21 07:24:54.409767: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:54.409782: loading secrets from "/etc/ipsec.secrets" Sep 21 07:24:54.409803: | id type added to secret(0x55ac141ed5a0) PKK_PSK: @west Sep 21 07:24:54.409807: | id type added to secret(0x55ac141ed5a0) PKK_PSK: @east Sep 21 07:24:54.409811: | Processing PSK at line 1: passed Sep 21 07:24:54.409814: | certs and keys locked by 'process_secret' Sep 21 07:24:54.409816: | certs and keys unlocked by 'process_secret' Sep 21 07:24:54.409822: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:24:54.409829: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:54.409836: | spent 0.4 milliseconds in whack Sep 21 07:24:54.412945: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.412967: | waitpid returned pid 10047 (exited with status 0) Sep 21 07:24:54.412972: | reaped addconn helper child (status 0) Sep 21 07:24:54.412979: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.412986: | spent 0.0218 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:54.477167: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:54.477195: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:54.477200: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:54.477203: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:54.477205: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:24:54.477209: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:54.477217: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:54.477273: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:24:54.477280: | from whack: got --esp= Sep 21 07:24:54.477318: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:24:54.477324: | counting wild cards for @west is 0 Sep 21 07:24:54.477328: | counting wild cards for @east is 0 Sep 21 07:24:54.477339: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:24:54.477343: | new hp@0x55ac141c49c0 Sep 21 07:24:54.477348: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:54.477361: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:24:54.477373: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:24:54.477381: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:54.477388: | spent 0.23 milliseconds in whack Sep 21 07:24:54.547998: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:54.548220: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:54.548227: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:54.548303: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:54.548316: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:54.548324: | spent 0.335 milliseconds in whack Sep 21 07:24:54.691621: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:54.691647: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:24:54.691652: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:54.691657: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:24:54.691659: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:24:54.691661: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:24:54.691663: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:24:54.691681: | creating state object #1 at 0x55ac141f9dd0 Sep 21 07:24:54.691683: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:24:54.691689: | pstats #1 ikev2.ike started Sep 21 07:24:54.691691: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:24:54.691694: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:24:54.691697: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:24:54.691703: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:24:54.691707: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:24:54.691718: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:24:54.691722: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:54.691726: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Sep 21 07:24:54.691740: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Sep 21 07:24:54.691748: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.691757: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.691761: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.691765: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.691768: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.691771: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.691773: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:24:54.691776: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.691788: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.691803: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:24:54.691808: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ac141fc460 Sep 21 07:24:54.691812: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:24:54.691815: | libevent_malloc: new ptr-libevent@0x55ac141fc4a0 size 128 Sep 21 07:24:54.691830: | #1 spent 0.165 milliseconds in ikev2_parent_outI1() Sep 21 07:24:54.691830: | crypto helper 2 resuming Sep 21 07:24:54.691843: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:24:54.691847: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:24:54.691835: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:24:54.692013: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:24:54.692017: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:24:54.692020: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:24:54.692024: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:24:54.692027: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:54.692031: | spent 0.249 milliseconds in whack Sep 21 07:24:54.692510: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000663 seconds Sep 21 07:24:54.692517: | (#1) spent 0.669 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:24:54.692519: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:24:54.692521: | scheduling resume sending helper answer for #1 Sep 21 07:24:54.692523: | libevent_malloc: new ptr-libevent@0x7f58b4006900 size 128 Sep 21 07:24:54.692530: | crypto helper 2 waiting (nothing to do) Sep 21 07:24:54.692536: | processing resume sending helper answer for #1 Sep 21 07:24:54.692542: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:24:54.692545: | crypto helper 2 replies to request ID 1 Sep 21 07:24:54.692546: | calling continuation function 0x55ac12d43630 Sep 21 07:24:54.692548: | ikev2_parent_outI1_continue for #1 Sep 21 07:24:54.692573: | **emit ISAKMP Message: Sep 21 07:24:54.692575: | initiator cookie: Sep 21 07:24:54.692576: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.692578: | responder cookie: Sep 21 07:24:54.692579: | 00 00 00 00 00 00 00 00 Sep 21 07:24:54.692581: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:54.692583: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.692585: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:24:54.692587: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:24:54.692588: | Message ID: 0 (0x0) Sep 21 07:24:54.692590: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:54.692600: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.692603: | Emitting ikev2_proposals ... Sep 21 07:24:54.692604: | ***emit IKEv2 Security Association Payload: Sep 21 07:24:54.692606: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.692608: | flags: none (0x0) Sep 21 07:24:54.692610: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:24:54.692612: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.692614: | discarding INTEG=NONE Sep 21 07:24:54.692615: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.692617: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.692618: | prop #: 1 (0x1) Sep 21 07:24:54.692620: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.692621: | spi size: 0 (0x0) Sep 21 07:24:54.692623: | # transforms: 11 (0xb) Sep 21 07:24:54.692625: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.692626: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692630: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.692631: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.692633: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692635: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.692639: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.692640: | length/value: 256 (0x100) Sep 21 07:24:54.692642: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.692644: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692647: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.692648: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.692650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692653: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692655: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692656: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692658: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.692659: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.692661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692664: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692666: | discarding INTEG=NONE Sep 21 07:24:54.692667: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692672: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.692673: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692677: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692678: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692680: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692681: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692683: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.692684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692686: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692688: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692689: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692692: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692693: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.692695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692698: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692700: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692703: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692704: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.692707: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692710: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692712: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692715: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692716: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.692718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692721: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692723: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692726: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692727: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.692729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692732: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692733: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692735: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692738: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.692739: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692743: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692744: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692746: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.692747: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692748: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.692750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692753: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692755: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:24:54.692757: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.692758: | discarding INTEG=NONE Sep 21 07:24:54.692760: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.692761: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.692763: | prop #: 2 (0x2) Sep 21 07:24:54.692764: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.692766: | spi size: 0 (0x0) Sep 21 07:24:54.692767: | # transforms: 11 (0xb) Sep 21 07:24:54.692769: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.692772: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.692774: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692777: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.692778: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.692780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692781: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.692791: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.692795: | length/value: 128 (0x80) Sep 21 07:24:54.692796: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.692798: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692801: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.692802: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.692804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692807: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692809: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692812: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.692813: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.692815: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692817: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692818: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692820: | discarding INTEG=NONE Sep 21 07:24:54.692821: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692824: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692825: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.692827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692830: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692832: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692836: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.692838: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692841: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692843: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692847: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.692849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692853: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692855: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692857: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692859: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.692861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692864: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692865: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692868: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692870: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.692871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692875: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692876: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692880: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.692882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692885: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692887: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692888: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692890: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692891: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.692893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692896: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692898: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692899: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.692900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692902: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.692904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692907: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692909: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:24:54.692910: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.692915: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.692916: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.692917: | prop #: 3 (0x3) Sep 21 07:24:54.692919: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.692920: | spi size: 0 (0x0) Sep 21 07:24:54.692922: | # transforms: 13 (0xd) Sep 21 07:24:54.692924: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.692925: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.692927: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692930: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.692931: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.692933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692935: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.692936: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.692937: | length/value: 256 (0x100) Sep 21 07:24:54.692939: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.692940: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692942: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692943: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.692945: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.692947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692950: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692951: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692954: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.692956: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.692957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692961: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692962: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692965: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.692966: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.692968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692971: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692973: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692976: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.692977: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.692979: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692983: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692984: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692986: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692989: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.692990: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.692992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.692995: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.692996: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.692998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.692999: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693001: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.693002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693006: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693007: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693010: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693011: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.693013: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693016: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693018: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693019: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693021: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693022: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.693024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693027: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693029: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693030: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693033: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.693035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693038: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693039: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693042: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693044: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.693046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693048: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693049: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693051: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693054: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693055: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.693057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693060: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693062: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693063: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.693065: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693066: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.693068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693071: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693072: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:24:54.693074: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.693076: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.693077: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.693079: | prop #: 4 (0x4) Sep 21 07:24:54.693080: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.693081: | spi size: 0 (0x0) Sep 21 07:24:54.693083: | # transforms: 13 (0xd) Sep 21 07:24:54.693085: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.693086: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.693088: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693091: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.693092: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.693094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693095: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.693097: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.693098: | length/value: 128 (0x80) Sep 21 07:24:54.693100: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.693101: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693103: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693104: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.693106: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.693107: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693112: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693113: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693116: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.693117: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:54.693119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693121: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693122: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693124: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693127: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.693128: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.693130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693133: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693135: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693138: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.693139: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.693141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693144: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693146: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693148: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693150: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.693152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693153: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693155: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693156: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693159: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693161: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:54.693162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693165: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693167: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693170: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693171: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:54.693173: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693176: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693177: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693179: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693182: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693183: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:54.693185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693188: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693189: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693192: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693194: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:54.693195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693199: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693200: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693203: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693204: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:54.693206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693209: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693211: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693212: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693215: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:54.693217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693220: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693221: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.693223: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.693224: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.693226: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:54.693228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.693229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.693231: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.693232: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:24:54.693234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.693236: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:24:54.693238: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:24:54.693239: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:24:54.693241: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.693243: | flags: none (0x0) Sep 21 07:24:54.693244: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.693246: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:24:54.693248: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.693250: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:24:54.693252: | ikev2 g^x 10 30 41 28 27 c3 cd 78 59 80 35 72 0e f4 72 4b Sep 21 07:24:54.693253: | ikev2 g^x 03 9a 58 6e 70 46 99 78 95 40 91 bc 69 94 87 dd Sep 21 07:24:54.693255: | ikev2 g^x 85 a8 6f 97 da 58 9c 11 00 31 bb 51 b0 44 88 04 Sep 21 07:24:54.693256: | ikev2 g^x b4 0a 10 dc 18 bd c2 47 bc c5 fb 28 4e 8e 58 9c Sep 21 07:24:54.693257: | ikev2 g^x c6 fa de 21 a7 9e 9f 3c bc 4f 94 f3 f6 95 3a 5b Sep 21 07:24:54.693259: | ikev2 g^x 5d 3d 3e d3 40 2f 52 b0 70 59 bf 97 52 a8 7f ee Sep 21 07:24:54.693260: | ikev2 g^x 60 49 f9 b7 1f 4a a8 5d 6c 5d 1d d5 15 bd 4f a0 Sep 21 07:24:54.693261: | ikev2 g^x a8 85 8f d3 95 b0 0e 75 6e 93 e2 83 b9 5a e6 16 Sep 21 07:24:54.693263: | ikev2 g^x de 08 9b 2e 8c 8e bb 85 7b d4 88 49 68 eb 3b de Sep 21 07:24:54.693264: | ikev2 g^x 6a 09 00 4c 1e 8f 71 e7 90 6a 55 7b be fa 2c 0a Sep 21 07:24:54.693266: | ikev2 g^x 2e 05 96 b6 51 bf 87 f1 3e bc bd 1e 92 5d 7c e9 Sep 21 07:24:54.693267: | ikev2 g^x 3d 85 3f db b3 c7 23 af 5c bd eb f3 e5 ea 28 03 Sep 21 07:24:54.693268: | ikev2 g^x 5b ce 4a 79 f1 d4 96 b6 f4 68 7d 3a 62 6c 41 da Sep 21 07:24:54.693270: | ikev2 g^x 6d a8 c8 5b 9a 47 c0 7e 11 d2 e5 2e b4 86 13 f1 Sep 21 07:24:54.693271: | ikev2 g^x a2 71 46 1a 10 d5 a0 dc e9 2e 25 32 a6 c0 e9 d8 Sep 21 07:24:54.693273: | ikev2 g^x 67 26 17 8f 0f 83 36 34 6c 74 f5 03 f5 be 44 24 Sep 21 07:24:54.693274: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:24:54.693276: | ***emit IKEv2 Nonce Payload: Sep 21 07:24:54.693277: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.693279: | flags: none (0x0) Sep 21 07:24:54.693281: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:24:54.693283: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:24:54.693284: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.693286: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:24:54.693287: | IKEv2 nonce 6c a3 c2 a4 63 7f b9 bb a4 73 fd 5f b4 4b d5 d9 Sep 21 07:24:54.693289: | IKEv2 nonce 62 56 5f 55 6e d1 5c 48 91 1d d4 d8 dc 62 a2 31 Sep 21 07:24:54.693290: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:24:54.693292: | Adding a v2N Payload Sep 21 07:24:54.693293: | ***emit IKEv2 Notify Payload: Sep 21 07:24:54.693295: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.693296: | flags: none (0x0) Sep 21 07:24:54.693298: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.693299: | SPI size: 0 (0x0) Sep 21 07:24:54.693301: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:24:54.693303: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:54.693305: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.693306: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:24:54.693309: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:24:54.693311: | natd_hash: rcookie is zero Sep 21 07:24:54.693319: | natd_hash: hasher=0x55ac12e197a0(20) Sep 21 07:24:54.693321: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.693322: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:24:54.693324: | natd_hash: ip= c0 01 02 2d Sep 21 07:24:54.693325: | natd_hash: port= 01 f4 Sep 21 07:24:54.693327: | natd_hash: hash= 39 79 83 c0 f2 9c 74 04 cd 32 68 63 60 c5 7d 1d Sep 21 07:24:54.693328: | natd_hash: hash= f4 0a 08 6a Sep 21 07:24:54.693329: | Adding a v2N Payload Sep 21 07:24:54.693331: | ***emit IKEv2 Notify Payload: Sep 21 07:24:54.693332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.693334: | flags: none (0x0) Sep 21 07:24:54.693335: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.693337: | SPI size: 0 (0x0) Sep 21 07:24:54.693338: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:24:54.693340: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:54.693342: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.693343: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:24:54.693345: | Notify data 39 79 83 c0 f2 9c 74 04 cd 32 68 63 60 c5 7d 1d Sep 21 07:24:54.693346: | Notify data f4 0a 08 6a Sep 21 07:24:54.693348: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:24:54.693349: | natd_hash: rcookie is zero Sep 21 07:24:54.693354: | natd_hash: hasher=0x55ac12e197a0(20) Sep 21 07:24:54.693355: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.693357: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:24:54.693358: | natd_hash: ip= c0 01 02 17 Sep 21 07:24:54.693360: | natd_hash: port= 01 f4 Sep 21 07:24:54.693361: | natd_hash: hash= bc 8c 28 17 36 b2 15 dc b1 6c 25 f4 84 f6 f6 cd Sep 21 07:24:54.693362: | natd_hash: hash= 56 a5 75 8d Sep 21 07:24:54.693364: | Adding a v2N Payload Sep 21 07:24:54.693365: | ***emit IKEv2 Notify Payload: Sep 21 07:24:54.693367: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.693368: | flags: none (0x0) Sep 21 07:24:54.693369: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.693371: | SPI size: 0 (0x0) Sep 21 07:24:54.693372: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:24:54.693374: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:54.693376: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.693377: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:24:54.693379: | Notify data bc 8c 28 17 36 b2 15 dc b1 6c 25 f4 84 f6 f6 cd Sep 21 07:24:54.693380: | Notify data 56 a5 75 8d Sep 21 07:24:54.693382: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:24:54.693383: | emitting length of ISAKMP Message: 828 Sep 21 07:24:54.693388: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:24:54.693395: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.693398: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:24:54.693400: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:24:54.693402: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:24:54.693404: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:24:54.693405: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:24:54.693409: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:24:54.693412: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:24:54.693421: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:24:54.693431: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:24:54.693434: | 62 24 df fc e3 88 ff a3 00 00 00 00 00 00 00 00 Sep 21 07:24:54.693436: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:24:54.693438: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:24:54.693440: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:24:54.693441: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:24:54.693443: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:24:54.693444: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:24:54.693445: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:24:54.693447: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:24:54.693448: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:24:54.693449: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:24:54.693451: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:24:54.693452: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:24:54.693453: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:24:54.693455: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:24:54.693456: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:24:54.693457: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:24:54.693459: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:24:54.693460: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:24:54.693462: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:24:54.693463: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:24:54.693464: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:24:54.693466: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:24:54.693467: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:24:54.693468: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:24:54.693470: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:24:54.693471: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:24:54.693472: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:24:54.693474: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:24:54.693475: | 28 00 01 08 00 0e 00 00 10 30 41 28 27 c3 cd 78 Sep 21 07:24:54.693476: | 59 80 35 72 0e f4 72 4b 03 9a 58 6e 70 46 99 78 Sep 21 07:24:54.693478: | 95 40 91 bc 69 94 87 dd 85 a8 6f 97 da 58 9c 11 Sep 21 07:24:54.693479: | 00 31 bb 51 b0 44 88 04 b4 0a 10 dc 18 bd c2 47 Sep 21 07:24:54.693481: | bc c5 fb 28 4e 8e 58 9c c6 fa de 21 a7 9e 9f 3c Sep 21 07:24:54.693482: | bc 4f 94 f3 f6 95 3a 5b 5d 3d 3e d3 40 2f 52 b0 Sep 21 07:24:54.693483: | 70 59 bf 97 52 a8 7f ee 60 49 f9 b7 1f 4a a8 5d Sep 21 07:24:54.693485: | 6c 5d 1d d5 15 bd 4f a0 a8 85 8f d3 95 b0 0e 75 Sep 21 07:24:54.693486: | 6e 93 e2 83 b9 5a e6 16 de 08 9b 2e 8c 8e bb 85 Sep 21 07:24:54.693487: | 7b d4 88 49 68 eb 3b de 6a 09 00 4c 1e 8f 71 e7 Sep 21 07:24:54.693489: | 90 6a 55 7b be fa 2c 0a 2e 05 96 b6 51 bf 87 f1 Sep 21 07:24:54.693490: | 3e bc bd 1e 92 5d 7c e9 3d 85 3f db b3 c7 23 af Sep 21 07:24:54.693491: | 5c bd eb f3 e5 ea 28 03 5b ce 4a 79 f1 d4 96 b6 Sep 21 07:24:54.693493: | f4 68 7d 3a 62 6c 41 da 6d a8 c8 5b 9a 47 c0 7e Sep 21 07:24:54.693494: | 11 d2 e5 2e b4 86 13 f1 a2 71 46 1a 10 d5 a0 dc Sep 21 07:24:54.693495: | e9 2e 25 32 a6 c0 e9 d8 67 26 17 8f 0f 83 36 34 Sep 21 07:24:54.693497: | 6c 74 f5 03 f5 be 44 24 29 00 00 24 6c a3 c2 a4 Sep 21 07:24:54.693498: | 63 7f b9 bb a4 73 fd 5f b4 4b d5 d9 62 56 5f 55 Sep 21 07:24:54.693501: | 6e d1 5c 48 91 1d d4 d8 dc 62 a2 31 29 00 00 08 Sep 21 07:24:54.693502: | 00 00 40 2e 29 00 00 1c 00 00 40 04 39 79 83 c0 Sep 21 07:24:54.693503: | f2 9c 74 04 cd 32 68 63 60 c5 7d 1d f4 0a 08 6a Sep 21 07:24:54.693505: | 00 00 00 1c 00 00 40 05 bc 8c 28 17 36 b2 15 dc Sep 21 07:24:54.693506: | b1 6c 25 f4 84 f6 f6 cd 56 a5 75 8d Sep 21 07:24:54.693545: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:24:54.693550: | libevent_free: release ptr-libevent@0x55ac141fc4a0 Sep 21 07:24:54.693553: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ac141fc460 Sep 21 07:24:54.693555: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:24:54.693559: | event_schedule: new EVENT_RETRANSMIT-pe@0x55ac141fc460 Sep 21 07:24:54.693562: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:24:54.693564: | libevent_malloc: new ptr-libevent@0x55ac141fc4a0 size 128 Sep 21 07:24:54.693569: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49341.061823 Sep 21 07:24:54.693573: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:24:54.693578: | #1 spent 1.01 milliseconds in resume sending helper answer Sep 21 07:24:54.693583: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:24:54.693586: | libevent_free: release ptr-libevent@0x7f58b4006900 Sep 21 07:24:54.696108: | spent 0.00221 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:54.696126: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:24:54.696130: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.696132: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:24:54.696135: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:24:54.696137: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:24:54.696139: | 04 00 00 0e 28 00 01 08 00 0e 00 00 01 bc 9e 43 Sep 21 07:24:54.696142: | 7e a6 76 14 d5 06 e6 2a 18 53 e9 9d ab 00 d5 2f Sep 21 07:24:54.696144: | 87 f4 70 90 4b 19 f3 3a 8b 7c 91 d3 56 80 65 05 Sep 21 07:24:54.696146: | da 45 d8 e9 65 11 a7 1c eb 6a 5f b4 eb fe a8 d6 Sep 21 07:24:54.696148: | db 98 34 40 ad fb ce 99 e6 88 40 c9 2d f5 f6 89 Sep 21 07:24:54.696149: | 8e 3e ba 66 c7 8d c1 fe 57 af ae fb 8d 8c e6 eb Sep 21 07:24:54.696151: | e5 dd 63 17 cc 8e 91 91 b6 e7 e8 5f 14 ae 31 7f Sep 21 07:24:54.696152: | 16 ba e4 78 7e e0 36 55 f5 2c a8 97 5c fa 51 59 Sep 21 07:24:54.696153: | bd f7 57 87 9a fd db 41 d7 38 13 cf 3d 1d 42 58 Sep 21 07:24:54.696155: | 35 df 07 03 e6 31 3c 5e 57 2a 68 b3 eb 7f 1b fb Sep 21 07:24:54.696156: | 58 cb dd cb 1e ec d4 ea 83 1d cc cb 5c e2 be 3f Sep 21 07:24:54.696158: | 9a 8e 1c b6 0d f6 cc 10 0b 9b 65 de 0f a7 94 de Sep 21 07:24:54.696159: | a2 d4 9e 83 03 b8 c4 44 16 93 46 08 20 d1 df fc Sep 21 07:24:54.696160: | aa a8 f1 6a b7 e5 13 0d a8 49 66 f2 d3 6c 69 cb Sep 21 07:24:54.696162: | 94 1c e4 e2 ed 46 cc 89 2c 00 68 e9 77 e3 0b b9 Sep 21 07:24:54.696163: | d6 07 ef 34 ea bb 3b 3d 9b 90 5a a3 41 59 34 8b Sep 21 07:24:54.696164: | 11 d9 32 68 20 0b 55 87 9d 4e ca 9e 29 00 00 24 Sep 21 07:24:54.696166: | 84 32 a2 9f b0 33 e2 1e 35 fe 54 e3 9b 22 aa ac Sep 21 07:24:54.696167: | 4d d9 63 c3 4c c1 4b a3 98 97 f4 52 1e 3f b3 0a Sep 21 07:24:54.696168: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:24:54.696170: | d4 ec c7 77 b5 79 0b aa c9 04 5f ff 73 1e 64 18 Sep 21 07:24:54.696171: | 4a 11 8a 2b 00 00 00 1c 00 00 40 05 6c 50 50 b3 Sep 21 07:24:54.696172: | bf 82 fa 0d aa bf 31 a6 79 43 22 8a 7f 9b 50 d1 Sep 21 07:24:54.696175: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:24:54.696178: | **parse ISAKMP Message: Sep 21 07:24:54.696181: | initiator cookie: Sep 21 07:24:54.696183: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.696184: | responder cookie: Sep 21 07:24:54.696186: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.696187: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:24:54.696189: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.696191: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:24:54.696192: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:24:54.696194: | Message ID: 0 (0x0) Sep 21 07:24:54.696195: | length: 432 (0x1b0) Sep 21 07:24:54.696197: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:24:54.696199: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:24:54.696202: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:24:54.696206: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:24:54.696209: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:24:54.696211: | #1 is idle Sep 21 07:24:54.696212: | #1 idle Sep 21 07:24:54.696214: | unpacking clear payload Sep 21 07:24:54.696215: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:24:54.696217: | ***parse IKEv2 Security Association Payload: Sep 21 07:24:54.696219: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:24:54.696220: | flags: none (0x0) Sep 21 07:24:54.696222: | length: 40 (0x28) Sep 21 07:24:54.696223: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:24:54.696225: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:24:54.696227: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:24:54.696228: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:24:54.696230: | flags: none (0x0) Sep 21 07:24:54.696231: | length: 264 (0x108) Sep 21 07:24:54.696233: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.696234: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:24:54.696236: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:24:54.696237: | ***parse IKEv2 Nonce Payload: Sep 21 07:24:54.696239: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.696240: | flags: none (0x0) Sep 21 07:24:54.696241: | length: 36 (0x24) Sep 21 07:24:54.696243: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:24:54.696244: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:24:54.696246: | ***parse IKEv2 Notify Payload: Sep 21 07:24:54.696247: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.696249: | flags: none (0x0) Sep 21 07:24:54.696250: | length: 8 (0x8) Sep 21 07:24:54.696252: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.696253: | SPI size: 0 (0x0) Sep 21 07:24:54.696255: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:24:54.696256: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:24:54.696258: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:24:54.696259: | ***parse IKEv2 Notify Payload: Sep 21 07:24:54.696261: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:54.696262: | flags: none (0x0) Sep 21 07:24:54.696263: | length: 28 (0x1c) Sep 21 07:24:54.696265: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.696266: | SPI size: 0 (0x0) Sep 21 07:24:54.696268: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:24:54.696269: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:24:54.696271: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:24:54.696272: | ***parse IKEv2 Notify Payload: Sep 21 07:24:54.696274: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.696275: | flags: none (0x0) Sep 21 07:24:54.696276: | length: 28 (0x1c) Sep 21 07:24:54.696278: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:54.696279: | SPI size: 0 (0x0) Sep 21 07:24:54.696282: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:24:54.696283: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:24:54.696285: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:24:54.696289: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:24:54.696291: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:24:54.696292: | Now let's proceed with state specific processing Sep 21 07:24:54.696294: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:24:54.696296: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:24:54.696306: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:54.696309: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:24:54.696311: | local proposal 1 type ENCR has 1 transforms Sep 21 07:24:54.696313: | local proposal 1 type PRF has 2 transforms Sep 21 07:24:54.696314: | local proposal 1 type INTEG has 1 transforms Sep 21 07:24:54.696315: | local proposal 1 type DH has 8 transforms Sep 21 07:24:54.696317: | local proposal 1 type ESN has 0 transforms Sep 21 07:24:54.696319: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:24:54.696321: | local proposal 2 type ENCR has 1 transforms Sep 21 07:24:54.696322: | local proposal 2 type PRF has 2 transforms Sep 21 07:24:54.696324: | local proposal 2 type INTEG has 1 transforms Sep 21 07:24:54.696325: | local proposal 2 type DH has 8 transforms Sep 21 07:24:54.696326: | local proposal 2 type ESN has 0 transforms Sep 21 07:24:54.696328: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:24:54.696330: | local proposal 3 type ENCR has 1 transforms Sep 21 07:24:54.696331: | local proposal 3 type PRF has 2 transforms Sep 21 07:24:54.696333: | local proposal 3 type INTEG has 2 transforms Sep 21 07:24:54.696334: | local proposal 3 type DH has 8 transforms Sep 21 07:24:54.696335: | local proposal 3 type ESN has 0 transforms Sep 21 07:24:54.696337: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:24:54.696339: | local proposal 4 type ENCR has 1 transforms Sep 21 07:24:54.696340: | local proposal 4 type PRF has 2 transforms Sep 21 07:24:54.696342: | local proposal 4 type INTEG has 2 transforms Sep 21 07:24:54.696343: | local proposal 4 type DH has 8 transforms Sep 21 07:24:54.696344: | local proposal 4 type ESN has 0 transforms Sep 21 07:24:54.696346: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:24:54.696348: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.696350: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.696351: | length: 36 (0x24) Sep 21 07:24:54.696352: | prop #: 1 (0x1) Sep 21 07:24:54.696354: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:54.696355: | spi size: 0 (0x0) Sep 21 07:24:54.696357: | # transforms: 3 (0x3) Sep 21 07:24:54.696359: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:24:54.696361: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.696362: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.696364: | length: 12 (0xc) Sep 21 07:24:54.696366: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.696368: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.696370: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.696371: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.696373: | length/value: 256 (0x100) Sep 21 07:24:54.696376: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:24:54.696378: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.696380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.696382: | length: 8 (0x8) Sep 21 07:24:54.696385: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:54.696387: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:54.696390: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:24:54.696392: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.696394: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.696396: | length: 8 (0x8) Sep 21 07:24:54.696399: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:54.696401: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:54.696404: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:24:54.696407: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:24:54.696411: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:24:54.696413: | remote proposal 1 matches local proposal 1 Sep 21 07:24:54.696416: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:24:54.696418: | converting proposal to internal trans attrs Sep 21 07:24:54.696431: | natd_hash: hasher=0x55ac12e197a0(20) Sep 21 07:24:54.696434: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.696436: | natd_hash: rcookie= 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.696438: | natd_hash: ip= c0 01 02 2d Sep 21 07:24:54.696440: | natd_hash: port= 01 f4 Sep 21 07:24:54.696442: | natd_hash: hash= 6c 50 50 b3 bf 82 fa 0d aa bf 31 a6 79 43 22 8a Sep 21 07:24:54.696444: | natd_hash: hash= 7f 9b 50 d1 Sep 21 07:24:54.696450: | natd_hash: hasher=0x55ac12e197a0(20) Sep 21 07:24:54.696453: | natd_hash: icookie= 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.696455: | natd_hash: rcookie= 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.696457: | natd_hash: ip= c0 01 02 17 Sep 21 07:24:54.696459: | natd_hash: port= 01 f4 Sep 21 07:24:54.696461: | natd_hash: hash= d4 ec c7 77 b5 79 0b aa c9 04 5f ff 73 1e 64 18 Sep 21 07:24:54.696463: | natd_hash: hash= 4a 11 8a 2b Sep 21 07:24:54.696465: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:24:54.696467: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:24:54.696470: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:24:54.696473: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:24:54.696476: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:24:54.696479: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:24:54.696482: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:24:54.696484: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:24:54.696488: | libevent_free: release ptr-libevent@0x55ac141fc4a0 Sep 21 07:24:54.696490: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ac141fc460 Sep 21 07:24:54.696493: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ac141fc460 Sep 21 07:24:54.696497: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:24:54.696500: | libevent_malloc: new ptr-libevent@0x55ac141fc4a0 size 128 Sep 21 07:24:54.696510: | #1 spent 0.212 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:24:54.696515: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.696521: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:24:54.696524: | suspending state #1 and saving MD Sep 21 07:24:54.696526: | #1 is busy; has a suspended MD Sep 21 07:24:54.696530: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:24:54.696534: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:24:54.696538: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:24:54.696542: | #1 spent 0.424 milliseconds in ikev2_process_packet() Sep 21 07:24:54.696547: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:24:54.696549: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:54.696552: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:54.696555: | spent 0.438 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:54.696567: | crypto helper 3 resuming Sep 21 07:24:54.696572: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:24:54.696575: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:24:54.697195: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:24:54.697475: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.0009 seconds Sep 21 07:24:54.697481: | (#1) spent 0.903 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:24:54.697483: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:24:54.697485: | scheduling resume sending helper answer for #1 Sep 21 07:24:54.697487: | libevent_malloc: new ptr-libevent@0x7f58ac006b90 size 128 Sep 21 07:24:54.697494: | crypto helper 3 waiting (nothing to do) Sep 21 07:24:54.697501: | processing resume sending helper answer for #1 Sep 21 07:24:54.697508: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:24:54.697510: | crypto helper 3 replies to request ID 2 Sep 21 07:24:54.697512: | calling continuation function 0x55ac12d43630 Sep 21 07:24:54.697514: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:24:54.697520: | creating state object #2 at 0x55ac141feda0 Sep 21 07:24:54.697522: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:24:54.697524: | pstats #2 ikev2.child started Sep 21 07:24:54.697526: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:24:54.697529: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:24:54.697533: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:24:54.697536: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:24:54.697539: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:24:54.697541: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:24:54.697543: | libevent_free: release ptr-libevent@0x55ac141fc4a0 Sep 21 07:24:54.697545: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ac141fc460 Sep 21 07:24:54.697547: | event_schedule: new EVENT_SA_REPLACE-pe@0x55ac141fc460 Sep 21 07:24:54.697549: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:24:54.697551: | libevent_malloc: new ptr-libevent@0x55ac141fc4a0 size 128 Sep 21 07:24:54.697555: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:24:54.697559: | **emit ISAKMP Message: Sep 21 07:24:54.697561: | initiator cookie: Sep 21 07:24:54.697562: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.697564: | responder cookie: Sep 21 07:24:54.697565: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.697567: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:54.697569: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.697570: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:24:54.697572: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:24:54.697574: | Message ID: 1 (0x1) Sep 21 07:24:54.697575: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:54.697577: | ***emit IKEv2 Encryption Payload: Sep 21 07:24:54.697579: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.697581: | flags: none (0x0) Sep 21 07:24:54.697582: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:24:54.697584: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.697586: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:24:54.697593: | IKEv2 CERT: send a certificate? Sep 21 07:24:54.697595: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:24:54.697596: | IDr payload will be sent Sep 21 07:24:54.697607: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:24:54.697609: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.697611: | flags: none (0x0) Sep 21 07:24:54.697612: | ID type: ID_FQDN (0x2) Sep 21 07:24:54.697614: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:24:54.697616: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.697618: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:24:54.697620: | my identity 77 65 73 74 Sep 21 07:24:54.697621: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:24:54.697627: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:24:54.697628: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:24:54.697630: | flags: none (0x0) Sep 21 07:24:54.697631: | ID type: ID_FQDN (0x2) Sep 21 07:24:54.697633: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:24:54.697635: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:24:54.697637: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.697639: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:24:54.697640: | IDr 65 61 73 74 Sep 21 07:24:54.697642: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:24:54.697643: | not sending INITIAL_CONTACT Sep 21 07:24:54.697645: | ****emit IKEv2 Authentication Payload: Sep 21 07:24:54.697646: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.697648: | flags: none (0x0) Sep 21 07:24:54.697650: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:24:54.697651: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:24:54.697653: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.697655: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:24:54.697660: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:24:54.697662: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:24:54.697664: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:24:54.697667: | 1: compared key @east to @west / @east -> 004 Sep 21 07:24:54.697669: | 2: compared key @west to @west / @east -> 014 Sep 21 07:24:54.697670: | line 1: match=014 Sep 21 07:24:54.697672: | match 014 beats previous best_match 000 match=0x55ac141ed5a0 (line=1) Sep 21 07:24:54.697674: | concluding with best_match=014 best=0x55ac141ed5a0 (lineno=1) Sep 21 07:24:54.697711: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:24:54.697713: | PSK auth 63 66 a1 10 b8 81 47 e2 68 ec 5a 9d 25 c7 d1 15 Sep 21 07:24:54.697715: | PSK auth e0 c7 b9 61 ce 87 1b 54 3d d8 30 10 84 2f 27 da Sep 21 07:24:54.697716: | PSK auth 2c 5f 8d 45 4e 49 e0 10 31 0c a3 be 57 84 d4 1e Sep 21 07:24:54.697717: | PSK auth 9b 5c de cf 91 43 97 f8 87 ec 1e 46 2a 95 f3 b6 Sep 21 07:24:54.697719: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:24:54.697721: | getting first pending from state #1 Sep 21 07:24:54.697738: | netlink_get_spi: allocated 0xe441f18e for esp.0@192.1.2.45 Sep 21 07:24:54.697741: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:24:54.697746: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:24:54.697749: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:24:54.697751: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:24:54.697753: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:24:54.697755: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:24:54.697758: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.697760: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:24:54.697762: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.697767: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.697776: | Emitting ikev2_proposals ... Sep 21 07:24:54.697778: | ****emit IKEv2 Security Association Payload: Sep 21 07:24:54.697781: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.697787: | flags: none (0x0) Sep 21 07:24:54.697793: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:24:54.697795: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.697797: | discarding INTEG=NONE Sep 21 07:24:54.697807: | discarding DH=NONE Sep 21 07:24:54.697809: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.697811: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.697813: | prop #: 1 (0x1) Sep 21 07:24:54.697815: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.697817: | spi size: 4 (0x4) Sep 21 07:24:54.697819: | # transforms: 2 (0x2) Sep 21 07:24:54.697821: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.697824: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:24:54.697826: | our spi e4 41 f1 8e Sep 21 07:24:54.697830: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697835: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.697837: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.697839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.697842: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.697844: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.697846: | length/value: 256 (0x100) Sep 21 07:24:54.697849: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.697851: | discarding INTEG=NONE Sep 21 07:24:54.697852: | discarding DH=NONE Sep 21 07:24:54.697854: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697857: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.697859: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.697861: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.697864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.697868: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.697871: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:24:54.697873: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.697875: | discarding INTEG=NONE Sep 21 07:24:54.697876: | discarding DH=NONE Sep 21 07:24:54.697878: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.697880: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.697882: | prop #: 2 (0x2) Sep 21 07:24:54.697884: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.697886: | spi size: 4 (0x4) Sep 21 07:24:54.697888: | # transforms: 2 (0x2) Sep 21 07:24:54.697891: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.697893: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.697896: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:24:54.697898: | our spi e4 41 f1 8e Sep 21 07:24:54.697900: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697905: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.697907: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.697910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.697912: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.697914: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.697916: | length/value: 128 (0x80) Sep 21 07:24:54.697918: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.697920: | discarding INTEG=NONE Sep 21 07:24:54.697922: | discarding DH=NONE Sep 21 07:24:54.697924: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697926: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.697928: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.697930: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.697933: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697936: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.697941: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.697943: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:24:54.697945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.697947: | discarding DH=NONE Sep 21 07:24:54.697950: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.697952: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.697954: | prop #: 3 (0x3) Sep 21 07:24:54.697956: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.697958: | spi size: 4 (0x4) Sep 21 07:24:54.697960: | # transforms: 4 (0x4) Sep 21 07:24:54.697963: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.697965: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.697968: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:24:54.697970: | our spi e4 41 f1 8e Sep 21 07:24:54.697971: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697975: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.697976: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.697978: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.697979: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.697981: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.697982: | length/value: 256 (0x100) Sep 21 07:24:54.697984: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.697985: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697988: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.697990: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.697991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.697995: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.697996: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.697998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.697999: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.698000: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.698002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.698005: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.698007: | discarding DH=NONE Sep 21 07:24:54.698008: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.698010: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.698011: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.698012: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.698014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.698017: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.698020: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:24:54.698022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.698023: | discarding DH=NONE Sep 21 07:24:54.698025: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.698026: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.698027: | prop #: 4 (0x4) Sep 21 07:24:54.698029: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.698030: | spi size: 4 (0x4) Sep 21 07:24:54.698031: | # transforms: 4 (0x4) Sep 21 07:24:54.698033: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:54.698035: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:54.698037: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:24:54.698038: | our spi e4 41 f1 8e Sep 21 07:24:54.698039: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.698041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698042: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.698044: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:54.698045: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.698047: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.698048: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.698050: | length/value: 128 (0x80) Sep 21 07:24:54.698051: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:54.698053: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.698054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698056: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.698057: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:54.698059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.698062: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.698063: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.698065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698066: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:54.698068: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:54.698069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.698072: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.698074: | discarding DH=NONE Sep 21 07:24:54.698075: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:24:54.698077: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.698078: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.698079: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.698081: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.698083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:54.698084: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:54.698086: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:24:54.698088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:54.698090: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:24:54.698091: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:24:54.698094: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:24:54.698095: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.698097: | flags: none (0x0) Sep 21 07:24:54.698098: | number of TS: 1 (0x1) Sep 21 07:24:54.698100: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:24:54.698102: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.698104: | *****emit IKEv2 Traffic Selector: Sep 21 07:24:54.698105: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.698107: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.698108: | start port: 0 (0x0) Sep 21 07:24:54.698110: | end port: 65535 (0xffff) Sep 21 07:24:54.698112: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:24:54.698113: | IP start c0 00 01 00 Sep 21 07:24:54.698115: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:24:54.698117: | IP end c0 00 01 ff Sep 21 07:24:54.698119: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:24:54.698121: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:24:54.698124: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:24:54.698126: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.698128: | flags: none (0x0) Sep 21 07:24:54.698130: | number of TS: 1 (0x1) Sep 21 07:24:54.698133: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:24:54.698135: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:24:54.698137: | *****emit IKEv2 Traffic Selector: Sep 21 07:24:54.698139: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.698142: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.698144: | start port: 0 (0x0) Sep 21 07:24:54.698146: | end port: 65535 (0xffff) Sep 21 07:24:54.698148: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:24:54.698150: | IP start c0 00 02 00 Sep 21 07:24:54.698153: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:24:54.698154: | IP end c0 00 02 ff Sep 21 07:24:54.698157: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:24:54.698159: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:24:54.698162: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:24:54.698164: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:24:54.698166: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:24:54.698169: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:24:54.698172: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:24:54.698174: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:24:54.698175: | emitting length of ISAKMP Message: 365 Sep 21 07:24:54.698189: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.698192: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.698195: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:24:54.698199: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:24:54.698201: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:24:54.698203: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:24:54.698206: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:24:54.698209: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:24:54.698212: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:24:54.698221: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:24:54.698227: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:24:54.698229: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.698231: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:24:54.698233: | 5d 73 e1 1b 38 c7 aa aa 9c d5 b0 84 b6 76 28 9b Sep 21 07:24:54.698235: | 68 26 f0 92 0f ed c2 31 95 00 4d 55 f5 e3 8e 8e Sep 21 07:24:54.698237: | 0d 36 bb 72 10 74 7f 7e 4d 21 be ea 26 04 da d3 Sep 21 07:24:54.698239: | 13 0a 24 9a 9e b1 47 42 27 94 b0 d7 24 fb 9d 1b Sep 21 07:24:54.698241: | 1f aa 19 64 c9 db 74 ff 85 85 9e f6 9f 52 35 f6 Sep 21 07:24:54.698243: | 43 93 34 35 c5 7d bd d2 2f 42 48 9c 32 d6 2f 44 Sep 21 07:24:54.698245: | 7c e2 f0 27 68 1e 3d 07 c1 63 43 64 a2 48 f5 24 Sep 21 07:24:54.698247: | 92 ba 11 1c 9b 59 b7 01 56 99 35 e8 cc 72 69 25 Sep 21 07:24:54.698249: | e2 a6 0a 8c 3b 59 b2 e4 4e 4b 78 22 24 7a 1a f6 Sep 21 07:24:54.698251: | da 9f 45 61 71 d2 35 60 b5 48 2b a6 f9 78 e4 a6 Sep 21 07:24:54.698253: | cb 97 4e f9 29 89 07 75 2c 54 91 5d 78 6e ac 5d Sep 21 07:24:54.698256: | 87 bc fe 7e 36 00 6e c0 95 9d be 48 18 cd a8 63 Sep 21 07:24:54.698258: | 8b dc 21 59 40 bb 0d 0a 96 02 62 0f 97 75 00 95 Sep 21 07:24:54.698260: | 75 2b d8 c9 26 84 7d 6d 55 58 24 00 57 ba 8b d2 Sep 21 07:24:54.698262: | e9 2b 4e cf b8 11 ea 43 ce 32 d3 6d db 00 62 28 Sep 21 07:24:54.698264: | 75 55 17 00 52 59 35 2c 00 5a 51 30 a0 c1 e6 e0 Sep 21 07:24:54.698614: | 00 2d c0 f2 9f 7c 32 6a 75 f5 e6 d6 62 23 12 31 Sep 21 07:24:54.698621: | 0b 2f f5 7d e6 7a 63 fc e4 b3 ca 1b 70 df 66 38 Sep 21 07:24:54.698623: | 05 0b 49 47 b0 20 6e 90 4a 3f c2 a2 44 78 3e 94 Sep 21 07:24:54.698625: | 27 4e 52 81 51 c4 58 5d dd db c3 58 db b7 b9 8f Sep 21 07:24:54.698627: | 89 45 29 40 49 20 13 59 b8 cb ef d4 41 Sep 21 07:24:54.698672: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:24:54.698678: | event_schedule: new EVENT_RETRANSMIT-pe@0x55ac141fc1e0 Sep 21 07:24:54.698683: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:24:54.698686: | libevent_malloc: new ptr-libevent@0x55ac141fc2c0 size 128 Sep 21 07:24:54.698692: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49341.066942 Sep 21 07:24:54.698696: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:24:54.698704: | #1 spent 0.821 milliseconds in resume sending helper answer Sep 21 07:24:54.698709: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:24:54.698713: | libevent_free: release ptr-libevent@0x7f58ac006b90 Sep 21 07:24:54.819931: | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:54.819951: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:24:54.819957: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.819959: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:24:54.819962: | 12 3f 26 3e 25 ef b1 32 d6 68 c5 00 02 00 02 d8 Sep 21 07:24:54.819964: | a7 d6 cf bc 4c 85 9d 30 d6 ff 28 30 53 3f 9d 09 Sep 21 07:24:54.819967: | 11 93 7c 1b 06 ec 8f 8c 50 30 42 a6 e0 d3 42 d2 Sep 21 07:24:54.819969: | 17 6f b4 91 c7 26 39 fa 69 1e 2a 6d dc 76 1c 62 Sep 21 07:24:54.819971: | 3d b1 02 a4 2c 1f d6 f6 ac 4f b5 fb 53 5b 25 03 Sep 21 07:24:54.819974: | 53 ad c6 be ad 8c 85 25 c0 ab bf b8 70 e3 fa 80 Sep 21 07:24:54.819976: | 11 3b 28 27 b5 10 b9 38 ea c6 8e 3a 16 34 61 f8 Sep 21 07:24:54.819978: | 08 f6 23 2e fd 80 a9 ca 72 91 0b b6 0b 6e 23 5d Sep 21 07:24:54.819981: | e4 e7 ee 82 4a 75 dc ef b2 46 91 7d c3 a2 30 7e Sep 21 07:24:54.819983: | e5 31 15 f0 87 65 dc c4 74 be 4e c7 c4 84 2b 9b Sep 21 07:24:54.819986: | 06 99 ac fe f1 3c 47 89 15 ab ef 18 3e e2 e8 09 Sep 21 07:24:54.819988: | f5 1f 44 a3 8e 12 fe 4a 48 65 c7 f6 d5 45 04 03 Sep 21 07:24:54.819990: | de Sep 21 07:24:54.819995: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:24:54.819999: | **parse ISAKMP Message: Sep 21 07:24:54.820002: | initiator cookie: Sep 21 07:24:54.820004: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:54.820006: | responder cookie: Sep 21 07:24:54.820008: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:54.820012: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:24:54.820014: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:54.820017: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:24:54.820020: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:24:54.820022: | Message ID: 1 (0x1) Sep 21 07:24:54.820025: | length: 225 (0xe1) Sep 21 07:24:54.820028: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:24:54.820031: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:24:54.820035: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:24:54.820041: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:24:54.820045: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:24:54.820050: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:24:54.820054: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:24:54.820057: | #2 is idle Sep 21 07:24:54.820059: | #2 idle Sep 21 07:24:54.820061: | unpacking clear payload Sep 21 07:24:54.820064: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:24:54.820067: | ***parse IKEv2 Encryption Payload: Sep 21 07:24:54.820070: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:24:54.820072: | flags: none (0x0) Sep 21 07:24:54.820075: | length: 197 (0xc5) Sep 21 07:24:54.820077: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:24:54.820080: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:24:54.820095: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:24:54.820097: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:24:54.820101: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:24:54.821150: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:24:54.821161: | flags: none (0x0) Sep 21 07:24:54.821165: | length: 12 (0xc) Sep 21 07:24:54.821168: | ID type: ID_FQDN (0x2) Sep 21 07:24:54.821171: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:24:54.821174: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:24:54.821178: | **parse IKEv2 Authentication Payload: Sep 21 07:24:54.821181: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:24:54.821184: | flags: none (0x0) Sep 21 07:24:54.821189: | length: 72 (0x48) Sep 21 07:24:54.821192: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:24:54.821195: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:24:54.821198: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:24:54.821201: | **parse IKEv2 Security Association Payload: Sep 21 07:24:54.821204: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:24:54.821207: | flags: none (0x0) Sep 21 07:24:54.821214: | length: 36 (0x24) Sep 21 07:24:54.821217: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:24:54.821220: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:24:54.821223: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:24:54.821226: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:24:54.821229: | flags: none (0x0) Sep 21 07:24:54.821232: | length: 24 (0x18) Sep 21 07:24:54.821266: | number of TS: 1 (0x1) Sep 21 07:24:54.821271: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:24:54.821274: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:24:54.821278: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:24:54.821281: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:54.821284: | flags: none (0x0) Sep 21 07:24:54.821289: | length: 24 (0x18) Sep 21 07:24:54.821308: | number of TS: 1 (0x1) Sep 21 07:24:54.821311: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:24:54.821314: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:24:54.821316: | Now let's proceed with state specific processing Sep 21 07:24:54.821319: | calling processor Initiator: process IKE_AUTH response Sep 21 07:24:54.821326: | offered CA: '%none' Sep 21 07:24:54.821330: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:24:54.821370: | verifying AUTH payload Sep 21 07:24:54.821375: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:24:54.821379: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:24:54.821382: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:24:54.821385: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:24:54.821389: | 1: compared key @east to @west / @east -> 004 Sep 21 07:24:54.821392: | 2: compared key @west to @west / @east -> 014 Sep 21 07:24:54.821395: | line 1: match=014 Sep 21 07:24:54.821398: | match 014 beats previous best_match 000 match=0x55ac141ed5a0 (line=1) Sep 21 07:24:54.821400: | concluding with best_match=014 best=0x55ac141ed5a0 (lineno=1) Sep 21 07:24:54.821466: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Sep 21 07:24:54.821474: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:24:54.821479: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:24:54.821482: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:24:54.821486: | libevent_free: release ptr-libevent@0x55ac141fc4a0 Sep 21 07:24:54.821489: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ac141fc460 Sep 21 07:24:54.821492: | event_schedule: new EVENT_SA_REKEY-pe@0x55ac141fc460 Sep 21 07:24:54.821496: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:24:54.821499: | libevent_malloc: new ptr-libevent@0x55ac141fc4a0 size 128 Sep 21 07:24:54.821595: | pstats #1 ikev2.ike established Sep 21 07:24:54.821601: | TSi: parsing 1 traffic selectors Sep 21 07:24:54.821603: | ***parse IKEv2 Traffic Selector: Sep 21 07:24:54.821606: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.821608: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.821611: | length: 16 (0x10) Sep 21 07:24:54.821613: | start port: 0 (0x0) Sep 21 07:24:54.821616: | end port: 65535 (0xffff) Sep 21 07:24:54.821618: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:24:54.821621: | TS low c0 00 01 00 Sep 21 07:24:54.821623: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:24:54.821628: | TS high c0 00 01 ff Sep 21 07:24:54.821630: | TSi: parsed 1 traffic selectors Sep 21 07:24:54.821633: | TSr: parsing 1 traffic selectors Sep 21 07:24:54.821635: | ***parse IKEv2 Traffic Selector: Sep 21 07:24:54.821637: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:24:54.821640: | IP Protocol ID: 0 (0x0) Sep 21 07:24:54.821642: | length: 16 (0x10) Sep 21 07:24:54.821644: | start port: 0 (0x0) Sep 21 07:24:54.821646: | end port: 65535 (0xffff) Sep 21 07:24:54.821649: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:24:54.821651: | TS low c0 00 02 00 Sep 21 07:24:54.821653: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:24:54.821656: | TS high c0 00 02 ff Sep 21 07:24:54.821658: | TSr: parsed 1 traffic selectors Sep 21 07:24:54.821664: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:24:54.821669: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:24:54.821676: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:24:54.821679: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:24:54.821682: | TSi[0] port match: YES fitness 65536 Sep 21 07:24:54.821685: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:24:54.821688: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:24:54.821692: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:24:54.821698: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:24:54.821701: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:24:54.821703: | TSr[0] port match: YES fitness 65536 Sep 21 07:24:54.821706: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:24:54.821708: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:24:54.821711: | best fit so far: TSi[0] TSr[0] Sep 21 07:24:54.821713: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:24:54.821715: | printing contents struct traffic_selector Sep 21 07:24:54.821718: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:24:54.821720: | ipprotoid: 0 Sep 21 07:24:54.821722: | port range: 0-65535 Sep 21 07:24:54.821726: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:24:54.821728: | printing contents struct traffic_selector Sep 21 07:24:54.821730: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:24:54.821732: | ipprotoid: 0 Sep 21 07:24:54.821734: | port range: 0-65535 Sep 21 07:24:54.821738: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:24:54.821751: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:24:54.821755: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:24:54.821759: | local proposal 1 type ENCR has 1 transforms Sep 21 07:24:54.821761: | local proposal 1 type PRF has 0 transforms Sep 21 07:24:54.821763: | local proposal 1 type INTEG has 1 transforms Sep 21 07:24:54.821766: | local proposal 1 type DH has 1 transforms Sep 21 07:24:54.821768: | local proposal 1 type ESN has 1 transforms Sep 21 07:24:54.821771: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:24:54.821774: | local proposal 2 type ENCR has 1 transforms Sep 21 07:24:54.821776: | local proposal 2 type PRF has 0 transforms Sep 21 07:24:54.821778: | local proposal 2 type INTEG has 1 transforms Sep 21 07:24:54.821781: | local proposal 2 type DH has 1 transforms Sep 21 07:24:54.821791: | local proposal 2 type ESN has 1 transforms Sep 21 07:24:54.821798: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:24:54.821800: | local proposal 3 type ENCR has 1 transforms Sep 21 07:24:54.821802: | local proposal 3 type PRF has 0 transforms Sep 21 07:24:54.821805: | local proposal 3 type INTEG has 2 transforms Sep 21 07:24:54.821807: | local proposal 3 type DH has 1 transforms Sep 21 07:24:54.821809: | local proposal 3 type ESN has 1 transforms Sep 21 07:24:54.821812: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:24:54.821815: | local proposal 4 type ENCR has 1 transforms Sep 21 07:24:54.821817: | local proposal 4 type PRF has 0 transforms Sep 21 07:24:54.821819: | local proposal 4 type INTEG has 2 transforms Sep 21 07:24:54.821822: | local proposal 4 type DH has 1 transforms Sep 21 07:24:54.821824: | local proposal 4 type ESN has 1 transforms Sep 21 07:24:54.821827: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:24:54.821830: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:24:54.821832: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:54.821834: | length: 32 (0x20) Sep 21 07:24:54.821837: | prop #: 1 (0x1) Sep 21 07:24:54.821839: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:24:54.821841: | spi size: 4 (0x4) Sep 21 07:24:54.821844: | # transforms: 2 (0x2) Sep 21 07:24:54.821847: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:24:54.821849: | remote SPI ed f6 9d dd Sep 21 07:24:54.821852: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:24:54.821855: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.821857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:54.821859: | length: 12 (0xc) Sep 21 07:24:54.821862: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:54.821864: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:54.821867: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:24:54.821869: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:54.821872: | length/value: 256 (0x100) Sep 21 07:24:54.821876: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:24:54.821879: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:24:54.821881: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:54.821883: | length: 8 (0x8) Sep 21 07:24:54.821886: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:24:54.821888: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:24:54.821892: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:24:54.821895: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:24:54.821899: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:24:54.821901: | remote proposal 1 matches local proposal 1 Sep 21 07:24:54.821904: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:24:54.821909: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=edf69ddd;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:24:54.821911: | converting proposal to internal trans attrs Sep 21 07:24:54.821917: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:24:54.822227: | #1 spent 1.08 milliseconds Sep 21 07:24:54.822232: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:24:54.822235: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:24:54.822238: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:24:54.822241: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:24:54.822244: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:24:54.822250: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:24:54.822256: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:24:54.822259: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:24:54.822262: | AES_GCM_16 requires 4 salt bytes Sep 21 07:24:54.822264: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:24:54.822370: | setting IPsec SA replay-window to 32 Sep 21 07:24:54.822374: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:24:54.822378: | netlink: enabling tunnel mode Sep 21 07:24:54.822381: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:24:54.822383: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:24:54.822577: | netlink response for Add SA esp.edf69ddd@192.1.2.23 included non-error error Sep 21 07:24:54.822583: | set up outgoing SA, ref=0/0 Sep 21 07:24:54.822587: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:24:54.822590: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:24:54.822592: | AES_GCM_16 requires 4 salt bytes Sep 21 07:24:54.822595: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:24:54.822599: | setting IPsec SA replay-window to 32 Sep 21 07:24:54.822602: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:24:54.822604: | netlink: enabling tunnel mode Sep 21 07:24:54.822607: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:24:54.822609: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:24:54.822753: | netlink response for Add SA esp.e441f18e@192.1.2.45 included non-error error Sep 21 07:24:54.822759: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:54.822768: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:24:54.822771: | IPsec Sa SPD priority set to 1042407 Sep 21 07:24:54.823027: | raw_eroute result=success Sep 21 07:24:54.823035: | set up incoming SA, ref=0/0 Sep 21 07:24:54.823038: | sr for #2: unrouted Sep 21 07:24:54.823041: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:24:54.823043: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:24:54.823046: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:24:54.823049: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:24:54.823053: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:24:54.823057: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:24:54.823060: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:54.823068: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:24:54.823071: | IPsec Sa SPD priority set to 1042407 Sep 21 07:24:54.823245: | raw_eroute result=success Sep 21 07:24:54.823273: | running updown command "ipsec _updown" for verb up Sep 21 07:24:54.823277: | command executing up-client Sep 21 07:24:54.823305: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:24:54.823310: | popen cmd is 1049 chars long Sep 21 07:24:54.823314: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:24:54.823316: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Sep 21 07:24:54.823319: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Sep 21 07:24:54.823322: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Sep 21 07:24:54.823324: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Sep 21 07:24:54.823327: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Sep 21 07:24:54.823329: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:24:54.823332: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Sep 21 07:24:54.823335: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:24:54.823337: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:24:54.823340: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:24:54.823342: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:24:54.823345: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedf69ddd SPI_OUT=0xe441f18e ipsec _up: Sep 21 07:24:54.823347: | cmd(1040):down 2>&1: Sep 21 07:24:54.845095: | route_and_eroute: firewall_notified: true Sep 21 07:24:54.845105: | running updown command "ipsec _updown" for verb prepare Sep 21 07:24:54.845108: | command executing prepare-client Sep 21 07:24:54.845129: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Sep 21 07:24:54.845131: | popen cmd is 1054 chars long Sep 21 07:24:54.845133: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:24:54.845135: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:24:54.845136: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:24:54.845138: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:24:54.845139: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Sep 21 07:24:54.845141: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:24:54.845142: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:24:54.845144: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:24:54.845149: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:24:54.845150: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:24:54.845152: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:24:54.845153: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:24:54.845155: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedf69ddd SPI_OUT=0xe441f18e ipse: Sep 21 07:24:54.845156: | cmd(1040):c _updown 2>&1: Sep 21 07:24:54.856082: | running updown command "ipsec _updown" for verb route Sep 21 07:24:54.856098: | command executing route-client Sep 21 07:24:54.856131: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Sep 21 07:24:54.856134: | popen cmd is 1052 chars long Sep 21 07:24:54.856137: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:24:54.856140: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Sep 21 07:24:54.856143: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Sep 21 07:24:54.856145: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Sep 21 07:24:54.856148: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Sep 21 07:24:54.856150: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:24:54.856153: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:24:54.856155: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:24:54.856158: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Sep 21 07:24:54.856160: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:24:54.856163: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:24:54.856165: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:24:54.856168: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedf69ddd SPI_OUT=0xe441f18e ipsec : Sep 21 07:24:54.856170: | cmd(1040):_updown 2>&1: Sep 21 07:24:54.891682: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55ac141f8f30,sr=0x55ac141f8f30} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:24:54.891779: | #1 spent 0.967 milliseconds in install_ipsec_sa() Sep 21 07:24:54.891791: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:24:54.891797: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:24:54.891800: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:24:54.891810: | libevent_free: release ptr-libevent@0x55ac141fc2c0 Sep 21 07:24:54.891813: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ac141fc1e0 Sep 21 07:24:54.891819: | #2 spent 1.77 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:24:54.891826: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:54.891831: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:24:54.891835: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:24:54.891838: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:24:54.891841: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:24:54.891847: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:24:54.891852: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:24:54.891855: | pstats #2 ikev2.child established Sep 21 07:24:54.891862: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:24:54.891873: | NAT-T: encaps is 'auto' Sep 21 07:24:54.891878: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xedf69ddd <0xe441f18e xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:24:54.891882: | releasing whack for #2 (sock=fd@25) Sep 21 07:24:54.891886: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:24:54.891888: | releasing whack and unpending for parent #1 Sep 21 07:24:54.891890: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:54.891895: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:54.891897: | removing pending policy for no connection {0x55ac14189450} Sep 21 07:24:54.891904: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:24:54.891908: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:24:54.891911: | event_schedule: new EVENT_SA_REKEY-pe@0x55ac141fc1e0 Sep 21 07:24:54.891914: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:24:54.891917: | libevent_malloc: new ptr-libevent@0x55ac141fc2c0 size 128 Sep 21 07:24:54.891924: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:24:54.891929: | #1 spent 2.19 milliseconds in ikev2_process_packet() Sep 21 07:24:54.891933: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:24:54.891936: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:54.891938: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:54.891942: | spent 2.21 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:54.891953: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.891959: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.891963: | spent 0.00516 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:54.891965: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.891968: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.891971: | spent 0.00297 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:54.891973: | processing signal PLUTO_SIGCHLD Sep 21 07:24:54.891976: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:54.891979: | spent 0.00307 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:56.118374: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:56.118396: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:24:56.118405: | FOR_EACH_STATE_... in sort_states Sep 21 07:24:56.118413: | get_sa_info esp.e441f18e@192.1.2.45 Sep 21 07:24:56.118434: | get_sa_info esp.edf69ddd@192.1.2.23 Sep 21 07:24:56.118454: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:56.118461: | spent 0.095 milliseconds in whack Sep 21 07:24:57.737459: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:57.737670: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:57.737675: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:24:57.737739: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:24:57.737742: | FOR_EACH_STATE_... in sort_states Sep 21 07:24:57.737755: | get_sa_info esp.e441f18e@192.1.2.45 Sep 21 07:24:57.737772: | get_sa_info esp.edf69ddd@192.1.2.23 Sep 21 07:24:57.737806: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:24:57.737817: | spent 0.345 milliseconds in whack Sep 21 07:24:58.255297: | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:58.255319: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:24:58.255322: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.255325: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:24:58.255327: | 39 f7 bf dd 3d b8 1a 73 26 7c d5 ba 3b 86 ec f3 Sep 21 07:24:58.255329: | 14 89 d7 f6 dd 59 4f a7 a0 46 88 81 83 af f1 a7 Sep 21 07:24:58.255331: | bd ed 3a 03 fe Sep 21 07:24:58.255335: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:24:58.255339: | **parse ISAKMP Message: Sep 21 07:24:58.255342: | initiator cookie: Sep 21 07:24:58.255344: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:58.255346: | responder cookie: Sep 21 07:24:58.255348: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.255351: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:24:58.255353: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.255356: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:24:58.255359: | flags: none (0x0) Sep 21 07:24:58.255361: | Message ID: 0 (0x0) Sep 21 07:24:58.255364: | length: 69 (0x45) Sep 21 07:24:58.255367: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:24:58.255371: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:24:58.255375: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:24:58.255381: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:24:58.255385: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:24:58.255389: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:24:58.255392: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:24:58.255397: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:24:58.255399: | unpacking clear payload Sep 21 07:24:58.255402: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:24:58.255405: | ***parse IKEv2 Encryption Payload: Sep 21 07:24:58.255407: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:24:58.255410: | flags: none (0x0) Sep 21 07:24:58.255412: | length: 41 (0x29) Sep 21 07:24:58.255415: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:24:58.255419: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:24:58.255422: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:24:58.255437: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:24:58.255441: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:24:58.255446: | **parse IKEv2 Delete Payload: Sep 21 07:24:58.255449: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.255451: | flags: none (0x0) Sep 21 07:24:58.255453: | length: 12 (0xc) Sep 21 07:24:58.255456: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:24:58.255458: | SPI size: 4 (0x4) Sep 21 07:24:58.255461: | number of SPIs: 1 (0x1) Sep 21 07:24:58.255463: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:24:58.255466: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:24:58.255468: | Now let's proceed with state specific processing Sep 21 07:24:58.255470: | calling processor I3: INFORMATIONAL Request Sep 21 07:24:58.255474: | an informational request should send a response Sep 21 07:24:58.255480: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:24:58.255483: | **emit ISAKMP Message: Sep 21 07:24:58.255486: | initiator cookie: Sep 21 07:24:58.255488: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:58.255490: | responder cookie: Sep 21 07:24:58.255492: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.255494: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:58.255497: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.255499: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:24:58.255502: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:24:58.255504: | Message ID: 0 (0x0) Sep 21 07:24:58.255507: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:58.255509: | ***emit IKEv2 Encryption Payload: Sep 21 07:24:58.255511: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.255513: | flags: none (0x0) Sep 21 07:24:58.255516: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:24:58.255518: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:24:58.255521: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:24:58.255527: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:24:58.255529: | SPI ed f6 9d dd Sep 21 07:24:58.255532: | delete PROTO_v2_ESP SA(0xedf69ddd) Sep 21 07:24:58.255535: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:24:58.255537: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:24:58.255540: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xedf69ddd) Sep 21 07:24:58.255543: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:24:58.255545: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:24:58.255549: | libevent_free: release ptr-libevent@0x55ac141fc2c0 Sep 21 07:24:58.255551: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ac141fc1e0 Sep 21 07:24:58.255554: | event_schedule: new EVENT_SA_REPLACE-pe@0x55ac141fc1e0 Sep 21 07:24:58.255557: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:24:58.255561: | libevent_malloc: new ptr-libevent@0x55ac141fc2c0 size 128 Sep 21 07:24:58.255564: | ****emit IKEv2 Delete Payload: Sep 21 07:24:58.255567: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.255569: | flags: none (0x0) Sep 21 07:24:58.255572: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:24:58.255574: | SPI size: 4 (0x4) Sep 21 07:24:58.255576: | number of SPIs: 1 (0x1) Sep 21 07:24:58.255579: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:24:58.255581: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:24:58.255584: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:24:58.255586: | local SPIs e4 41 f1 8e Sep 21 07:24:58.255588: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:24:58.255592: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:24:58.255595: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:24:58.255598: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:24:58.255600: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:24:58.255602: | emitting length of ISAKMP Message: 69 Sep 21 07:24:58.255619: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:24:58.255622: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.255624: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:24:58.255626: | 8e ae 87 20 7a 02 eb a8 5d 54 fa 06 e9 2a 0f 7a Sep 21 07:24:58.255628: | 80 70 f6 ae ce 60 84 50 06 89 82 21 ed 6a 4e 00 Sep 21 07:24:58.255630: | e3 1c 1b 9a 2b Sep 21 07:24:58.255655: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:24:58.255661: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:24:58.255667: | #1 spent 0.181 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:24:58.255672: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:58.255676: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:24:58.255678: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:24:58.255683: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:24:58.255687: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:24:58.255689: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:24:58.255694: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:24:58.255699: | #1 spent 0.379 milliseconds in ikev2_process_packet() Sep 21 07:24:58.255703: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:24:58.255706: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:58.255708: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:58.255712: | spent 0.393 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:58.255719: | timer_event_cb: processing event@0x55ac141fc1e0 Sep 21 07:24:58.255722: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:24:58.255727: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:24:58.255730: | picked newest_ipsec_sa #2 for #2 Sep 21 07:24:58.255733: | replacing stale CHILD SA Sep 21 07:24:58.255736: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:24:58.255738: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:24:58.255742: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:24:58.255745: | creating state object #3 at 0x55ac142036f0 Sep 21 07:24:58.255748: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:24:58.255754: | pstats #3 ikev2.child started Sep 21 07:24:58.255757: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Sep 21 07:24:58.255762: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:24:58.255767: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:24:58.255774: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:24:58.255779: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:24:58.255786: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:24:58.255793: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:24:58.255796: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Sep 21 07:24:58.255803: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:24:58.255810: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:24:58.255813: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:24:58.255816: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:24:58.255820: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:24:58.255824: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:24:58.255827: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:24:58.255831: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:24:58.255839: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:24:58.255845: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:24:58.255848: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f58b4002b20 Sep 21 07:24:58.255852: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:24:58.255855: | libevent_malloc: new ptr-libevent@0x55ac141feab0 size 128 Sep 21 07:24:58.255860: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:24:58.255863: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ac141fc700 Sep 21 07:24:58.255866: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:24:58.255869: | libevent_malloc: new ptr-libevent@0x55ac141fe6b0 size 128 Sep 21 07:24:58.255872: | libevent_free: release ptr-libevent@0x55ac141fc2c0 Sep 21 07:24:58.255875: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ac141fc1e0 Sep 21 07:24:58.255880: | #2 spent 0.157 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:24:58.255883: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:24:58.255888: | timer_event_cb: processing event@0x7f58b4002b20 Sep 21 07:24:58.255891: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:24:58.255896: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:24:58.255901: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:24:58.255904: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ac141fc1e0 Sep 21 07:24:58.255907: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:24:58.255910: | libevent_malloc: new ptr-libevent@0x55ac141fc2c0 size 128 Sep 21 07:24:58.255918: | libevent_free: release ptr-libevent@0x55ac141feab0 Sep 21 07:24:58.255926: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f58b4002b20 Sep 21 07:24:58.255931: | #3 spent 0.0418 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:24:58.255936: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:24:58.255940: | timer_event_cb: processing event@0x55ac141fc700 Sep 21 07:24:58.255942: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:24:58.255947: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:24:58.255950: | picked newest_ipsec_sa #2 for #2 Sep 21 07:24:58.255952: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:24:58.255955: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:24:58.255958: | pstats #2 ikev2.child deleted completed Sep 21 07:24:58.255961: | #2 spent 1.93 milliseconds in total Sep 21 07:24:58.255965: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:24:58.255969: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 3.558s and NOT sending notification Sep 21 07:24:58.255972: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:24:58.255976: | get_sa_info esp.edf69ddd@192.1.2.23 Sep 21 07:24:58.255983: | crypto helper 0 resuming Sep 21 07:24:58.255999: | crypto helper 0 starting work-order 3 for state #3 Sep 21 07:24:58.256004: | crypto helper 0 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:24:58.255990: | get_sa_info esp.e441f18e@192.1.2.45 Sep 21 07:24:58.256136: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Sep 21 07:24:58.256141: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:24:58.256321: | running updown command "ipsec _updown" for verb down Sep 21 07:24:58.256328: | command executing down-client Sep 21 07:24:58.256355: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050694' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Sep 21 07:24:58.256359: | popen cmd is 1060 chars long Sep 21 07:24:58.256363: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:24:58.256365: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Sep 21 07:24:58.256368: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Sep 21 07:24:58.256371: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Sep 21 07:24:58.256373: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Sep 21 07:24:58.256376: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:24:58.256378: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:24:58.256381: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050694' PLUTO_CO: Sep 21 07:24:58.256386: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Sep 21 07:24:58.256389: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Sep 21 07:24:58.256391: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Sep 21 07:24:58.256394: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Sep 21 07:24:58.256396: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedf69ddd SPI_OUT=0xe441f18: Sep 21 07:24:58.256399: | cmd(1040):e ipsec _updown 2>&1: Sep 21 07:24:58.256990: | crypto helper 0 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000985 seconds Sep 21 07:24:58.257002: | (#3) spent 0.993 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:24:58.257005: | crypto helper 0 sending results from work-order 3 for state #3 to event queue Sep 21 07:24:58.257008: | scheduling resume sending helper answer for #3 Sep 21 07:24:58.257012: | libevent_malloc: new ptr-libevent@0x7f58b0006900 size 128 Sep 21 07:24:58.257017: | crypto helper 0 waiting (nothing to do) Sep 21 07:24:58.283155: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:24:58.283176: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:24:58.283180: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.283184: | IPsec Sa SPD priority set to 1042407 Sep 21 07:24:58.283233: | delete esp.edf69ddd@192.1.2.23 Sep 21 07:24:58.283265: | netlink response for Del SA esp.edf69ddd@192.1.2.23 included non-error error Sep 21 07:24:58.283269: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.283277: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:24:58.283319: | raw_eroute result=success Sep 21 07:24:58.283323: | delete esp.e441f18e@192.1.2.45 Sep 21 07:24:58.283344: | netlink response for Del SA esp.e441f18e@192.1.2.45 included non-error error Sep 21 07:24:58.283350: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:58.283353: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:24:58.283357: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:24:58.283364: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:24:58.283371: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:24:58.283373: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:24:58.283379: | libevent_free: release ptr-libevent@0x55ac141fe6b0 Sep 21 07:24:58.283382: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ac141fc700 Sep 21 07:24:58.283385: | in statetime_stop() and could not find #2 Sep 21 07:24:58.283388: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:24:58.283406: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:24:58.283418: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:24:58.283421: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.283424: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:24:58.283426: | 68 15 66 e9 3e d4 ad ff f9 2c b7 c6 5d 70 eb 39 Sep 21 07:24:58.283428: | 30 57 ed 1a 73 51 63 3e 1f 90 30 bf 5e 9e 5e ee Sep 21 07:24:58.283430: | 55 Sep 21 07:24:58.283435: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:24:58.283438: | **parse ISAKMP Message: Sep 21 07:24:58.283441: | initiator cookie: Sep 21 07:24:58.283443: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:58.283445: | responder cookie: Sep 21 07:24:58.283451: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.283454: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:24:58.283457: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.283459: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:24:58.283462: | flags: none (0x0) Sep 21 07:24:58.283464: | Message ID: 1 (0x1) Sep 21 07:24:58.283467: | length: 65 (0x41) Sep 21 07:24:58.283470: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:24:58.283473: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:24:58.283476: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:24:58.283482: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:24:58.283485: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:24:58.283490: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:24:58.283493: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:24:58.283497: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:24:58.283499: | unpacking clear payload Sep 21 07:24:58.283502: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:24:58.283505: | ***parse IKEv2 Encryption Payload: Sep 21 07:24:58.283507: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:24:58.283510: | flags: none (0x0) Sep 21 07:24:58.283512: | length: 37 (0x25) Sep 21 07:24:58.283515: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:24:58.283519: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:24:58.283522: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:24:58.283539: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:24:58.283542: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:24:58.283545: | **parse IKEv2 Delete Payload: Sep 21 07:24:58.283547: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.283550: | flags: none (0x0) Sep 21 07:24:58.283552: | length: 8 (0x8) Sep 21 07:24:58.283555: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:24:58.283557: | SPI size: 0 (0x0) Sep 21 07:24:58.283559: | number of SPIs: 0 (0x0) Sep 21 07:24:58.283562: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:24:58.283564: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:24:58.283567: | Now let's proceed with state specific processing Sep 21 07:24:58.283569: | calling processor I3: INFORMATIONAL Request Sep 21 07:24:58.283572: | an informational request should send a response Sep 21 07:24:58.283577: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:24:58.283580: | **emit ISAKMP Message: Sep 21 07:24:58.283583: | initiator cookie: Sep 21 07:24:58.283585: | 62 24 df fc e3 88 ff a3 Sep 21 07:24:58.283587: | responder cookie: Sep 21 07:24:58.283590: | 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.283592: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:58.283595: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.283597: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:24:58.283600: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:24:58.283602: | Message ID: 1 (0x1) Sep 21 07:24:58.283605: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:58.283608: | ***emit IKEv2 Encryption Payload: Sep 21 07:24:58.283611: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.283613: | flags: none (0x0) Sep 21 07:24:58.283616: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:24:58.283621: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:24:58.283624: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:24:58.283634: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:24:58.283637: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:24:58.283640: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:24:58.283643: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:24:58.283645: | emitting length of ISAKMP Message: 57 Sep 21 07:24:58.283658: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:24:58.283661: | 62 24 df fc e3 88 ff a3 6c c4 30 f1 76 af 94 25 Sep 21 07:24:58.283664: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:24:58.283666: | 54 e8 ef e5 e2 38 3b 4d 5b 45 96 3f 8e f0 7c ac Sep 21 07:24:58.283668: | 44 9e c2 9a e5 1a e4 23 26 Sep 21 07:24:58.283708: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:24:58.283714: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:24:58.283718: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:24:58.283721: | pstats #3 ikev2.child deleted other Sep 21 07:24:58.283724: | #3 spent 0.0418 milliseconds in total Sep 21 07:24:58.283729: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:24:58.283734: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:24:58.283738: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.027s and NOT sending notification Sep 21 07:24:58.283741: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:24:58.283744: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:24:58.283747: | libevent_free: release ptr-libevent@0x55ac141fc2c0 Sep 21 07:24:58.283750: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ac141fc1e0 Sep 21 07:24:58.283754: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:58.283761: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:24:58.283772: | raw_eroute result=success Sep 21 07:24:58.283775: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:58.283778: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:24:58.283781: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:24:58.283801: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:24:58.283807: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:24:58.283810: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:24:58.283813: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:24:58.283816: | pstats #1 ikev2.ike deleted completed Sep 21 07:24:58.283819: | #1 spent 6.56 milliseconds in total Sep 21 07:24:58.283824: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:24:58.283827: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 3.592s and NOT sending notification Sep 21 07:24:58.283830: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:24:58.283891: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:24:58.283895: | libevent_free: release ptr-libevent@0x55ac141fc4a0 Sep 21 07:24:58.283898: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ac141fc460 Sep 21 07:24:58.283901: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:24:58.283903: | picked newest_isakmp_sa #0 for #1 Sep 21 07:24:58.283906: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:24:58.283909: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Sep 21 07:24:58.283912: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:24:58.283917: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:58.283919: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:24:58.283922: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:24:58.283940: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:24:58.283953: | in statetime_stop() and could not find #1 Sep 21 07:24:58.283956: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:58.283961: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:24:58.283963: | STF_OK but no state object remains Sep 21 07:24:58.283966: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:24:58.283968: | in statetime_stop() and could not find #1 Sep 21 07:24:58.283972: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:24:58.283975: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:24:58.283978: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:24:58.283983: | spent 0.543 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:24:58.283990: | processing resume sending helper answer for #3 Sep 21 07:24:58.283994: | crypto helper 0 replies to request ID 3 Sep 21 07:24:58.283996: | calling continuation function 0x55ac12d43630 Sep 21 07:24:58.283999: | work-order 3 state #3 crypto result suppressed Sep 21 07:24:58.284010: | (#3) spent 0.0151 milliseconds in resume sending helper answer Sep 21 07:24:58.284013: | libevent_free: release ptr-libevent@0x7f58b0006900 Sep 21 07:24:58.284016: | processing signal PLUTO_SIGCHLD Sep 21 07:24:58.284021: | waitpid returned ECHILD (no child processes left) Sep 21 07:24:58.284024: | spent 0.00509 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:24:58.284029: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:24:58.284032: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Sep 21 07:24:58.284035: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:24:58.284039: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:24:58.284042: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:24:58.284045: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:24:58.284048: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:24:58.284053: | creating state object #4 at 0x55ac142036f0 Sep 21 07:24:58.284056: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:24:58.284062: | pstats #4 ikev2.ike started Sep 21 07:24:58.284065: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:24:58.284068: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:24:58.284073: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:24:58.284079: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:24:58.284085: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:24:58.284088: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:24:58.284093: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:24:58.284096: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Sep 21 07:24:58.284113: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:58.284118: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:24:58.284121: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f58b0002b20 Sep 21 07:24:58.284125: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:24:58.284128: | libevent_malloc: new ptr-libevent@0x7f58b0006900 size 128 Sep 21 07:24:58.284140: | #4 spent 0.0997 milliseconds in ikev2_parent_outI1() Sep 21 07:24:58.284145: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:24:58.284145: | crypto helper 6 resuming Sep 21 07:24:58.284148: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:24:58.284166: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:24:58.284171: | spent 0.133 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:24:58.284158: | crypto helper 6 starting work-order 4 for state #4 Sep 21 07:24:58.284181: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:24:58.285088: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000905 seconds Sep 21 07:24:58.285100: | (#4) spent 0.915 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:24:58.285105: | crypto helper 6 sending results from work-order 4 for state #4 to event queue Sep 21 07:24:58.285108: | scheduling resume sending helper answer for #4 Sep 21 07:24:58.285111: | libevent_malloc: new ptr-libevent@0x7f58a4006900 size 128 Sep 21 07:24:58.285119: | crypto helper 6 waiting (nothing to do) Sep 21 07:24:58.285130: | processing resume sending helper answer for #4 Sep 21 07:24:58.285137: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:24:58.285141: | crypto helper 6 replies to request ID 4 Sep 21 07:24:58.285144: | calling continuation function 0x55ac12d43630 Sep 21 07:24:58.285146: | ikev2_parent_outI1_continue for #4 Sep 21 07:24:58.285152: | **emit ISAKMP Message: Sep 21 07:24:58.285155: | initiator cookie: Sep 21 07:24:58.285157: | 94 f5 50 ba 54 73 ca a1 Sep 21 07:24:58.285159: | responder cookie: Sep 21 07:24:58.285161: | 00 00 00 00 00 00 00 00 Sep 21 07:24:58.285164: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:24:58.285167: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:24:58.285170: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:24:58.285173: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:24:58.285175: | Message ID: 0 (0x0) Sep 21 07:24:58.285178: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:24:58.285198: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:24:58.285201: | Emitting ikev2_proposals ... Sep 21 07:24:58.285204: | ***emit IKEv2 Security Association Payload: Sep 21 07:24:58.285206: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.285209: | flags: none (0x0) Sep 21 07:24:58.285212: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:24:58.285216: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:24:58.285218: | discarding INTEG=NONE Sep 21 07:24:58.285221: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:58.285223: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:58.285226: | prop #: 1 (0x1) Sep 21 07:24:58.285228: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:58.285231: | spi size: 0 (0x0) Sep 21 07:24:58.285233: | # transforms: 11 (0xb) Sep 21 07:24:58.285236: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:58.285239: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285244: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:58.285247: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:58.285249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285253: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:58.285256: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:58.285259: | length/value: 256 (0x100) Sep 21 07:24:58.285261: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:58.285264: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285269: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285271: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:58.285274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285280: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285283: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285288: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285290: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:58.285292: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285296: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285298: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285302: | discarding INTEG=NONE Sep 21 07:24:58.285305: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285309: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285312: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:58.285315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285321: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285323: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285327: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285330: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:58.285333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285338: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285341: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285346: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285348: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:58.285351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285359: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285363: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285365: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:58.285368: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285373: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285376: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285378: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285380: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285383: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:58.285386: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285388: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285391: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285393: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285395: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285398: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285400: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:58.285403: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285410: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285412: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285419: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:58.285422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285427: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285430: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285432: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:58.285435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285437: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:58.285440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285446: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285448: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:24:58.285451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:58.285453: | discarding INTEG=NONE Sep 21 07:24:58.285455: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:58.285458: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:58.285460: | prop #: 2 (0x2) Sep 21 07:24:58.285463: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:58.285465: | spi size: 0 (0x0) Sep 21 07:24:58.285468: | # transforms: 11 (0xb) Sep 21 07:24:58.285471: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:58.285474: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:58.285476: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285481: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:58.285483: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:24:58.285486: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285488: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:58.285491: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:58.285493: | length/value: 128 (0x80) Sep 21 07:24:58.285496: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:58.285498: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285503: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285506: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:58.285509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285511: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285514: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285516: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285522: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285525: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:58.285528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285535: | discarding INTEG=NONE Sep 21 07:24:58.285537: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285543: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:58.285546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285552: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285554: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285558: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285561: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:58.285563: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285569: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285571: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285578: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:58.285581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285586: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285588: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285594: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:58.285597: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285602: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285605: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285611: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:58.285614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285617: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285621: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285623: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285630: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:58.285633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285638: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285640: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285643: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285647: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:58.285651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285656: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285658: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285660: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:58.285663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285665: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:58.285667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285672: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285674: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:24:58.285677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:58.285680: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:58.285682: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:58.285684: | prop #: 3 (0x3) Sep 21 07:24:58.285686: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:58.285689: | spi size: 0 (0x0) Sep 21 07:24:58.285691: | # transforms: 13 (0xd) Sep 21 07:24:58.285694: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:58.285697: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:58.285700: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285705: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:58.285707: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:58.285710: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285712: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:58.285715: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:58.285717: | length/value: 256 (0x100) Sep 21 07:24:58.285719: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:58.285721: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285723: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285726: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285728: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:58.285731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285736: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285738: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285743: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285745: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:58.285748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285751: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285753: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285755: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285760: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:58.285762: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:58.285764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285770: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285772: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285776: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:58.285779: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:58.285781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285787: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285792: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285795: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285797: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285799: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285801: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:58.285804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285809: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285811: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285818: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:58.285821: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285830: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285833: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285840: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:58.285842: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285846: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285852: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285854: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:58.285856: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285861: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285863: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285869: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:58.285871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285875: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285877: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285879: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285881: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285883: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:58.285886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285890: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285892: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285894: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285896: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285898: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:58.285900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285903: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285905: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285908: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285910: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:58.285913: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.285915: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:58.285918: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285922: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285924: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285927: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:24:58.285930: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:58.285933: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:24:58.285936: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:24:58.285938: | prop #: 4 (0x4) Sep 21 07:24:58.285940: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:24:58.285943: | spi size: 0 (0x0) Sep 21 07:24:58.285945: | # transforms: 13 (0xd) Sep 21 07:24:58.285948: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:24:58.285951: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:24:58.285954: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285960: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:24:58.285962: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:24:58.285965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285968: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:24:58.285971: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:24:58.285973: | length/value: 128 (0x80) Sep 21 07:24:58.285976: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:24:58.285978: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.285981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285983: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.285986: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:24:58.285989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.285992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.285995: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.285997: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286002: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:24:58.286005: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:24:58.286008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286014: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286017: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286019: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286022: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:58.286025: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:24:58.286028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286033: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286036: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286043: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:24:58.286045: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:24:58.286049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286054: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286057: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286064: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:58.286067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286073: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286076: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286081: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286083: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:24:58.286086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286092: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286095: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286102: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:24:58.286106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286113: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286119: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286121: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:24:58.286124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286130: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286133: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286140: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:24:58.286144: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286151: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286154: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286159: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286161: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:24:58.286164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286167: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286170: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286172: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286175: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286180: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:24:58.286183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286189: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286192: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:24:58.286194: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:24:58.286196: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:24:58.286199: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:24:58.286202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:24:58.286205: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:24:58.286208: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:24:58.286211: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:24:58.286214: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:24:58.286217: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:24:58.286219: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:24:58.286222: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:24:58.286225: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.286228: | flags: none (0x0) Sep 21 07:24:58.286230: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:24:58.286234: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:24:58.286237: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:24:58.286241: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:24:58.286244: | ikev2 g^x 8d de 40 86 c2 99 ce 5a ba 87 46 e5 35 c4 d1 1b Sep 21 07:24:58.286246: | ikev2 g^x 5d 2e 6a a3 84 39 9d f3 f5 e4 6d 5a 0c 79 6b ad Sep 21 07:24:58.286248: | ikev2 g^x 49 ee 75 65 1f 23 e8 e3 60 0a a3 47 47 00 26 71 Sep 21 07:24:58.286251: | ikev2 g^x 4e ff 95 d1 34 db ee 72 a2 2b c2 9c 7d 8c 52 6a Sep 21 07:24:58.286253: | ikev2 g^x 2e 0b 31 66 03 28 4c 23 bf fc 10 75 06 ff 36 ad Sep 21 07:24:58.286256: | ikev2 g^x 04 e2 b2 75 c6 d9 e5 d3 f9 dd 6c 35 0d 4c 20 d6 Sep 21 07:24:58.286258: | ikev2 g^x d1 22 eb d9 30 e6 23 34 53 94 7c 97 bd 3c d0 5f Sep 21 07:24:58.286260: | ikev2 g^x ae bd f4 20 af 2d 9e 5c d8 6d 39 5b 6a 7e 67 14 Sep 21 07:24:58.286265: | ikev2 g^x 17 16 69 5c 48 b8 63 bc 1c 6d 27 97 39 54 67 ed Sep 21 07:24:58.286456: | ikev2 g^x 0b 75 53 b8 cc cf 9b df 99 0c 86 e2 3f 5a 02 e3 Sep 21 07:24:58.286463: | ikev2 g^x f9 08 2f 57 e4 8f 2e b2 9e e7 12 d2 17 82 b5 d8 Sep 21 07:24:58.286465: | ikev2 g^x a6 fd 1c d0 46 f2 bb 3b 32 23 17 98 05 6d 55 72 Sep 21 07:24:58.286467: | ikev2 g^x d0 fa df 57 a7 42 01 22 f1 46 f8 9d 11 09 a8 80 Sep 21 07:24:58.286470: | ikev2 g^x 5d 49 02 a7 cf 36 85 a9 f9 be 58 6e 63 a0 69 82 Sep 21 07:24:58.286472: | ikev2 g^x 75 34 77 8e 80 da 78 01 e8 12 61 fe 13 c5 8e bb Sep 21 07:24:58.286474: | ikev2 g^x 63 cf b6 ca f2 e2 53 0a b3 f6 b9 16 c2 28 9b d7 Sep 21 07:24:58.286477: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:24:58.286480: | ***emit IKEv2 Nonce Payload: Sep 21 07:24:58.286483: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:24:58.286486: | flags: none (0x0) Sep 21 07:24:58.286489: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:24:58.286493: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:24:58.286496: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:24:58.286499: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:24:58.286502: | IKEv2 nonce b7 de e5 16 48 6d 2e d8 de f7 3a aa fe 37 3d 20 Sep 21 07:24:58.286504: | IKEv2 nonce 5b f0 5e 01 16 2d 84 f5 65 c4 0f b8 8e 09 c1 f9 Sep 21 07:24:58.286506: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:24:58.286509: | Adding a v2N Payload Sep 21 07:24:58.286511: | ***emit IKEv2 Notify Payload: Sep 21 07:24:58.286514: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.286516: | flags: none (0x0) Sep 21 07:24:58.286518: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:58.286520: | SPI size: 0 (0x0) Sep 21 07:24:58.286523: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:24:58.286526: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:58.286528: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:58.286531: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:24:58.286534: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:24:58.286536: | natd_hash: rcookie is zero Sep 21 07:24:58.286547: | natd_hash: hasher=0x55ac12e197a0(20) Sep 21 07:24:58.286550: | natd_hash: icookie= 94 f5 50 ba 54 73 ca a1 Sep 21 07:24:58.286553: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:24:58.286555: | natd_hash: ip= c0 01 02 2d Sep 21 07:24:58.286557: | natd_hash: port= 01 f4 Sep 21 07:24:58.286559: | natd_hash: hash= f7 6c ce 7f fa a4 48 bc 7d 2e 1e 59 9f d5 4f b3 Sep 21 07:24:58.286561: | natd_hash: hash= 31 ce 32 b3 Sep 21 07:24:58.286564: | Adding a v2N Payload Sep 21 07:24:58.286566: | ***emit IKEv2 Notify Payload: Sep 21 07:24:58.286568: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.286570: | flags: none (0x0) Sep 21 07:24:58.286572: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:58.286574: | SPI size: 0 (0x0) Sep 21 07:24:58.286576: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:24:58.286579: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:58.286581: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:58.286584: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:24:58.286586: | Notify data f7 6c ce 7f fa a4 48 bc 7d 2e 1e 59 9f d5 4f b3 Sep 21 07:24:58.286588: | Notify data 31 ce 32 b3 Sep 21 07:24:58.286591: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:24:58.286595: | natd_hash: rcookie is zero Sep 21 07:24:58.286601: | natd_hash: hasher=0x55ac12e197a0(20) Sep 21 07:24:58.286604: | natd_hash: icookie= 94 f5 50 ba 54 73 ca a1 Sep 21 07:24:58.286606: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:24:58.286607: | natd_hash: ip= c0 01 02 17 Sep 21 07:24:58.286610: | natd_hash: port= 01 f4 Sep 21 07:24:58.286612: | natd_hash: hash= 30 b3 78 4d c1 80 26 da 27 84 ff cb a1 e2 d0 97 Sep 21 07:24:58.286614: | natd_hash: hash= 02 82 2d 6b Sep 21 07:24:58.286615: | Adding a v2N Payload Sep 21 07:24:58.286617: | ***emit IKEv2 Notify Payload: Sep 21 07:24:58.286619: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:24:58.286621: | flags: none (0x0) Sep 21 07:24:58.286623: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:24:58.286625: | SPI size: 0 (0x0) Sep 21 07:24:58.286628: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:24:58.286631: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:24:58.286633: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:24:58.286636: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:24:58.286639: | Notify data 30 b3 78 4d c1 80 26 da 27 84 ff cb a1 e2 d0 97 Sep 21 07:24:58.286641: | Notify data 02 82 2d 6b Sep 21 07:24:58.286643: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:24:58.286645: | emitting length of ISAKMP Message: 828 Sep 21 07:24:58.286652: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:24:58.286659: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:24:58.286662: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:24:58.286665: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:24:58.286668: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:24:58.286671: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:24:58.286674: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:24:58.286679: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:24:58.286682: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:24:58.286686: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:24:58.286692: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:24:58.286695: | 94 f5 50 ba 54 73 ca a1 00 00 00 00 00 00 00 00 Sep 21 07:24:58.286698: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:24:58.286700: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:24:58.286702: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:24:58.286704: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:24:58.286706: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:24:58.286708: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:24:58.286711: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:24:58.286713: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:24:58.286715: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:24:58.286717: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:24:58.286719: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:24:58.286722: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:24:58.286724: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:24:58.286726: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:24:58.286728: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:24:58.286732: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:24:58.286735: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:24:58.286737: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:24:58.286739: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:24:58.286741: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:24:58.286744: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:24:58.286746: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:24:58.286748: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:24:58.286750: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:24:58.286753: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:24:58.286755: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:24:58.286757: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:24:58.286759: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:24:58.286761: | 28 00 01 08 00 0e 00 00 8d de 40 86 c2 99 ce 5a Sep 21 07:24:58.286764: | ba 87 46 e5 35 c4 d1 1b 5d 2e 6a a3 84 39 9d f3 Sep 21 07:24:58.286766: | f5 e4 6d 5a 0c 79 6b ad 49 ee 75 65 1f 23 e8 e3 Sep 21 07:24:58.286769: | 60 0a a3 47 47 00 26 71 4e ff 95 d1 34 db ee 72 Sep 21 07:24:58.286771: | a2 2b c2 9c 7d 8c 52 6a 2e 0b 31 66 03 28 4c 23 Sep 21 07:24:58.286773: | bf fc 10 75 06 ff 36 ad 04 e2 b2 75 c6 d9 e5 d3 Sep 21 07:24:58.286776: | f9 dd 6c 35 0d 4c 20 d6 d1 22 eb d9 30 e6 23 34 Sep 21 07:24:58.286778: | 53 94 7c 97 bd 3c d0 5f ae bd f4 20 af 2d 9e 5c Sep 21 07:24:58.286780: | d8 6d 39 5b 6a 7e 67 14 17 16 69 5c 48 b8 63 bc Sep 21 07:24:58.286782: | 1c 6d 27 97 39 54 67 ed 0b 75 53 b8 cc cf 9b df Sep 21 07:24:58.286866: | 99 0c 86 e2 3f 5a 02 e3 f9 08 2f 57 e4 8f 2e b2 Sep 21 07:24:58.286869: | 9e e7 12 d2 17 82 b5 d8 a6 fd 1c d0 46 f2 bb 3b Sep 21 07:24:58.286871: | 32 23 17 98 05 6d 55 72 d0 fa df 57 a7 42 01 22 Sep 21 07:24:58.286873: | f1 46 f8 9d 11 09 a8 80 5d 49 02 a7 cf 36 85 a9 Sep 21 07:24:58.286876: | f9 be 58 6e 63 a0 69 82 75 34 77 8e 80 da 78 01 Sep 21 07:24:58.286878: | e8 12 61 fe 13 c5 8e bb 63 cf b6 ca f2 e2 53 0a Sep 21 07:24:58.286880: | b3 f6 b9 16 c2 28 9b d7 29 00 00 24 b7 de e5 16 Sep 21 07:24:58.286882: | 48 6d 2e d8 de f7 3a aa fe 37 3d 20 5b f0 5e 01 Sep 21 07:24:58.286884: | 16 2d 84 f5 65 c4 0f b8 8e 09 c1 f9 29 00 00 08 Sep 21 07:24:58.286886: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f7 6c ce 7f Sep 21 07:24:58.286888: | fa a4 48 bc 7d 2e 1e 59 9f d5 4f b3 31 ce 32 b3 Sep 21 07:24:58.286890: | 00 00 00 1c 00 00 40 05 30 b3 78 4d c1 80 26 da Sep 21 07:24:58.286892: | 27 84 ff cb a1 e2 d0 97 02 82 2d 6b Sep 21 07:24:58.286932: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:24:58.286938: | libevent_free: release ptr-libevent@0x7f58b0006900 Sep 21 07:24:58.286941: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f58b0002b20 Sep 21 07:24:58.286943: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:24:58.286947: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f58b0002b20 Sep 21 07:24:58.286951: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:24:58.286954: | libevent_malloc: new ptr-libevent@0x7f58b0006900 size 128 Sep 21 07:24:58.286959: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49344.655211 Sep 21 07:24:58.286963: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:24:58.286969: | #4 spent 1.56 milliseconds in resume sending helper answer Sep 21 07:24:58.286975: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:24:58.286978: | libevent_free: release ptr-libevent@0x7f58a4006900 Sep 21 07:24:58.787503: | timer_event_cb: processing event@0x7f58b0002b20 Sep 21 07:24:58.787520: | handling event EVENT_RETRANSMIT for parent state #4 Sep 21 07:24:58.787531: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:24:58.787536: | IKEv2 retransmit event Sep 21 07:24:58.787542: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:24:58.787549: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 attempt 2 of 0 Sep 21 07:24:58.787554: | and parent for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 keying attempt 1 of 0; retransmit 1 Sep 21 07:24:58.787562: | retransmits: current time 49345.155822; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500611 exceeds limit? NO Sep 21 07:24:58.787567: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f58a4002b20 Sep 21 07:24:58.787571: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:24:58.787576: | libevent_malloc: new ptr-libevent@0x7f58a4006900 size 128 Sep 21 07:24:58.787582: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:24:58.787590: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:24:58.787595: | 94 f5 50 ba 54 73 ca a1 00 00 00 00 00 00 00 00 Sep 21 07:24:58.787598: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:24:58.787601: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:24:58.787604: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:24:58.787607: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:24:58.787610: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:24:58.787613: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:24:58.787616: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:24:58.787619: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:24:58.787621: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:24:58.787624: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:24:58.787627: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:24:58.787630: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:24:58.787633: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:24:58.787636: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:24:58.787640: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:24:58.787643: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:24:58.787645: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:24:58.787648: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:24:58.787651: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:24:58.787654: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:24:58.787657: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:24:58.787660: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:24:58.787663: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:24:58.787666: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:24:58.787669: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:24:58.787671: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:24:58.787674: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:24:58.787677: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:24:58.787680: | 28 00 01 08 00 0e 00 00 8d de 40 86 c2 99 ce 5a Sep 21 07:24:58.787682: | ba 87 46 e5 35 c4 d1 1b 5d 2e 6a a3 84 39 9d f3 Sep 21 07:24:58.787685: | f5 e4 6d 5a 0c 79 6b ad 49 ee 75 65 1f 23 e8 e3 Sep 21 07:24:58.787688: | 60 0a a3 47 47 00 26 71 4e ff 95 d1 34 db ee 72 Sep 21 07:24:58.787691: | a2 2b c2 9c 7d 8c 52 6a 2e 0b 31 66 03 28 4c 23 Sep 21 07:24:58.787698: | bf fc 10 75 06 ff 36 ad 04 e2 b2 75 c6 d9 e5 d3 Sep 21 07:24:58.787703: | f9 dd 6c 35 0d 4c 20 d6 d1 22 eb d9 30 e6 23 34 Sep 21 07:24:58.787707: | 53 94 7c 97 bd 3c d0 5f ae bd f4 20 af 2d 9e 5c Sep 21 07:24:58.787710: | d8 6d 39 5b 6a 7e 67 14 17 16 69 5c 48 b8 63 bc Sep 21 07:24:58.787712: | 1c 6d 27 97 39 54 67 ed 0b 75 53 b8 cc cf 9b df Sep 21 07:24:58.787715: | 99 0c 86 e2 3f 5a 02 e3 f9 08 2f 57 e4 8f 2e b2 Sep 21 07:24:58.787717: | 9e e7 12 d2 17 82 b5 d8 a6 fd 1c d0 46 f2 bb 3b Sep 21 07:24:58.787719: | 32 23 17 98 05 6d 55 72 d0 fa df 57 a7 42 01 22 Sep 21 07:24:58.787721: | f1 46 f8 9d 11 09 a8 80 5d 49 02 a7 cf 36 85 a9 Sep 21 07:24:58.787724: | f9 be 58 6e 63 a0 69 82 75 34 77 8e 80 da 78 01 Sep 21 07:24:58.787726: | e8 12 61 fe 13 c5 8e bb 63 cf b6 ca f2 e2 53 0a Sep 21 07:24:58.787728: | b3 f6 b9 16 c2 28 9b d7 29 00 00 24 b7 de e5 16 Sep 21 07:24:58.787731: | 48 6d 2e d8 de f7 3a aa fe 37 3d 20 5b f0 5e 01 Sep 21 07:24:58.787733: | 16 2d 84 f5 65 c4 0f b8 8e 09 c1 f9 29 00 00 08 Sep 21 07:24:58.787735: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f7 6c ce 7f Sep 21 07:24:58.787738: | fa a4 48 bc 7d 2e 1e 59 9f d5 4f b3 31 ce 32 b3 Sep 21 07:24:58.787740: | 00 00 00 1c 00 00 40 05 30 b3 78 4d c1 80 26 da Sep 21 07:24:58.787742: | 27 84 ff cb a1 e2 d0 97 02 82 2d 6b Sep 21 07:24:58.787770: | libevent_free: release ptr-libevent@0x7f58b0006900 Sep 21 07:24:58.787774: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f58b0002b20 Sep 21 07:24:58.787782: | #4 spent 0.274 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:24:58.787794: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:24:59.288324: | timer_event_cb: processing event@0x7f58a4002b20 Sep 21 07:24:59.288346: | handling event EVENT_RETRANSMIT for parent state #4 Sep 21 07:24:59.288359: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:24:59.288364: | IKEv2 retransmit event Sep 21 07:24:59.288371: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:24:59.288378: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 attempt 2 of 0 Sep 21 07:24:59.288383: | and parent for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 keying attempt 1 of 0; retransmit 2 Sep 21 07:24:59.288393: | retransmits: current time 49345.656652; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.001441 exceeds limit? NO Sep 21 07:24:59.288398: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f58b0002b20 Sep 21 07:24:59.288403: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Sep 21 07:24:59.288408: | libevent_malloc: new ptr-libevent@0x7f58b0006900 size 128 Sep 21 07:24:59.288415: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 1 seconds for response Sep 21 07:24:59.288425: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:24:59.288429: | 94 f5 50 ba 54 73 ca a1 00 00 00 00 00 00 00 00 Sep 21 07:24:59.288432: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:24:59.288435: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:24:59.288438: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:24:59.288441: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:24:59.288444: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:24:59.288447: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:24:59.288451: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:24:59.288454: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:24:59.288457: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:24:59.288466: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:24:59.288469: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:24:59.288473: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:24:59.288476: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:24:59.288479: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:24:59.288482: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:24:59.288485: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:24:59.288489: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:24:59.288492: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:24:59.288495: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:24:59.288498: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:24:59.288501: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:24:59.288504: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:24:59.288508: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:24:59.288511: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:24:59.288514: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:24:59.288517: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:24:59.288520: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:24:59.288523: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:24:59.288526: | 28 00 01 08 00 0e 00 00 8d de 40 86 c2 99 ce 5a Sep 21 07:24:59.288529: | ba 87 46 e5 35 c4 d1 1b 5d 2e 6a a3 84 39 9d f3 Sep 21 07:24:59.288533: | f5 e4 6d 5a 0c 79 6b ad 49 ee 75 65 1f 23 e8 e3 Sep 21 07:24:59.288536: | 60 0a a3 47 47 00 26 71 4e ff 95 d1 34 db ee 72 Sep 21 07:24:59.288539: | a2 2b c2 9c 7d 8c 52 6a 2e 0b 31 66 03 28 4c 23 Sep 21 07:24:59.288542: | bf fc 10 75 06 ff 36 ad 04 e2 b2 75 c6 d9 e5 d3 Sep 21 07:24:59.288545: | f9 dd 6c 35 0d 4c 20 d6 d1 22 eb d9 30 e6 23 34 Sep 21 07:24:59.288548: | 53 94 7c 97 bd 3c d0 5f ae bd f4 20 af 2d 9e 5c Sep 21 07:24:59.288551: | d8 6d 39 5b 6a 7e 67 14 17 16 69 5c 48 b8 63 bc Sep 21 07:24:59.288554: | 1c 6d 27 97 39 54 67 ed 0b 75 53 b8 cc cf 9b df Sep 21 07:24:59.288557: | 99 0c 86 e2 3f 5a 02 e3 f9 08 2f 57 e4 8f 2e b2 Sep 21 07:24:59.288561: | 9e e7 12 d2 17 82 b5 d8 a6 fd 1c d0 46 f2 bb 3b Sep 21 07:24:59.288564: | 32 23 17 98 05 6d 55 72 d0 fa df 57 a7 42 01 22 Sep 21 07:24:59.288567: | f1 46 f8 9d 11 09 a8 80 5d 49 02 a7 cf 36 85 a9 Sep 21 07:24:59.288570: | f9 be 58 6e 63 a0 69 82 75 34 77 8e 80 da 78 01 Sep 21 07:24:59.288573: | e8 12 61 fe 13 c5 8e bb 63 cf b6 ca f2 e2 53 0a Sep 21 07:24:59.288576: | b3 f6 b9 16 c2 28 9b d7 29 00 00 24 b7 de e5 16 Sep 21 07:24:59.288579: | 48 6d 2e d8 de f7 3a aa fe 37 3d 20 5b f0 5e 01 Sep 21 07:24:59.288582: | 16 2d 84 f5 65 c4 0f b8 8e 09 c1 f9 29 00 00 08 Sep 21 07:24:59.288586: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f7 6c ce 7f Sep 21 07:24:59.288589: | fa a4 48 bc 7d 2e 1e 59 9f d5 4f b3 31 ce 32 b3 Sep 21 07:24:59.288592: | 00 00 00 1c 00 00 40 05 30 b3 78 4d c1 80 26 da Sep 21 07:24:59.288595: | 27 84 ff cb a1 e2 d0 97 02 82 2d 6b Sep 21 07:24:59.288633: | libevent_free: release ptr-libevent@0x7f58a4006900 Sep 21 07:24:59.288638: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f58a4002b20 Sep 21 07:24:59.288648: | #4 spent 0.32 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:24:59.288656: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:24:59.499835: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:24:59.499858: shutting down Sep 21 07:24:59.499867: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:24:59.499871: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:24:59.499877: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:24:59.499884: forgetting secrets Sep 21 07:24:59.499888: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:24:59.499894: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:24:59.499897: | removing pending policy for no connection {0x55ac14189450} Sep 21 07:24:59.499900: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:24:59.499902: | pass 0 Sep 21 07:24:59.499905: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:59.499907: | state #4 Sep 21 07:24:59.499911: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:59.499917: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:24:59.499920: | pstats #4 ikev2.ike deleted other Sep 21 07:24:59.499925: | #4 spent 3.17 milliseconds in total Sep 21 07:24:59.499930: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:24:59.499935: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 1.215s and NOT sending notification Sep 21 07:24:59.499938: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:24:59.499941: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:24:59.499944: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:24:59.499948: | libevent_free: release ptr-libevent@0x7f58b0006900 Sep 21 07:24:59.499951: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f58b0002b20 Sep 21 07:24:59.499955: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:24:59.499958: | picked newest_isakmp_sa #0 for #4 Sep 21 07:24:59.499961: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:24:59.499965: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Sep 21 07:24:59.499968: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:24:59.499974: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:24:59.499977: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:24:59.499980: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:24:59.499983: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:24:59.499986: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:24:59.500008: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:24:59.500013: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:24:59.500015: | pass 1 Sep 21 07:24:59.500017: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:24:59.500024: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:24:59.500030: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:24:59.500034: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:59.500085: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:24:59.500098: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:24:59.500102: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:24:59.500105: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:24:59.500108: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Sep 21 07:24:59.500112: | running updown command "ipsec _updown" for verb unroute Sep 21 07:24:59.500117: | command executing unroute-client Sep 21 07:24:59.500148: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Sep 21 07:24:59.500152: | popen cmd is 1041 chars long Sep 21 07:24:59.500155: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:24:59.500158: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:24:59.500161: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:24:59.500163: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:24:59.500166: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Sep 21 07:24:59.500169: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Sep 21 07:24:59.500171: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Sep 21 07:24:59.500174: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Sep 21 07:24:59.500176: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Sep 21 07:24:59.500179: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:24:59.500182: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:24:59.500184: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:24:59.500187: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Sep 21 07:24:59.500189: | cmd(1040):1: Sep 21 07:24:59.516954: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517009: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517043: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517075: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517104: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517131: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517160: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517187: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517217: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517244: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517273: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517306: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517337: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517365: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517393: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517419: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517452: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517481: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517510: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517542: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517573: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517607: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517637: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517664: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517691: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517717: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517748: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517774: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517810: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517846: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517877: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517911: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517940: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517967: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.517994: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518021: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518358: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518780: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518829: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518864: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518900: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518930: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518960: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.518990: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519018: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519047: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519077: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519108: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519136: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519163: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519192: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519218: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519246: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519272: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519299: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519327: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519354: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519380: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519407: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519433: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519461: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519489: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519516: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519546: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519572: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519601: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519628: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519655: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519682: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519709: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519737: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519763: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519794: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519826: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519853: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519882: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519909: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519936: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519963: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.519990: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520019: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520045: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520072: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520098: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520125: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520153: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520180: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520206: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520233: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520259: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520289: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520316: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520342: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520368: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520394: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520422: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520449: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520475: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520501: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520527: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520556: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520828: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520864: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520891: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520918: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520947: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.520973: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521000: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521026: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521052: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521083: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521110: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521137: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521164: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521755: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.521797: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:24:59.563151: | free hp@0x55ac141c49c0 Sep 21 07:24:59.563168: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Sep 21 07:24:59.563172: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:24:59.563191: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:24:59.563194: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:24:59.563209: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:24:59.563213: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:24:59.563216: shutting down interface eth0/eth0 192.0.1.254:4500 Sep 21 07:24:59.563219: shutting down interface eth0/eth0 192.0.1.254:500 Sep 21 07:24:59.563222: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:24:59.563226: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:24:59.563418: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:24:59.563431: | libevent_free: release ptr-libevent@0x55ac141f8060 Sep 21 07:24:59.563434: | free_event_entry: release EVENT_NULL-pe@0x55ac141e1260 Sep 21 07:24:59.563444: | libevent_free: release ptr-libevent@0x55ac141f8150 Sep 21 07:24:59.563447: | free_event_entry: release EVENT_NULL-pe@0x55ac141f8110 Sep 21 07:24:59.563453: | libevent_free: release ptr-libevent@0x55ac141f8240 Sep 21 07:24:59.563456: | free_event_entry: release EVENT_NULL-pe@0x55ac141f8200 Sep 21 07:24:59.563462: | libevent_free: release ptr-libevent@0x55ac141f8330 Sep 21 07:24:59.563464: | free_event_entry: release EVENT_NULL-pe@0x55ac141f82f0 Sep 21 07:24:59.563470: | libevent_free: release ptr-libevent@0x55ac141f8420 Sep 21 07:24:59.563473: | free_event_entry: release EVENT_NULL-pe@0x55ac141f83e0 Sep 21 07:24:59.563479: | libevent_free: release ptr-libevent@0x55ac141f8510 Sep 21 07:24:59.563482: | free_event_entry: release EVENT_NULL-pe@0x55ac141f84d0 Sep 21 07:24:59.563486: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:24:59.563988: | libevent_free: release ptr-libevent@0x55ac141f79c0 Sep 21 07:24:59.563995: | free_event_entry: release EVENT_NULL-pe@0x55ac141e04e0 Sep 21 07:24:59.563999: | libevent_free: release ptr-libevent@0x55ac141ed450 Sep 21 07:24:59.564002: | free_event_entry: release EVENT_NULL-pe@0x55ac141e0790 Sep 21 07:24:59.564005: | libevent_free: release ptr-libevent@0x55ac141ed3c0 Sep 21 07:24:59.564007: | free_event_entry: release EVENT_NULL-pe@0x55ac141e5ef0 Sep 21 07:24:59.564011: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:24:59.564013: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:24:59.564016: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:24:59.564018: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:24:59.564021: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:24:59.564023: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:24:59.564025: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:24:59.564028: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:24:59.564030: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:24:59.564035: | libevent_free: release ptr-libevent@0x55ac141f7a90 Sep 21 07:24:59.564037: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:24:59.564040: | libevent_free: release ptr-libevent@0x55ac141f7b70 Sep 21 07:24:59.564043: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:24:59.564046: | libevent_free: release ptr-libevent@0x55ac141f7c30 Sep 21 07:24:59.564048: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:24:59.564055: | libevent_free: release ptr-libevent@0x55ac141ec6c0 Sep 21 07:24:59.564057: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:24:59.564059: | releasing event base Sep 21 07:24:59.564071: | libevent_free: release ptr-libevent@0x55ac141f7cf0 Sep 21 07:24:59.564074: | libevent_free: release ptr-libevent@0x55ac141cd1d0 Sep 21 07:24:59.564078: | libevent_free: release ptr-libevent@0x55ac141dba70 Sep 21 07:24:59.564080: | libevent_free: release ptr-libevent@0x55ac141dbb40 Sep 21 07:24:59.564083: | libevent_free: release ptr-libevent@0x55ac141dba90 Sep 21 07:24:59.564085: | libevent_free: release ptr-libevent@0x55ac141f7a50 Sep 21 07:24:59.564088: | libevent_free: release ptr-libevent@0x55ac141f7b30 Sep 21 07:24:59.564090: | libevent_free: release ptr-libevent@0x55ac141dbb20 Sep 21 07:24:59.564092: | libevent_free: release ptr-libevent@0x55ac141dbc80 Sep 21 07:24:59.564095: | libevent_free: release ptr-libevent@0x55ac141e06e0 Sep 21 07:24:59.564097: | libevent_free: release ptr-libevent@0x55ac141f85a0 Sep 21 07:24:59.564099: | libevent_free: release ptr-libevent@0x55ac141f84b0 Sep 21 07:24:59.564102: | libevent_free: release ptr-libevent@0x55ac141f83c0 Sep 21 07:24:59.564104: | libevent_free: release ptr-libevent@0x55ac141f82d0 Sep 21 07:24:59.564106: | libevent_free: release ptr-libevent@0x55ac141f81e0 Sep 21 07:24:59.564109: | libevent_free: release ptr-libevent@0x55ac141f80f0 Sep 21 07:24:59.564111: | libevent_free: release ptr-libevent@0x55ac1415f370 Sep 21 07:24:59.564113: | libevent_free: release ptr-libevent@0x55ac141f7c10 Sep 21 07:24:59.564116: | libevent_free: release ptr-libevent@0x55ac141f7b50 Sep 21 07:24:59.564118: | libevent_free: release ptr-libevent@0x55ac141f7a70 Sep 21 07:24:59.564120: | libevent_free: release ptr-libevent@0x55ac141f7cd0 Sep 21 07:24:59.564123: | libevent_free: release ptr-libevent@0x55ac1415d5b0 Sep 21 07:24:59.564125: | libevent_free: release ptr-libevent@0x55ac141dbab0 Sep 21 07:24:59.564128: | libevent_free: release ptr-libevent@0x55ac141dbae0 Sep 21 07:24:59.564130: | libevent_free: release ptr-libevent@0x55ac141db7d0 Sep 21 07:24:59.564132: | releasing global libevent data Sep 21 07:24:59.564135: | libevent_free: release ptr-libevent@0x55ac141da480 Sep 21 07:24:59.564138: | libevent_free: release ptr-libevent@0x55ac141da4b0 Sep 21 07:24:59.564141: | libevent_free: release ptr-libevent@0x55ac141db7a0