Sep 21 07:25:06.413584: FIPS Product: YES Sep 21 07:25:06.413721: FIPS Kernel: NO Sep 21 07:25:06.413724: FIPS Mode: NO Sep 21 07:25:06.413726: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:06.413943: Initializing NSS Sep 21 07:25:06.413951: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:06.488744: NSS initialized Sep 21 07:25:06.488763: NSS crypto library initialized Sep 21 07:25:06.488766: FIPS HMAC integrity support [enabled] Sep 21 07:25:06.488768: FIPS mode disabled for pluto daemon Sep 21 07:25:06.573721: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:06.573836: libcap-ng support [enabled] Sep 21 07:25:06.573848: Linux audit support [enabled] Sep 21 07:25:06.573874: Linux audit activated Sep 21 07:25:06.573882: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21101 Sep 21 07:25:06.573885: core dump dir: /tmp Sep 21 07:25:06.573887: secrets file: /etc/ipsec.secrets Sep 21 07:25:06.573889: leak-detective disabled Sep 21 07:25:06.573891: NSS crypto [enabled] Sep 21 07:25:06.573892: XAUTH PAM support [enabled] Sep 21 07:25:06.573954: | libevent is using pluto's memory allocator Sep 21 07:25:06.573959: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:06.573972: | libevent_malloc: new ptr-libevent@0x5596586822f0 size 40 Sep 21 07:25:06.573974: | libevent_malloc: new ptr-libevent@0x559658682320 size 40 Sep 21 07:25:06.573977: | libevent_malloc: new ptr-libevent@0x559658683ad0 size 40 Sep 21 07:25:06.573978: | creating event base Sep 21 07:25:06.573980: | libevent_malloc: new ptr-libevent@0x559658683a90 size 56 Sep 21 07:25:06.573982: | libevent_malloc: new ptr-libevent@0x559658683b00 size 664 Sep 21 07:25:06.573991: | libevent_malloc: new ptr-libevent@0x559658683da0 size 24 Sep 21 07:25:06.573994: | libevent_malloc: new ptr-libevent@0x55965863d330 size 384 Sep 21 07:25:06.574002: | libevent_malloc: new ptr-libevent@0x559658683dc0 size 16 Sep 21 07:25:06.574004: | libevent_malloc: new ptr-libevent@0x559658683de0 size 40 Sep 21 07:25:06.574005: | libevent_malloc: new ptr-libevent@0x559658683e10 size 48 Sep 21 07:25:06.574012: | libevent_realloc: new ptr-libevent@0x559658683e50 size 256 Sep 21 07:25:06.574014: | libevent_malloc: new ptr-libevent@0x559658683f60 size 16 Sep 21 07:25:06.574018: | libevent_free: release ptr-libevent@0x559658683a90 Sep 21 07:25:06.574021: | libevent initialized Sep 21 07:25:06.574024: | libevent_realloc: new ptr-libevent@0x559658683f80 size 64 Sep 21 07:25:06.574028: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:06.574040: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:06.574042: NAT-Traversal support [enabled] Sep 21 07:25:06.574043: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:06.574048: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:06.574050: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:06.574077: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:06.574080: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:06.574082: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:06.574124: Encryption algorithms: Sep 21 07:25:06.574131: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:06.574135: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:06.574140: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:06.574143: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:06.574146: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:06.574157: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:06.574162: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:06.574165: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:06.574168: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:06.574171: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:06.574175: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:06.574179: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:06.574182: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:06.574185: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:06.574189: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:06.574191: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:06.574194: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:06.574201: Hash algorithms: Sep 21 07:25:06.574204: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:06.574207: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:06.574210: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:06.574212: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:06.574215: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:06.574228: PRF algorithms: Sep 21 07:25:06.574231: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:06.574234: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:06.574237: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:06.574240: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:06.574243: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:06.574245: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:06.574269: Integrity algorithms: Sep 21 07:25:06.574272: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:06.574276: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:06.574279: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:06.574283: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:06.574289: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:06.574295: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:06.574300: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:06.574304: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:06.574306: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:06.574319: DH algorithms: Sep 21 07:25:06.574325: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:06.574331: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:06.574335: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:06.574343: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:06.574348: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:06.574351: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:06.574354: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:06.574357: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:06.574361: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:06.574364: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:06.574367: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:06.574369: testing CAMELLIA_CBC: Sep 21 07:25:06.574372: Camellia: 16 bytes with 128-bit key Sep 21 07:25:06.574510: Camellia: 16 bytes with 128-bit key Sep 21 07:25:06.574546: Camellia: 16 bytes with 256-bit key Sep 21 07:25:06.574577: Camellia: 16 bytes with 256-bit key Sep 21 07:25:06.574605: testing AES_GCM_16: Sep 21 07:25:06.574609: empty string Sep 21 07:25:06.574638: one block Sep 21 07:25:06.574664: two blocks Sep 21 07:25:06.574691: two blocks with associated data Sep 21 07:25:06.574717: testing AES_CTR: Sep 21 07:25:06.574720: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:06.574747: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:06.574775: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:06.574807: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:06.574830: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:06.574850: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:06.574867: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:06.574882: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:06.574901: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:06.574918: testing AES_CBC: Sep 21 07:25:06.574919: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:06.574936: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:06.574953: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:06.574972: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:06.574992: testing AES_XCBC: Sep 21 07:25:06.574994: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:06.575068: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:06.575146: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:06.575221: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:06.575297: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:06.575373: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:06.575450: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:06.575617: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:06.575693: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:06.575775: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:06.575996: testing HMAC_MD5: Sep 21 07:25:06.576003: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:06.576169: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:06.576315: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:06.576557: 8 CPU cores online Sep 21 07:25:06.576561: starting up 7 crypto helpers Sep 21 07:25:06.576597: started thread for crypto helper 0 Sep 21 07:25:06.576619: started thread for crypto helper 1 Sep 21 07:25:06.576645: started thread for crypto helper 2 Sep 21 07:25:06.576666: started thread for crypto helper 3 Sep 21 07:25:06.576686: started thread for crypto helper 4 Sep 21 07:25:06.576712: started thread for crypto helper 5 Sep 21 07:25:06.576737: started thread for crypto helper 6 Sep 21 07:25:06.576741: | checking IKEv1 state table Sep 21 07:25:06.576748: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576750: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:06.576753: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576755: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:06.576758: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:06.576760: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:06.576762: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:06.576764: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:06.576766: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:06.576768: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:06.576769: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:06.576771: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:06.576774: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:06.576776: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:06.576778: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:06.576780: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:06.576787: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:06.576791: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:06.576793: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:06.576795: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:06.576797: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:06.576799: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576802: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:06.576804: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576807: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576809: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:06.576811: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576813: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:06.576815: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:06.576817: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:06.576819: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:06.576821: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:06.576823: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:06.576825: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576827: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:06.576830: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576832: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:06.576834: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:06.576836: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:06.576838: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:06.576841: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:06.576842: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:06.576845: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:06.576847: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576849: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:06.576851: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576853: | INFO: category: informational flags: 0: Sep 21 07:25:06.576855: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576858: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:06.576860: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576862: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:06.576864: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:06.576866: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:06.576868: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:06.576871: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:06.576873: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:06.576876: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:06.576877: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:06.576880: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:06.576882: | -> UNDEFINED EVENT_NULL Sep 21 07:25:06.576884: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:06.576888: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:06.576891: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:06.576893: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:06.576896: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:06.576897: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:06.576904: | checking IKEv2 state table Sep 21 07:25:06.576909: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:06.576912: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:06.576915: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576918: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:06.576920: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:06.576923: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:06.576925: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:06.576927: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:06.576929: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:06.576932: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:06.576934: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:06.576937: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:06.576940: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:06.576942: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:06.576944: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:06.576946: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:06.576948: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576951: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:06.576953: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:06.576955: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:06.576958: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:06.576960: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:06.576962: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:06.576965: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:06.576968: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:06.576970: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:06.576973: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:06.576975: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:06.576977: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:06.576979: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:06.576982: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:06.576984: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:06.576986: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:06.576989: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:06.576992: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:06.576994: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:06.576996: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:06.576999: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:06.577001: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:06.577007: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:06.577009: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:06.577012: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:06.577015: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:06.577018: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:06.577020: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:06.577022: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:06.577025: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:06.577087: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:06.577142: | Hard-wiring algorithms Sep 21 07:25:06.577145: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:06.577148: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:06.577150: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:06.577152: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:06.577153: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:06.577155: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:06.577157: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:06.577159: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:06.577160: | adding AES_CTR to kernel algorithm db Sep 21 07:25:06.577162: | adding AES_CBC to kernel algorithm db Sep 21 07:25:06.577164: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:06.577166: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:06.577167: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:06.577169: | adding NULL to kernel algorithm db Sep 21 07:25:06.577171: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:06.577173: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:06.577175: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:06.577177: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:06.577178: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:06.577180: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:06.577182: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:06.577184: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:06.577186: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:06.577188: | adding NONE to kernel algorithm db Sep 21 07:25:06.577205: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:06.577212: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:06.577213: | setup kernel fd callback Sep 21 07:25:06.577216: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55965868e740 Sep 21 07:25:06.577219: | libevent_malloc: new ptr-libevent@0x559658695810 size 128 Sep 21 07:25:06.577221: | libevent_malloc: new ptr-libevent@0x55965868e6a0 size 16 Sep 21 07:25:06.577227: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x559658688bf0 Sep 21 07:25:06.577229: | libevent_malloc: new ptr-libevent@0x5596586958a0 size 128 Sep 21 07:25:06.577231: | libevent_malloc: new ptr-libevent@0x55965868e680 size 16 Sep 21 07:25:06.577400: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:06.577409: selinux support is enabled. Sep 21 07:25:06.578037: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:06.578215: | unbound context created - setting debug level to 5 Sep 21 07:25:06.578245: | /etc/hosts lookups activated Sep 21 07:25:06.578263: | /etc/resolv.conf usage activated Sep 21 07:25:06.578314: | outgoing-port-avoid set 0-65535 Sep 21 07:25:06.578342: | outgoing-port-permit set 32768-60999 Sep 21 07:25:06.578348: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:06.578352: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:06.578355: | Setting up events, loop start Sep 21 07:25:06.578358: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5596586889b0 Sep 21 07:25:06.578365: | libevent_malloc: new ptr-libevent@0x55965869fe20 size 128 Sep 21 07:25:06.578369: | libevent_malloc: new ptr-libevent@0x55965869feb0 size 16 Sep 21 07:25:06.578375: | libevent_realloc: new ptr-libevent@0x55965869fed0 size 256 Sep 21 07:25:06.578377: | libevent_malloc: new ptr-libevent@0x55965869ffe0 size 8 Sep 21 07:25:06.578381: | libevent_realloc: new ptr-libevent@0x559658694b10 size 144 Sep 21 07:25:06.578383: | libevent_malloc: new ptr-libevent@0x5596586a0000 size 152 Sep 21 07:25:06.578387: | libevent_malloc: new ptr-libevent@0x5596586a00a0 size 16 Sep 21 07:25:06.578390: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:06.578393: | libevent_malloc: new ptr-libevent@0x5596586a00c0 size 8 Sep 21 07:25:06.578395: | libevent_malloc: new ptr-libevent@0x5596586a00e0 size 152 Sep 21 07:25:06.578398: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:06.578400: | libevent_malloc: new ptr-libevent@0x5596586a0180 size 8 Sep 21 07:25:06.578403: | libevent_malloc: new ptr-libevent@0x5596586a01a0 size 152 Sep 21 07:25:06.578406: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:06.578408: | libevent_malloc: new ptr-libevent@0x5596586a0240 size 8 Sep 21 07:25:06.578410: | libevent_realloc: release ptr-libevent@0x559658694b10 Sep 21 07:25:06.578413: | libevent_realloc: new ptr-libevent@0x5596586a0260 size 256 Sep 21 07:25:06.578415: | libevent_malloc: new ptr-libevent@0x559658694b10 size 152 Sep 21 07:25:06.578418: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:06.578797: | created addconn helper (pid:21316) using fork+execve Sep 21 07:25:06.578812: | forked child 21316 Sep 21 07:25:06.578854: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:06.578876: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:06.578883: listening for IKE messages Sep 21 07:25:06.578999: | Inspecting interface lo Sep 21 07:25:06.579006: | found lo with address 127.0.0.1 Sep 21 07:25:06.579009: | Inspecting interface eth0 Sep 21 07:25:06.579013: | found eth0 with address 192.0.3.254 Sep 21 07:25:06.579017: | Inspecting interface eth1 Sep 21 07:25:06.579021: | found eth1 with address 192.1.3.33 Sep 21 07:25:06.579066: Kernel supports NIC esp-hw-offload Sep 21 07:25:06.579084: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:25:06.579149: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:06.579154: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:06.579158: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:06.579191: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:25:06.579218: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:06.579222: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:06.579226: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:06.579255: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:06.579283: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:06.579288: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:06.579291: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:06.579363: | no interfaces to sort Sep 21 07:25:06.579368: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:06.579376: | add_fd_read_event_handler: new ethX-pe@0x559658689ab0 Sep 21 07:25:06.579379: | libevent_malloc: new ptr-libevent@0x5596586a0640 size 128 Sep 21 07:25:06.579382: | libevent_malloc: new ptr-libevent@0x5596586a06d0 size 16 Sep 21 07:25:06.579388: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:06.579391: | add_fd_read_event_handler: new ethX-pe@0x5596586a06f0 Sep 21 07:25:06.579393: | libevent_malloc: new ptr-libevent@0x5596586a0730 size 128 Sep 21 07:25:06.579396: | libevent_malloc: new ptr-libevent@0x5596586a07c0 size 16 Sep 21 07:25:06.579404: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:06.579406: | add_fd_read_event_handler: new ethX-pe@0x5596586a07e0 Sep 21 07:25:06.579409: | libevent_malloc: new ptr-libevent@0x5596586a0820 size 128 Sep 21 07:25:06.579411: | libevent_malloc: new ptr-libevent@0x5596586a08b0 size 16 Sep 21 07:25:06.579416: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:06.579418: | add_fd_read_event_handler: new ethX-pe@0x5596586a08d0 Sep 21 07:25:06.579420: | libevent_malloc: new ptr-libevent@0x5596586a0910 size 128 Sep 21 07:25:06.579423: | libevent_malloc: new ptr-libevent@0x5596586a09a0 size 16 Sep 21 07:25:06.579427: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:06.579430: | add_fd_read_event_handler: new ethX-pe@0x5596586a09c0 Sep 21 07:25:06.579432: | libevent_malloc: new ptr-libevent@0x5596586a0a00 size 128 Sep 21 07:25:06.579435: | libevent_malloc: new ptr-libevent@0x5596586a0a90 size 16 Sep 21 07:25:06.579439: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:06.579441: | add_fd_read_event_handler: new ethX-pe@0x5596586a0ab0 Sep 21 07:25:06.579444: | libevent_malloc: new ptr-libevent@0x5596586a0af0 size 128 Sep 21 07:25:06.579446: | libevent_malloc: new ptr-libevent@0x5596586a0b80 size 16 Sep 21 07:25:06.579451: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:06.579456: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:06.579459: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:06.579477: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:06.579502: | saving Modulus Sep 21 07:25:06.579509: | saving PublicExponent Sep 21 07:25:06.579512: | ignoring PrivateExponent Sep 21 07:25:06.579515: | ignoring Prime1 Sep 21 07:25:06.579519: | ignoring Prime2 Sep 21 07:25:06.579522: | ignoring Exponent1 Sep 21 07:25:06.579525: | ignoring Exponent2 Sep 21 07:25:06.579528: | ignoring Coefficient Sep 21 07:25:06.579531: | ignoring CKAIDNSS Sep 21 07:25:06.579580: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:06.579583: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:06.579587: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:06.579599: | certs and keys locked by 'process_secret' Sep 21 07:25:06.579604: | certs and keys unlocked by 'process_secret' Sep 21 07:25:06.579609: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:06.579700: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:06.579708: | spent 0.725 milliseconds in whack Sep 21 07:25:06.579721: | starting up helper thread 6 Sep 21 07:25:06.579730: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:06.579735: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:06.579746: | starting up helper thread 5 Sep 21 07:25:06.579750: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:06.579753: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:06.579762: | starting up helper thread 1 Sep 21 07:25:06.579767: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:06.579769: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:06.579802: | starting up helper thread 2 Sep 21 07:25:06.579809: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:06.579812: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:06.579826: | starting up helper thread 0 Sep 21 07:25:06.579831: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:06.579833: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:06.598328: | starting up helper thread 3 Sep 21 07:25:06.598345: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:06.598347: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:06.598357: | starting up helper thread 4 Sep 21 07:25:06.598360: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:06.598366: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:06.640534: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:06.640552: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:06.640557: listening for IKE messages Sep 21 07:25:06.640590: | Inspecting interface lo Sep 21 07:25:06.640597: | found lo with address 127.0.0.1 Sep 21 07:25:06.640600: | Inspecting interface eth0 Sep 21 07:25:06.640604: | found eth0 with address 192.0.3.254 Sep 21 07:25:06.640606: | Inspecting interface eth1 Sep 21 07:25:06.640610: | found eth1 with address 192.1.3.33 Sep 21 07:25:06.640692: | no interfaces to sort Sep 21 07:25:06.640701: | libevent_free: release ptr-libevent@0x5596586a0640 Sep 21 07:25:06.640704: | free_event_entry: release EVENT_NULL-pe@0x559658689ab0 Sep 21 07:25:06.640707: | add_fd_read_event_handler: new ethX-pe@0x559658689ab0 Sep 21 07:25:06.640710: | libevent_malloc: new ptr-libevent@0x5596586a0640 size 128 Sep 21 07:25:06.640717: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:06.640721: | libevent_free: release ptr-libevent@0x5596586a0730 Sep 21 07:25:06.640723: | free_event_entry: release EVENT_NULL-pe@0x5596586a06f0 Sep 21 07:25:06.640725: | add_fd_read_event_handler: new ethX-pe@0x5596586a06f0 Sep 21 07:25:06.640728: | libevent_malloc: new ptr-libevent@0x5596586a0730 size 128 Sep 21 07:25:06.640731: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:06.640733: | libevent_free: release ptr-libevent@0x5596586a0820 Sep 21 07:25:06.640735: | free_event_entry: release EVENT_NULL-pe@0x5596586a07e0 Sep 21 07:25:06.640736: | add_fd_read_event_handler: new ethX-pe@0x5596586a07e0 Sep 21 07:25:06.640738: | libevent_malloc: new ptr-libevent@0x5596586a0820 size 128 Sep 21 07:25:06.640740: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:06.640743: | libevent_free: release ptr-libevent@0x5596586a0910 Sep 21 07:25:06.640745: | free_event_entry: release EVENT_NULL-pe@0x5596586a08d0 Sep 21 07:25:06.640746: | add_fd_read_event_handler: new ethX-pe@0x5596586a08d0 Sep 21 07:25:06.640748: | libevent_malloc: new ptr-libevent@0x5596586a0910 size 128 Sep 21 07:25:06.640750: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:06.640753: | libevent_free: release ptr-libevent@0x5596586a0a00 Sep 21 07:25:06.640754: | free_event_entry: release EVENT_NULL-pe@0x5596586a09c0 Sep 21 07:25:06.640756: | add_fd_read_event_handler: new ethX-pe@0x5596586a09c0 Sep 21 07:25:06.640758: | libevent_malloc: new ptr-libevent@0x5596586a0a00 size 128 Sep 21 07:25:06.640760: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:06.640763: | libevent_free: release ptr-libevent@0x5596586a0af0 Sep 21 07:25:06.640764: | free_event_entry: release EVENT_NULL-pe@0x5596586a0ab0 Sep 21 07:25:06.640766: | add_fd_read_event_handler: new ethX-pe@0x5596586a0ab0 Sep 21 07:25:06.640767: | libevent_malloc: new ptr-libevent@0x5596586a0af0 size 128 Sep 21 07:25:06.640770: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:06.640772: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:06.640773: forgetting secrets Sep 21 07:25:06.640782: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:06.640803: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:06.640816: | saving Modulus Sep 21 07:25:06.640818: | saving PublicExponent Sep 21 07:25:06.640820: | ignoring PrivateExponent Sep 21 07:25:06.640822: | ignoring Prime1 Sep 21 07:25:06.640824: | ignoring Prime2 Sep 21 07:25:06.640826: | ignoring Exponent1 Sep 21 07:25:06.640828: | ignoring Exponent2 Sep 21 07:25:06.640830: | ignoring Coefficient Sep 21 07:25:06.640832: | ignoring CKAIDNSS Sep 21 07:25:06.640851: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:06.640853: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:06.640856: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:06.640861: | certs and keys locked by 'process_secret' Sep 21 07:25:06.640867: | certs and keys unlocked by 'process_secret' Sep 21 07:25:06.640872: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:06.640879: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:06.640886: | spent 0.358 milliseconds in whack Sep 21 07:25:06.643076: | processing signal PLUTO_SIGCHLD Sep 21 07:25:06.643094: | waitpid returned pid 21316 (exited with status 0) Sep 21 07:25:06.643100: | reaped addconn helper child (status 0) Sep 21 07:25:06.643106: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:06.643112: | spent 0.0201 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:06.658426: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:06.658447: | old debugging base+cpu-usage + none Sep 21 07:25:06.658453: | base debugging = base+cpu-usage Sep 21 07:25:06.658456: | old impairing none + suppress-retransmits Sep 21 07:25:06.658458: | base impairing = suppress-retransmits Sep 21 07:25:06.658466: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:06.658475: | spent 0.0551 milliseconds in whack Sep 21 07:25:06.780730: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:06.780754: | old debugging base+cpu-usage + none Sep 21 07:25:06.780758: | base debugging = base+cpu-usage Sep 21 07:25:06.780761: | old impairing suppress-retransmits + suppress-retransmits Sep 21 07:25:06.780764: | base impairing = suppress-retransmits Sep 21 07:25:06.780772: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:06.780779: | spent 0.0582 milliseconds in whack Sep 21 07:25:07.023673: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:07.023710: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.023714: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:07.023717: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.023720: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:07.023724: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.023731: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:07.023735: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:07.023796: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:07.023802: | from whack: got --esp= Sep 21 07:25:07.023840: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:07.024443: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:07.024458: | loading left certificate 'north' pubkey Sep 21 07:25:07.024568: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2f60 Sep 21 07:25:07.024574: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2ea0 Sep 21 07:25:07.024576: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2e70 Sep 21 07:25:07.024711: | unreference key: 0x5596586a2b40 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:07.024898: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:25:07.024907: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:25:07.024916: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:25:07.025581: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:07.025589: | loading right certificate 'east' pubkey Sep 21 07:25:07.025679: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a74d0 Sep 21 07:25:07.025684: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2f60 Sep 21 07:25:07.025687: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2ea0 Sep 21 07:25:07.025690: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2e70 Sep 21 07:25:07.025692: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a3580 Sep 21 07:25:07.025927: | unreference key: 0x5596586aa2d0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:07.026055: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:25:07.026067: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:25:07.026080: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:07.026083: | new hp@0x5596586ab7f0 Sep 21 07:25:07.026088: added connection description "northnet-eastnets/0x1" Sep 21 07:25:07.026099: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:07.026120: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Sep 21 07:25:07.026129: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:07.026136: | spent 2.45 milliseconds in whack Sep 21 07:25:07.026938: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:07.026961: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.026965: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:07.026968: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.026971: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:07.026974: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.026980: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:07.026983: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:07.027039: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:07.027043: | from whack: got --esp= Sep 21 07:25:07.027080: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:07.027210: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:07.027218: | loading left certificate 'north' pubkey Sep 21 07:25:07.027281: | unreference key: 0x5596586a7060 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:07.027302: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2f60 Sep 21 07:25:07.027306: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2ea0 Sep 21 07:25:07.027308: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2e70 Sep 21 07:25:07.027359: | unreference key: 0x5596586a6a70 @north.testing.libreswan.org cnt 1-- Sep 21 07:25:07.027411: | unreference key: 0x5596586a6c40 user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:07.027469: | unreference key: 0x5596586aae20 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:07.027517: | secrets entry for north already exists Sep 21 07:25:07.027527: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:25:07.027621: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:07.027627: | loading right certificate 'east' pubkey Sep 21 07:25:07.027685: | unreference key: 0x5596586ac9c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:07.027697: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2ea0 Sep 21 07:25:07.027700: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2e70 Sep 21 07:25:07.027703: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a4000 Sep 21 07:25:07.027705: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a3580 Sep 21 07:25:07.027707: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a6e40 Sep 21 07:25:07.027756: | unreference key: 0x5596586ab630 192.1.2.23 cnt 1-- Sep 21 07:25:07.027813: | unreference key: 0x5596586aa930 east@testing.libreswan.org cnt 1-- Sep 21 07:25:07.027867: | unreference key: 0x5596586ac1d0 @east.testing.libreswan.org cnt 1-- Sep 21 07:25:07.027915: | unreference key: 0x5596586ac600 user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:07.027971: | unreference key: 0x5596586addb0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:07.028091: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:25:07.028104: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:25:07.028113: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:07.028118: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x5596586ab7f0: northnet-eastnets/0x1 Sep 21 07:25:07.028121: added connection description "northnet-eastnets/0x2" Sep 21 07:25:07.028131: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:07.028153: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Sep 21 07:25:07.028161: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:07.028167: | spent 1.22 milliseconds in whack Sep 21 07:25:07.099371: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:07.099397: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:25:07.099402: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:07.099407: initiating all conns with alias='northnet-eastnets' Sep 21 07:25:07.099413: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:07.099425: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:07.099429: | connection 'northnet-eastnets/0x2' +POLICY_UP Sep 21 07:25:07.099432: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:07.099435: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:07.099451: | creating state object #1 at 0x5596586ae640 Sep 21 07:25:07.099455: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:07.099463: | pstats #1 ikev2.ike started Sep 21 07:25:07.099466: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:07.099469: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:07.099473: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:07.099480: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:07.099485: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:07.099488: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:07.099492: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Sep 21 07:25:07.099496: "northnet-eastnets/0x2" #1: initiating v2 parent SA Sep 21 07:25:07.099502: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Sep 21 07:25:07.099510: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:07.099519: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.099522: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:07.099527: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.099531: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:07.099535: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.099539: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:07.099543: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.099552: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.099558: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:07.099562: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5596586add20 Sep 21 07:25:07.099566: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:07.099572: | libevent_malloc: new ptr-libevent@0x5596586a2ed0 size 128 Sep 21 07:25:07.099586: | #1 spent 0.159 milliseconds in ikev2_parent_outI1() Sep 21 07:25:07.099590: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:07.099594: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:07.099597: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:07.099600: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:07.099604: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:07.099607: | connection 'northnet-eastnets/0x1' +POLICY_UP Sep 21 07:25:07.099610: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:07.099612: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:07.099617: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Sep 21 07:25:07.099621: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:07.099624: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:25:07.099627: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:07.099632: | spent 0.273 milliseconds in whack Sep 21 07:25:07.099642: | crypto helper 6 resuming Sep 21 07:25:07.099647: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:25:07.099651: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:07.100511: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000858 seconds Sep 21 07:25:07.100527: | (#1) spent 0.871 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:07.100531: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:07.100534: | scheduling resume sending helper answer for #1 Sep 21 07:25:07.100538: | libevent_malloc: new ptr-libevent@0x7fb92c006900 size 128 Sep 21 07:25:07.100547: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:07.100560: | processing resume sending helper answer for #1 Sep 21 07:25:07.100567: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:07.100571: | crypto helper 6 replies to request ID 1 Sep 21 07:25:07.100574: | calling continuation function 0x559656c5e630 Sep 21 07:25:07.100576: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:07.100614: | **emit ISAKMP Message: Sep 21 07:25:07.100617: | initiator cookie: Sep 21 07:25:07.100620: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.100622: | responder cookie: Sep 21 07:25:07.100624: | 00 00 00 00 00 00 00 00 Sep 21 07:25:07.100627: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.100630: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.100633: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:07.100636: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.100638: | Message ID: 0 (0x0) Sep 21 07:25:07.100641: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.100657: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.100664: | Emitting ikev2_proposals ... Sep 21 07:25:07.100667: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:07.100670: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.100672: | flags: none (0x0) Sep 21 07:25:07.100675: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:07.100678: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.100681: | discarding INTEG=NONE Sep 21 07:25:07.100683: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.100685: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.100687: | prop #: 1 (0x1) Sep 21 07:25:07.100690: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:07.100692: | spi size: 0 (0x0) Sep 21 07:25:07.100694: | # transforms: 11 (0xb) Sep 21 07:25:07.100697: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.100700: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100705: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.100707: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.100709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100712: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.100715: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.100717: | length/value: 256 (0x100) Sep 21 07:25:07.100720: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.100722: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100726: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.100729: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:07.100732: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100735: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100737: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100739: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100744: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.100746: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:07.100749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100754: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100757: | discarding INTEG=NONE Sep 21 07:25:07.100759: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100764: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100767: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.100770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100778: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100781: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100788: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100794: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100796: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:07.100799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100802: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100805: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100807: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100809: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100812: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100814: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:07.100817: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100822: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100824: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100829: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100831: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:07.100834: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100840: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100842: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100847: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100849: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:07.100852: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100855: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100857: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100859: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100864: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100867: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:07.100870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100875: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100877: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100879: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100882: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100884: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:07.100886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100895: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100897: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100899: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.100901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100903: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:07.100906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100910: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100912: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:07.100915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.100917: | discarding INTEG=NONE Sep 21 07:25:07.100919: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.100921: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.100924: | prop #: 2 (0x2) Sep 21 07:25:07.100926: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:07.100928: | spi size: 0 (0x0) Sep 21 07:25:07.100930: | # transforms: 11 (0xb) Sep 21 07:25:07.100932: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.100935: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.100937: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100942: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.100944: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.100946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100948: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.100951: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.100953: | length/value: 128 (0x80) Sep 21 07:25:07.100955: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.100957: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100961: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.100964: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:07.100966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100969: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100971: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100973: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100977: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.100980: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:07.100982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.100987: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.100991: | discarding INTEG=NONE Sep 21 07:25:07.100993: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.100995: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.100997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.100999: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.101002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101007: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101009: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101013: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101015: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:07.101018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101022: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101025: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101029: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101031: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:07.101033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101038: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101043: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101045: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101047: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:07.101050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101055: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101058: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101065: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:07.101068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101073: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101075: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101082: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:07.101085: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101092: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101094: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101101: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:07.101104: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101107: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101109: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101111: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101114: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.101116: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101118: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:07.101121: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101124: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101126: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101129: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:07.101132: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.101134: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.101137: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.101139: | prop #: 3 (0x3) Sep 21 07:25:07.101142: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:07.101144: | spi size: 0 (0x0) Sep 21 07:25:07.101146: | # transforms: 13 (0xd) Sep 21 07:25:07.101149: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.101152: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.101154: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101159: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.101161: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:07.101164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101166: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.101169: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.101171: | length/value: 256 (0x100) Sep 21 07:25:07.101174: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.101176: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101180: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.101182: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:07.101185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101187: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101190: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101192: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101197: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.101199: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:07.101202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101204: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101206: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101208: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101213: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.101215: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:07.101217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101222: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101224: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101228: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.101230: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:07.101233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101238: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101240: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101247: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.101250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101254: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101256: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101259: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101261: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101263: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:07.101266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101270: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101272: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101278: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:07.101281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101289: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101292: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101294: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101296: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101299: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:07.101301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101304: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101306: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101308: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101312: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101314: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:07.101317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101319: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101322: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101324: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101331: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:07.101333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101339: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101341: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101346: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101348: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:07.101351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101358: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101360: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.101362: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101364: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:07.101367: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101370: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101372: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101374: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:07.101377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.101380: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.101382: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:07.101384: | prop #: 4 (0x4) Sep 21 07:25:07.101389: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:07.101392: | spi size: 0 (0x0) Sep 21 07:25:07.101394: | # transforms: 13 (0xd) Sep 21 07:25:07.101397: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.101400: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.101403: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101405: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101408: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.101410: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:07.101413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101416: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.101419: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.101421: | length/value: 128 (0x80) Sep 21 07:25:07.101424: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.101426: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101431: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.101433: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:07.101436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101441: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101444: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101448: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.101451: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:07.101455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101460: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101463: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101467: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.101469: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:07.101472: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101477: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101479: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101483: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.101485: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:07.101488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101492: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101496: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101501: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101503: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.101506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101511: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101513: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101519: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:07.101521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101523: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101526: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101528: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101530: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101532: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101534: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:07.101537: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101542: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101544: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101549: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101551: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:07.101553: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101556: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101558: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101560: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101567: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:07.101569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101575: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101577: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101583: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:07.101586: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101588: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101593: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101595: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101601: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:07.101604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101606: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101609: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101611: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.101613: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.101615: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.101617: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:07.101620: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.101623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.101626: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.101629: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:07.101632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.101635: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:07.101638: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:07.101641: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:07.101644: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.101647: | flags: none (0x0) Sep 21 07:25:07.101650: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.101654: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:07.101657: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.101661: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:07.101665: | ikev2 g^x 5a 28 85 5b 85 7a 66 1b f8 4d 4c 7d 6d 8f 0c 0f Sep 21 07:25:07.101667: | ikev2 g^x 27 3b 15 04 e6 22 9d 08 1d e5 75 9a 9e 1e 8d 0f Sep 21 07:25:07.101670: | ikev2 g^x 46 c2 05 9a a9 63 22 dc 49 21 dc dc b7 37 91 c5 Sep 21 07:25:07.101672: | ikev2 g^x 07 d9 2b 62 ab 95 d6 ec 1a 4a 66 e1 b0 5d fc e2 Sep 21 07:25:07.101675: | ikev2 g^x 5b ad 09 8e ad c6 3a e4 b2 d7 55 9f 88 0d 76 82 Sep 21 07:25:07.101678: | ikev2 g^x 51 84 20 2b 4e 0c 94 45 2c bf 77 35 7a 3c 06 14 Sep 21 07:25:07.101680: | ikev2 g^x 41 e8 72 f6 5a 54 41 4f 73 83 a5 c4 a7 10 03 d1 Sep 21 07:25:07.101683: | ikev2 g^x 2f 77 02 5f 60 ac a0 7a d7 22 58 2c b6 ab 75 31 Sep 21 07:25:07.101686: | ikev2 g^x f9 fa ad cf 1d 1a 1f 11 56 d2 c5 c6 89 99 19 6d Sep 21 07:25:07.101688: | ikev2 g^x 4c 41 24 e2 b6 79 9b 7f 3a 68 14 be 9f 5c 7e 68 Sep 21 07:25:07.101691: | ikev2 g^x 9c bc dd 38 ae 4f 61 e6 3d 91 f5 48 aa 43 f6 f8 Sep 21 07:25:07.101694: | ikev2 g^x 8d 8e 2b 65 2d ed a5 00 8a aa eb 80 ee 6c 8d 06 Sep 21 07:25:07.101696: | ikev2 g^x 05 70 73 4e 79 e7 eb 31 e3 f9 0c 68 73 be 64 41 Sep 21 07:25:07.101699: | ikev2 g^x 86 2a 56 5f 23 80 fc cc 65 61 30 91 da 38 a2 22 Sep 21 07:25:07.101701: | ikev2 g^x d6 7e b0 d2 e7 f0 50 09 a9 54 0a ed ea 9e 70 d1 Sep 21 07:25:07.101704: | ikev2 g^x 6b 1b 2d 13 a3 d5 95 79 d5 a2 f5 de 44 0c ad c1 Sep 21 07:25:07.101709: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:07.101712: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:07.101714: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:07.101717: | flags: none (0x0) Sep 21 07:25:07.101721: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:07.101724: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:07.101727: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.101731: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:07.101734: | IKEv2 nonce b7 b4 eb 8e 73 49 da b4 69 eb 0a e2 eb 69 ef 71 Sep 21 07:25:07.101737: | IKEv2 nonce 3b b3 dd 8b e8 1a 6a 27 cf f5 b7 64 ba 76 34 5d Sep 21 07:25:07.101739: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:07.101742: | Adding a v2N Payload Sep 21 07:25:07.101745: | ***emit IKEv2 Notify Payload: Sep 21 07:25:07.101748: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.101751: | flags: none (0x0) Sep 21 07:25:07.101754: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:07.101757: | SPI size: 0 (0x0) Sep 21 07:25:07.101760: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:07.101763: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:07.101766: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.101769: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:07.101774: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:07.101777: | natd_hash: rcookie is zero Sep 21 07:25:07.101804: | natd_hash: hasher=0x559656d347a0(20) Sep 21 07:25:07.101811: | natd_hash: icookie= 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.101814: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:07.101817: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:07.101819: | natd_hash: port= 01 f4 Sep 21 07:25:07.101822: | natd_hash: hash= a1 fe d2 ef 9a 0e 63 6c b4 59 75 67 f0 75 53 66 Sep 21 07:25:07.101825: | natd_hash: hash= 9d a4 70 14 Sep 21 07:25:07.101827: | Adding a v2N Payload Sep 21 07:25:07.101830: | ***emit IKEv2 Notify Payload: Sep 21 07:25:07.101833: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.101835: | flags: none (0x0) Sep 21 07:25:07.101838: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:07.101841: | SPI size: 0 (0x0) Sep 21 07:25:07.101844: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:07.101847: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:07.101850: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.101853: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:07.101856: | Notify data a1 fe d2 ef 9a 0e 63 6c b4 59 75 67 f0 75 53 66 Sep 21 07:25:07.101859: | Notify data 9d a4 70 14 Sep 21 07:25:07.101862: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:07.101864: | natd_hash: rcookie is zero Sep 21 07:25:07.101872: | natd_hash: hasher=0x559656d347a0(20) Sep 21 07:25:07.101875: | natd_hash: icookie= 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.101877: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:07.101880: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:07.101882: | natd_hash: port= 01 f4 Sep 21 07:25:07.101885: | natd_hash: hash= 56 e2 29 ba b8 5b cb 8c fe bd 2e 5d 2a 54 0d fe Sep 21 07:25:07.101888: | natd_hash: hash= a7 13 50 9e Sep 21 07:25:07.101890: | Adding a v2N Payload Sep 21 07:25:07.101893: | ***emit IKEv2 Notify Payload: Sep 21 07:25:07.101896: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.101900: | flags: none (0x0) Sep 21 07:25:07.101903: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:07.101906: | SPI size: 0 (0x0) Sep 21 07:25:07.101909: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:07.101912: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:07.101915: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.101919: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:07.101922: | Notify data 56 e2 29 ba b8 5b cb 8c fe bd 2e 5d 2a 54 0d fe Sep 21 07:25:07.101924: | Notify data a7 13 50 9e Sep 21 07:25:07.101926: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:07.101930: | emitting length of ISAKMP Message: 828 Sep 21 07:25:07.101941: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:07.101954: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.101958: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:07.101961: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:07.101964: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:07.101968: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:07.101970: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:07.101976: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:07.101979: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:07.101988: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:07.101999: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.102002: | 9e f0 dc 87 3c 6f c0 43 00 00 00 00 00 00 00 00 Sep 21 07:25:07.102005: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:07.102007: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:07.102009: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:07.102011: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:07.102013: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:07.102016: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:07.102018: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:07.102020: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:07.102022: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:07.102024: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:07.102026: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:07.102028: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:07.102030: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:07.102032: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:07.102034: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:07.102036: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:07.102039: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:07.102040: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:07.102042: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:07.102045: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:07.102047: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:07.102049: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:07.102051: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:07.102054: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:07.102057: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:07.102059: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:07.102061: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:07.102063: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:07.102065: | 28 00 01 08 00 0e 00 00 5a 28 85 5b 85 7a 66 1b Sep 21 07:25:07.102067: | f8 4d 4c 7d 6d 8f 0c 0f 27 3b 15 04 e6 22 9d 08 Sep 21 07:25:07.102069: | 1d e5 75 9a 9e 1e 8d 0f 46 c2 05 9a a9 63 22 dc Sep 21 07:25:07.102071: | 49 21 dc dc b7 37 91 c5 07 d9 2b 62 ab 95 d6 ec Sep 21 07:25:07.102073: | 1a 4a 66 e1 b0 5d fc e2 5b ad 09 8e ad c6 3a e4 Sep 21 07:25:07.102075: | b2 d7 55 9f 88 0d 76 82 51 84 20 2b 4e 0c 94 45 Sep 21 07:25:07.102077: | 2c bf 77 35 7a 3c 06 14 41 e8 72 f6 5a 54 41 4f Sep 21 07:25:07.102079: | 73 83 a5 c4 a7 10 03 d1 2f 77 02 5f 60 ac a0 7a Sep 21 07:25:07.102081: | d7 22 58 2c b6 ab 75 31 f9 fa ad cf 1d 1a 1f 11 Sep 21 07:25:07.102083: | 56 d2 c5 c6 89 99 19 6d 4c 41 24 e2 b6 79 9b 7f Sep 21 07:25:07.102085: | 3a 68 14 be 9f 5c 7e 68 9c bc dd 38 ae 4f 61 e6 Sep 21 07:25:07.102088: | 3d 91 f5 48 aa 43 f6 f8 8d 8e 2b 65 2d ed a5 00 Sep 21 07:25:07.102090: | 8a aa eb 80 ee 6c 8d 06 05 70 73 4e 79 e7 eb 31 Sep 21 07:25:07.102092: | e3 f9 0c 68 73 be 64 41 86 2a 56 5f 23 80 fc cc Sep 21 07:25:07.102094: | 65 61 30 91 da 38 a2 22 d6 7e b0 d2 e7 f0 50 09 Sep 21 07:25:07.102096: | a9 54 0a ed ea 9e 70 d1 6b 1b 2d 13 a3 d5 95 79 Sep 21 07:25:07.102098: | d5 a2 f5 de 44 0c ad c1 29 00 00 24 b7 b4 eb 8e Sep 21 07:25:07.102100: | 73 49 da b4 69 eb 0a e2 eb 69 ef 71 3b b3 dd 8b Sep 21 07:25:07.102102: | e8 1a 6a 27 cf f5 b7 64 ba 76 34 5d 29 00 00 08 Sep 21 07:25:07.102104: | 00 00 40 2e 29 00 00 1c 00 00 40 04 a1 fe d2 ef Sep 21 07:25:07.102107: | 9a 0e 63 6c b4 59 75 67 f0 75 53 66 9d a4 70 14 Sep 21 07:25:07.102109: | 00 00 00 1c 00 00 40 05 56 e2 29 ba b8 5b cb 8c Sep 21 07:25:07.102111: | fe bd 2e 5d 2a 54 0d fe a7 13 50 9e Sep 21 07:25:07.102681: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:07.102692: | libevent_free: release ptr-libevent@0x5596586a2ed0 Sep 21 07:25:07.102696: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5596586add20 Sep 21 07:25:07.102699: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:07.102703: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:07.102712: | event_schedule: new EVENT_RETRANSMIT-pe@0x5596586add20 Sep 21 07:25:07.102716: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:25:07.102719: | libevent_malloc: new ptr-libevent@0x5596586a2ed0 size 128 Sep 21 07:25:07.102725: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49353.470975 Sep 21 07:25:07.102730: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:07.102738: | #1 spent 1.81 milliseconds in resume sending helper answer Sep 21 07:25:07.102743: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:07.102747: | libevent_free: release ptr-libevent@0x7fb92c006900 Sep 21 07:25:07.107057: | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.107083: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.107087: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.107090: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Sep 21 07:25:07.107092: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:07.107094: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:07.107096: | 04 00 00 0e 28 00 01 08 00 0e 00 00 1b be 77 e6 Sep 21 07:25:07.107101: | dc 25 7d ce f7 0b 4b 55 f6 10 54 d7 25 b8 b3 e6 Sep 21 07:25:07.107103: | 04 89 92 d0 10 8d 6b 32 10 9c 9b ec 51 76 7f ba Sep 21 07:25:07.107106: | e9 f5 e9 81 9e e2 5c f6 1d 72 d1 ae cd 5d 6b 4e Sep 21 07:25:07.107108: | 2f e6 ba 24 36 35 3f 02 e5 89 2e 32 69 39 05 05 Sep 21 07:25:07.107110: | d9 e3 2d bb 16 f9 0c 33 b6 2d 37 90 3f 6f ae 82 Sep 21 07:25:07.107112: | 68 ab 2d 9c d9 f0 3a 06 dd 8e 6b dc f6 55 38 20 Sep 21 07:25:07.107114: | c2 e6 87 a5 e6 7f d9 13 5b 9b 2d a5 a8 2d 5a 1a Sep 21 07:25:07.107116: | 35 4e 93 26 27 a0 57 92 be 3f ad f0 fa 8a d6 65 Sep 21 07:25:07.107118: | be fc 5c c2 ed fe d8 e9 0d 72 45 cc 79 60 60 eb Sep 21 07:25:07.107120: | 15 8a 65 8a 61 8b 20 d3 96 5f e6 db 11 fe 1c d8 Sep 21 07:25:07.107122: | 73 d9 b3 29 09 73 5b 8d b0 2e 1b b7 03 74 20 67 Sep 21 07:25:07.107124: | a9 a1 15 d7 ab 90 53 2c fb 5f ce 48 11 a7 f0 83 Sep 21 07:25:07.107127: | e7 e1 1a 8c 27 1f 81 e1 f0 51 72 dd 78 ed ad 54 Sep 21 07:25:07.107129: | e4 78 f7 6e ea b1 63 59 47 25 90 16 02 52 05 69 Sep 21 07:25:07.107132: | 60 76 f6 e7 ac 0e f8 19 1a 80 35 66 c2 33 66 97 Sep 21 07:25:07.107135: | fc 41 85 9c 39 f8 69 03 3f 06 62 bd 29 00 00 24 Sep 21 07:25:07.107138: | e6 10 f0 2c 26 ab b2 01 67 a7 9b 77 d1 af 0b 5e Sep 21 07:25:07.107140: | 68 0e 36 35 e8 6d 65 10 4b 6b 79 97 f6 cc d2 11 Sep 21 07:25:07.107143: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:07.107145: | 69 3a 01 af a2 c4 e3 58 bd 00 b8 ae 51 4f e3 c1 Sep 21 07:25:07.107147: | bf c2 67 b2 26 00 00 1c 00 00 40 05 b2 34 8c bf Sep 21 07:25:07.107150: | 4b 91 ba cb 7f d6 14 7a 74 bb 6e f3 1b 66 3e f2 Sep 21 07:25:07.107152: | 00 00 00 19 04 4e cf af 8c 44 87 de 90 be 28 67 Sep 21 07:25:07.107154: | b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:25:07.107159: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.107162: | **parse ISAKMP Message: Sep 21 07:25:07.107165: | initiator cookie: Sep 21 07:25:07.107167: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.107169: | responder cookie: Sep 21 07:25:07.107171: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.107173: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:07.107176: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.107178: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:07.107180: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.107182: | Message ID: 0 (0x0) Sep 21 07:25:07.107185: | length: 457 (0x1c9) Sep 21 07:25:07.107187: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:07.107191: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:07.107194: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:07.107200: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.107204: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.107207: | #1 is idle Sep 21 07:25:07.107209: | #1 idle Sep 21 07:25:07.107211: | unpacking clear payload Sep 21 07:25:07.107213: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:07.107216: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:07.107219: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:07.107221: | flags: none (0x0) Sep 21 07:25:07.107223: | length: 40 (0x28) Sep 21 07:25:07.107226: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:07.107228: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:07.107231: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:07.107233: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:07.107236: | flags: none (0x0) Sep 21 07:25:07.107238: | length: 264 (0x108) Sep 21 07:25:07.107240: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.107245: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:07.107248: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:07.107250: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:07.107253: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:07.107255: | flags: none (0x0) Sep 21 07:25:07.107257: | length: 36 (0x24) Sep 21 07:25:07.107259: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:07.107261: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:07.107264: | ***parse IKEv2 Notify Payload: Sep 21 07:25:07.107266: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:07.107268: | flags: none (0x0) Sep 21 07:25:07.107271: | length: 8 (0x8) Sep 21 07:25:07.107273: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:07.107275: | SPI size: 0 (0x0) Sep 21 07:25:07.107278: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:07.107280: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:07.107282: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:07.107285: | ***parse IKEv2 Notify Payload: Sep 21 07:25:07.107287: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:07.107289: | flags: none (0x0) Sep 21 07:25:07.107291: | length: 28 (0x1c) Sep 21 07:25:07.107293: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:07.107295: | SPI size: 0 (0x0) Sep 21 07:25:07.107297: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:07.107300: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:07.107302: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:07.107304: | ***parse IKEv2 Notify Payload: Sep 21 07:25:07.107307: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:25:07.107309: | flags: none (0x0) Sep 21 07:25:07.107311: | length: 28 (0x1c) Sep 21 07:25:07.107313: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:07.107316: | SPI size: 0 (0x0) Sep 21 07:25:07.107318: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:07.107320: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:07.107323: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:07.107325: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:25:07.107328: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.107330: | flags: none (0x0) Sep 21 07:25:07.107332: | length: 25 (0x19) Sep 21 07:25:07.107335: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:07.107337: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Sep 21 07:25:07.107340: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:07.107346: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:07.107350: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:07.107352: | Now let's proceed with state specific processing Sep 21 07:25:07.107355: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:07.107359: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:07.107377: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:07.107381: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:07.107385: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:07.107389: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:07.107392: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:07.107394: | local proposal 1 type DH has 8 transforms Sep 21 07:25:07.107397: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:07.107400: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:07.107403: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:07.107405: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:07.107408: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:07.107410: | local proposal 2 type DH has 8 transforms Sep 21 07:25:07.107412: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:07.107415: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:07.107418: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:07.107420: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:07.107422: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:07.107425: | local proposal 3 type DH has 8 transforms Sep 21 07:25:07.107427: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:07.107430: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:07.107433: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:07.107435: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:07.107438: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:07.107440: | local proposal 4 type DH has 8 transforms Sep 21 07:25:07.107442: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:07.107445: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:07.107448: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.107451: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:07.107453: | length: 36 (0x24) Sep 21 07:25:07.107455: | prop #: 1 (0x1) Sep 21 07:25:07.107458: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:07.107460: | spi size: 0 (0x0) Sep 21 07:25:07.107463: | # transforms: 3 (0x3) Sep 21 07:25:07.107466: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:07.107469: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.107472: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.107475: | length: 12 (0xc) Sep 21 07:25:07.107477: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.107479: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.107482: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.107484: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.107487: | length/value: 256 (0x100) Sep 21 07:25:07.107491: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:07.107493: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.107496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.107498: | length: 8 (0x8) Sep 21 07:25:07.107500: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:07.107503: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:07.107506: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:07.107509: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.107511: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.107513: | length: 8 (0x8) Sep 21 07:25:07.107516: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.107518: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.107521: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:07.107524: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:07.107528: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:07.107533: | remote proposal 1 matches local proposal 1 Sep 21 07:25:07.107536: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:07.107538: | converting proposal to internal trans attrs Sep 21 07:25:07.107557: | natd_hash: hasher=0x559656d347a0(20) Sep 21 07:25:07.107561: | natd_hash: icookie= 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.107563: | natd_hash: rcookie= 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.107565: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:07.107567: | natd_hash: port= 01 f4 Sep 21 07:25:07.107570: | natd_hash: hash= b2 34 8c bf 4b 91 ba cb 7f d6 14 7a 74 bb 6e f3 Sep 21 07:25:07.107572: | natd_hash: hash= 1b 66 3e f2 Sep 21 07:25:07.107578: | natd_hash: hasher=0x559656d347a0(20) Sep 21 07:25:07.107581: | natd_hash: icookie= 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.107583: | natd_hash: rcookie= 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.107585: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:07.107587: | natd_hash: port= 01 f4 Sep 21 07:25:07.107589: | natd_hash: hash= 69 3a 01 af a2 c4 e3 58 bd 00 b8 ae 51 4f e3 c1 Sep 21 07:25:07.107591: | natd_hash: hash= bf c2 67 b2 Sep 21 07:25:07.107594: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:07.107596: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:07.107599: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:07.107602: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:07.107608: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:07.107613: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:07.107616: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:07.107618: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:07.107623: | libevent_free: release ptr-libevent@0x5596586a2ed0 Sep 21 07:25:07.107626: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5596586add20 Sep 21 07:25:07.107629: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5596586add20 Sep 21 07:25:07.107632: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:07.107635: | libevent_malloc: new ptr-libevent@0x5596586a2ed0 size 128 Sep 21 07:25:07.107647: | #1 spent 0.287 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:07.107649: | crypto helper 5 resuming Sep 21 07:25:07.107662: | crypto helper 5 starting work-order 2 for state #1 Sep 21 07:25:07.107667: | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:07.108488: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:07.108965: | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001295 seconds Sep 21 07:25:07.108979: | (#1) spent 1.29 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:07.108984: | crypto helper 5 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:07.108988: | scheduling resume sending helper answer for #1 Sep 21 07:25:07.108992: | libevent_malloc: new ptr-libevent@0x7fb924006b90 size 128 Sep 21 07:25:07.109000: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:07.107653: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.109039: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:07.109044: | suspending state #1 and saving MD Sep 21 07:25:07.109047: | #1 is busy; has a suspended MD Sep 21 07:25:07.109055: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:07.109061: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:07.109067: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.109079: | #1 spent 0.631 milliseconds in ikev2_process_packet() Sep 21 07:25:07.109084: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:07.109089: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.109092: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.109097: | spent 0.65 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.109110: | processing resume sending helper answer for #1 Sep 21 07:25:07.109116: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:07.109120: | crypto helper 5 replies to request ID 2 Sep 21 07:25:07.109124: | calling continuation function 0x559656c5e630 Sep 21 07:25:07.109128: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:07.109134: | creating state object #2 at 0x5596586b32e0 Sep 21 07:25:07.109138: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:07.109143: | pstats #2 ikev2.child started Sep 21 07:25:07.109147: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:25:07.109153: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:07.109161: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:07.109168: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:07.109174: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:07.109179: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:07.109183: | libevent_free: release ptr-libevent@0x5596586a2ed0 Sep 21 07:25:07.109187: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5596586add20 Sep 21 07:25:07.109191: | event_schedule: new EVENT_SA_REPLACE-pe@0x5596586add20 Sep 21 07:25:07.109196: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:07.109200: | libevent_malloc: new ptr-libevent@0x5596586a2ed0 size 128 Sep 21 07:25:07.109204: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:07.109211: | **emit ISAKMP Message: Sep 21 07:25:07.109214: | initiator cookie: Sep 21 07:25:07.109217: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.109220: | responder cookie: Sep 21 07:25:07.109223: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.109227: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.109230: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.109234: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.109237: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.109240: | Message ID: 1 (0x1) Sep 21 07:25:07.109244: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.109248: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:07.109252: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.109255: | flags: none (0x0) Sep 21 07:25:07.109259: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:07.109263: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.109268: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:07.109278: | IKEv2 CERT: send a certificate? Sep 21 07:25:07.109281: | IKEv2 CERT: OK to send a certificate (always) Sep 21 07:25:07.109285: | IDr payload will be sent Sep 21 07:25:07.109299: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:07.109303: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.109310: | flags: none (0x0) Sep 21 07:25:07.109314: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:25:07.109319: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:07.109323: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.109327: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:07.109331: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:25:07.109334: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:25:07.109337: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:25:07.109340: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:25:07.109343: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:25:07.109346: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:25:07.109349: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:25:07.109351: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:25:07.109354: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:25:07.109357: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:25:07.109360: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:25:07.109363: | my identity 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:25:07.109366: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Sep 21 07:25:07.109378: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:07.109382: | ****emit IKEv2 Certificate Payload: Sep 21 07:25:07.109385: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.109388: | flags: none (0x0) Sep 21 07:25:07.109391: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:07.109396: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Sep 21 07:25:07.109400: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.109404: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Sep 21 07:25:07.109407: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Sep 21 07:25:07.109410: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:25:07.109413: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:25:07.109416: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:25:07.109419: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:25:07.109422: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:25:07.109425: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:25:07.109428: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:25:07.109431: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:25:07.109434: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:25:07.109437: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:25:07.109440: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:25:07.109443: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:25:07.109446: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:25:07.109449: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:25:07.109452: | CERT 39 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:25:07.109454: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:25:07.109457: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:25:07.109460: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:25:07.109465: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:25:07.109469: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:25:07.109472: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Sep 21 07:25:07.109475: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:25:07.109478: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Sep 21 07:25:07.109480: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Sep 21 07:25:07.109484: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Sep 21 07:25:07.109487: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Sep 21 07:25:07.109490: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Sep 21 07:25:07.109492: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 ba c2 12 92 Sep 21 07:25:07.109495: | CERT f3 67 1c ca 50 e4 11 97 bd e2 74 f8 2d a7 50 1c Sep 21 07:25:07.109498: | CERT 73 d5 23 89 43 a9 58 74 05 29 97 ee a9 71 9c 8d Sep 21 07:25:07.109501: | CERT 92 44 52 90 56 aa 55 a8 8c 69 5e 32 49 62 fb 18 Sep 21 07:25:07.109504: | CERT 4f f0 e2 24 38 f0 a3 3c 7d 95 a9 03 66 29 11 c0 Sep 21 07:25:07.109507: | CERT f2 0c e3 de a1 62 78 96 0e ff d1 f8 93 ac b7 cf Sep 21 07:25:07.109511: | CERT 52 33 01 71 ef 46 ad ad d4 46 f5 e0 c5 e5 57 42 Sep 21 07:25:07.109514: | CERT 2f 10 0e 27 24 45 5e d0 bd 90 32 70 b9 bb 27 2a Sep 21 07:25:07.109516: | CERT 4c 93 a8 87 8c f0 61 5d d9 74 91 04 d9 e9 5b e5 Sep 21 07:25:07.109519: | CERT 31 9c ca e0 5b 2c 3b 17 be 1a c9 1c 28 62 24 3c Sep 21 07:25:07.109522: | CERT e4 eb d0 1a e4 e3 c4 61 b6 9d 1a a9 39 6a b0 92 Sep 21 07:25:07.109525: | CERT a6 69 2c 19 b1 57 75 2b a8 1b ac 95 2b 35 5a 2f Sep 21 07:25:07.109529: | CERT 1f 33 eb 9a 50 d0 4d fa 7a 05 9b 59 44 7d ba a6 Sep 21 07:25:07.109532: | CERT 91 64 c9 4d 4a 01 39 e3 83 11 04 e9 b5 b3 9d 19 Sep 21 07:25:07.109535: | CERT 1b 35 86 8a e9 e4 8b 28 e9 57 06 58 e2 cb a6 24 Sep 21 07:25:07.109538: | CERT 35 73 37 7c 05 25 07 5f b6 df 3f 8b ab 5f e7 e4 Sep 21 07:25:07.109540: | CERT 38 d2 69 f6 1f 68 e9 7b 4f 2f fd 11 62 0e 47 ee Sep 21 07:25:07.109543: | CERT 67 3b 0e 71 d8 9a 35 1b e4 4f 56 64 fd c1 66 02 Sep 21 07:25:07.109546: | CERT 69 2e 08 ac e7 43 ca 55 47 97 ae 83 19 50 e4 9d Sep 21 07:25:07.109549: | CERT c7 a6 5c 9b 93 22 54 6f 02 4b 75 00 cf 67 e3 e2 Sep 21 07:25:07.109552: | CERT 07 7c d8 47 8f c1 09 83 cc 70 94 fa 6c 74 c8 55 Sep 21 07:25:07.109556: | CERT 7b 96 2c c1 85 f1 02 98 cd 1d be 85 5c 10 80 dd Sep 21 07:25:07.109559: | CERT bb 89 44 4b 94 fa 5e 56 5c 67 0e 2e c6 62 69 d4 Sep 21 07:25:07.109562: | CERT de 0e 97 31 ed 00 10 7b 83 dc 75 e4 12 fb 00 15 Sep 21 07:25:07.109565: | CERT eb 5d e4 85 6b 0d 07 4b e6 db 86 31 02 03 01 00 Sep 21 07:25:07.109568: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Sep 21 07:25:07.109570: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Sep 21 07:25:07.109573: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:25:07.109576: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Sep 21 07:25:07.109579: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Sep 21 07:25:07.109582: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Sep 21 07:25:07.109585: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Sep 21 07:25:07.109588: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Sep 21 07:25:07.109591: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Sep 21 07:25:07.109594: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:25:07.109597: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Sep 21 07:25:07.109600: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Sep 21 07:25:07.109603: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Sep 21 07:25:07.109606: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Sep 21 07:25:07.109609: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Sep 21 07:25:07.109613: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 c0 be 88 d3 94 Sep 21 07:25:07.109617: | CERT e8 3a e9 d3 b3 fd ed 79 1d 46 48 36 a3 2a 00 15 Sep 21 07:25:07.109620: | CERT 9e 62 f1 22 44 4c 58 20 2e de 7d 7f 95 09 d5 bd Sep 21 07:25:07.109623: | CERT 95 29 e4 f8 99 e3 8f c0 67 b4 eb f6 4b a3 4e 69 Sep 21 07:25:07.109626: | CERT 48 de 1c 93 9f 22 c8 b7 ca bb e8 0c af 7e 5a cd Sep 21 07:25:07.109629: | CERT 90 0c b9 e5 4b 4a de cc c3 7c ea e6 3f 96 0c b5 Sep 21 07:25:07.109631: | CERT dc 5f 88 2d e7 e2 cc f5 f3 90 76 dc b3 05 1d 01 Sep 21 07:25:07.109634: | CERT 60 24 b8 8c a2 f7 26 17 04 4f 25 15 bc 7f 1c ff Sep 21 07:25:07.109637: | CERT 4a f7 81 eb 12 63 8b 11 8c 53 ba Sep 21 07:25:07.109640: | emitting length of IKEv2 Certificate Payload: 1232 Sep 21 07:25:07.109643: | IKEv2 CERTREQ: send a cert request? Sep 21 07:25:07.109648: | IKEv2 CERTREQ: OK to send a certificate request Sep 21 07:25:07.109661: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Sep 21 07:25:07.109665: | connection->kind is CK_PERMANENT so send CERTREQ Sep 21 07:25:07.109668: | ****emit IKEv2 Certificate Request Payload: Sep 21 07:25:07.109671: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.109675: | flags: none (0x0) Sep 21 07:25:07.109678: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:07.109683: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:07.109686: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.110457: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Sep 21 07:25:07.110478: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Sep 21 07:25:07.110483: | CA cert public key hash Sep 21 07:25:07.110486: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:25:07.110488: | 8e eb 22 c0 Sep 21 07:25:07.110492: | emitting length of IKEv2 Certificate Request Payload: 25 Sep 21 07:25:07.110496: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:07.110500: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:07.110503: | flags: none (0x0) Sep 21 07:25:07.110506: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:25:07.110510: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:07.110516: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:07.110520: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.110524: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:07.110527: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:25:07.110530: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:25:07.110533: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:25:07.110536: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:25:07.110539: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:25:07.110542: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:25:07.110545: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:25:07.110548: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:07.110551: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:25:07.110554: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:25:07.110557: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:07.110562: | IDr 77 61 6e 2e 6f 72 67 Sep 21 07:25:07.110566: | emitting length of IKEv2 Identification - Responder - Payload: 191 Sep 21 07:25:07.110568: | not sending INITIAL_CONTACT Sep 21 07:25:07.110572: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:07.110576: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.110578: | flags: none (0x0) Sep 21 07:25:07.110582: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:07.110587: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:07.110591: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.110597: | #1 spent 1.47 milliseconds Sep 21 07:25:07.110618: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Sep 21 07:25:07.110681: | searching for certificate PKK_RSA:AwEAAbrCE vs PKK_RSA:AwEAAbrCE Sep 21 07:25:07.124470: | #1 spent 9.84 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:07.124488: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:07.124492: | rsa signature 6b fc 46 ab 5b b9 4b c2 63 cc 64 8e 37 6a 71 a1 Sep 21 07:25:07.124495: | rsa signature dd 03 03 ff dd 13 94 5a 24 3e 04 bf fa 48 51 49 Sep 21 07:25:07.124498: | rsa signature a4 d8 07 08 2d ac 12 3e 1b 11 a4 f1 bc c5 5e 40 Sep 21 07:25:07.124501: | rsa signature ee 08 54 9e bf 79 67 9d 47 c8 ed b9 3d 22 7c 2e Sep 21 07:25:07.124504: | rsa signature 60 43 28 2b 19 f5 51 36 05 de a3 da dc 8b c6 62 Sep 21 07:25:07.124507: | rsa signature d7 88 ea 58 04 4f 65 d4 30 99 ed 22 a9 3e c5 da Sep 21 07:25:07.124510: | rsa signature df 55 ea fe 6a 53 48 51 6a 9b f3 e3 88 a3 5a ce Sep 21 07:25:07.124513: | rsa signature 01 dd 5f f7 4a 09 65 82 e4 ee 32 ca 12 65 8d e5 Sep 21 07:25:07.124515: | rsa signature fc 7e ca dc 87 38 24 86 12 bd 95 73 db 02 3f 2c Sep 21 07:25:07.124518: | rsa signature 98 29 23 6a 6f 01 f0 d5 e9 ea af ac 25 5d e3 3f Sep 21 07:25:07.124521: | rsa signature bb 62 d7 98 7c f2 c3 ad df fd 76 6f 30 ae ed 5d Sep 21 07:25:07.124524: | rsa signature d2 41 b9 b5 71 e5 4d 71 98 9f 02 44 bf 45 5c 39 Sep 21 07:25:07.124527: | rsa signature 4a c8 39 34 03 75 be e3 1e 10 af 14 15 5b 35 f6 Sep 21 07:25:07.124530: | rsa signature 08 ba 2a c2 5b 9c f7 21 82 96 e2 bd 5a 83 28 06 Sep 21 07:25:07.124533: | rsa signature d5 2b 7e d5 32 97 cc 45 bb d8 ea fb bc a4 d1 c7 Sep 21 07:25:07.124536: | rsa signature 48 16 9a 3e bc d7 db 72 79 76 9c 19 40 6a 96 42 Sep 21 07:25:07.124539: | rsa signature 33 ee c6 8d b7 36 93 2d fe 82 0a bd 09 46 3e 95 Sep 21 07:25:07.124542: | rsa signature f5 f1 0f 0e d5 b9 51 7d 32 50 6f 53 ec a0 e1 ab Sep 21 07:25:07.124545: | rsa signature 1d 5a 59 e8 b0 a1 2e 9a a5 24 2c 94 57 97 5d 39 Sep 21 07:25:07.124548: | rsa signature ad 86 b6 de ee d0 c3 25 02 90 a6 ca 7c 98 3d 41 Sep 21 07:25:07.124551: | rsa signature 05 48 5c 15 45 2f 41 d5 cc b7 bd 65 c2 d6 97 ab Sep 21 07:25:07.124554: | rsa signature 4a 96 7d f3 1c 6a fc 58 2c 83 51 d7 d5 c2 5e f5 Sep 21 07:25:07.124557: | rsa signature f1 aa e1 2c 53 65 7c c0 3b 8e c5 50 b0 f6 57 81 Sep 21 07:25:07.124560: | rsa signature 97 6d 17 21 a8 e3 42 95 9a 3a 6e f7 94 1d f4 cc Sep 21 07:25:07.124565: | #1 spent 10 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:07.124569: | emitting length of IKEv2 Authentication Payload: 392 Sep 21 07:25:07.124572: | getting first pending from state #1 Sep 21 07:25:07.124577: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Sep 21 07:25:07.124581: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:07.124604: | netlink_get_spi: allocated 0x559b2361 for esp.0@192.1.3.33 Sep 21 07:25:07.124609: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:07.124616: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:07.124623: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:07.124626: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:07.124631: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:07.124636: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:07.124641: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:07.124645: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:07.124651: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:07.124661: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:07.124671: | Emitting ikev2_proposals ... Sep 21 07:25:07.124675: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:07.124679: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.124682: | flags: none (0x0) Sep 21 07:25:07.124687: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:07.124691: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.124694: | discarding INTEG=NONE Sep 21 07:25:07.124696: | discarding DH=NONE Sep 21 07:25:07.124699: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.124702: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.124705: | prop #: 1 (0x1) Sep 21 07:25:07.124708: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.124711: | spi size: 4 (0x4) Sep 21 07:25:07.124714: | # transforms: 2 (0x2) Sep 21 07:25:07.124718: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.124722: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.124725: | our spi 55 9b 23 61 Sep 21 07:25:07.124728: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124734: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.124737: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.124741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.124744: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.124747: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.124750: | length/value: 256 (0x100) Sep 21 07:25:07.124754: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.124756: | discarding INTEG=NONE Sep 21 07:25:07.124759: | discarding DH=NONE Sep 21 07:25:07.124761: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124764: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.124767: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.124770: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.124775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.124788: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.124793: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:07.124797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.124800: | discarding INTEG=NONE Sep 21 07:25:07.124802: | discarding DH=NONE Sep 21 07:25:07.124805: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.124808: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.124811: | prop #: 2 (0x2) Sep 21 07:25:07.124813: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.124816: | spi size: 4 (0x4) Sep 21 07:25:07.124819: | # transforms: 2 (0x2) Sep 21 07:25:07.124823: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.124827: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.124831: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.124833: | our spi 55 9b 23 61 Sep 21 07:25:07.124837: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124843: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.124846: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.124849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.124853: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.124856: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.124858: | length/value: 128 (0x80) Sep 21 07:25:07.124862: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.124864: | discarding INTEG=NONE Sep 21 07:25:07.124867: | discarding DH=NONE Sep 21 07:25:07.124869: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124872: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.124875: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.124878: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.124882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.124889: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.124893: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:07.124896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.124899: | discarding DH=NONE Sep 21 07:25:07.124902: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.124905: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.124907: | prop #: 3 (0x3) Sep 21 07:25:07.124910: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.124913: | spi size: 4 (0x4) Sep 21 07:25:07.124916: | # transforms: 4 (0x4) Sep 21 07:25:07.124920: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.124924: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.124927: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.124930: | our spi 55 9b 23 61 Sep 21 07:25:07.124933: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124937: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124940: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.124943: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:07.124947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.124950: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.124953: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.124956: | length/value: 256 (0x100) Sep 21 07:25:07.124959: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.124962: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124967: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.124971: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:07.124975: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.124982: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.124985: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.124988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.124991: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.124994: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:07.124998: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.125005: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.125007: | discarding DH=NONE Sep 21 07:25:07.125010: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.125013: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.125016: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.125019: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.125023: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.125030: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.125033: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:07.125036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.125039: | discarding DH=NONE Sep 21 07:25:07.125042: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.125045: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:07.125048: | prop #: 4 (0x4) Sep 21 07:25:07.125050: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.125053: | spi size: 4 (0x4) Sep 21 07:25:07.125056: | # transforms: 4 (0x4) Sep 21 07:25:07.125060: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.125064: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.125067: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.125070: | our spi 55 9b 23 61 Sep 21 07:25:07.125073: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.125075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125081: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.125084: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:07.125088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.125091: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.125094: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.125097: | length/value: 128 (0x80) Sep 21 07:25:07.125100: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.125103: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.125106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125109: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.125112: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:07.125116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.125123: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.125126: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.125129: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125132: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.125135: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:07.125139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.125146: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.125149: | discarding DH=NONE Sep 21 07:25:07.125152: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.125154: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.125157: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.125160: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.125164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.125169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.125172: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.125175: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:07.125179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.125182: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:07.125185: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:07.125190: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:07.125193: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.125196: | flags: none (0x0) Sep 21 07:25:07.125199: | number of TS: 1 (0x1) Sep 21 07:25:07.125204: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:07.125208: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.125211: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:07.125214: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.125217: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.125219: | start port: 0 (0x0) Sep 21 07:25:07.125222: | end port: 65535 (0xffff) Sep 21 07:25:07.125227: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:07.125230: | IP start c0 00 03 00 Sep 21 07:25:07.125233: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:07.125236: | IP end c0 00 03 ff Sep 21 07:25:07.125239: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:07.125242: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:07.125245: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:07.125248: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.125251: | flags: none (0x0) Sep 21 07:25:07.125253: | number of TS: 1 (0x1) Sep 21 07:25:07.125258: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:07.125262: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.125265: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:07.125268: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.125270: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.125273: | start port: 0 (0x0) Sep 21 07:25:07.125276: | end port: 65535 (0xffff) Sep 21 07:25:07.125279: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:07.125282: | IP start c0 00 02 00 Sep 21 07:25:07.125285: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:07.125287: | IP end c0 00 02 ff Sep 21 07:25:07.125290: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:07.125293: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:07.125297: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:07.125301: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:07.125304: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.125309: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:07.125312: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:07.125315: | emitting length of IKEv2 Encryption Payload: 2274 Sep 21 07:25:07.125318: | emitting length of ISAKMP Message: 2302 Sep 21 07:25:07.125323: | **parse ISAKMP Message: Sep 21 07:25:07.125326: | initiator cookie: Sep 21 07:25:07.125329: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.125332: | responder cookie: Sep 21 07:25:07.125334: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.125337: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:07.125341: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.125344: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.125347: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.125350: | Message ID: 1 (0x1) Sep 21 07:25:07.125352: | length: 2302 (0x8fe) Sep 21 07:25:07.125355: | **parse IKEv2 Encryption Payload: Sep 21 07:25:07.125358: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:07.125361: | flags: none (0x0) Sep 21 07:25:07.125364: | length: 2274 (0x8e2) Sep 21 07:25:07.125367: | **emit ISAKMP Message: Sep 21 07:25:07.125369: | initiator cookie: Sep 21 07:25:07.125372: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.125374: | responder cookie: Sep 21 07:25:07.125377: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.125380: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.125383: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.125386: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.125389: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.125392: | Message ID: 1 (0x1) Sep 21 07:25:07.125395: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.125398: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:07.125401: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:07.125405: | flags: none (0x0) Sep 21 07:25:07.125408: | fragment number: 1 (0x1) Sep 21 07:25:07.125411: | total fragments: 5 (0x5) Sep 21 07:25:07.125415: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:25:07.125419: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.125423: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:07.125426: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:07.125434: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:07.125437: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Sep 21 07:25:07.125440: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:25:07.125443: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:25:07.125446: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:25:07.125449: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:25:07.125452: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:25:07.125455: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Sep 21 07:25:07.125458: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Sep 21 07:25:07.125461: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:25:07.125464: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Sep 21 07:25:07.125467: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Sep 21 07:25:07.125470: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Sep 21 07:25:07.125473: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Sep 21 07:25:07.125476: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Sep 21 07:25:07.125479: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Sep 21 07:25:07.125482: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Sep 21 07:25:07.125485: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Sep 21 07:25:07.125488: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Sep 21 07:25:07.125491: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Sep 21 07:25:07.125494: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Sep 21 07:25:07.125497: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Sep 21 07:25:07.125500: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Sep 21 07:25:07.125503: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Sep 21 07:25:07.125506: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Sep 21 07:25:07.125509: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Sep 21 07:25:07.125512: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 Sep 21 07:25:07.125516: | cleartext fragment 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 Sep 21 07:25:07.125519: | cleartext fragment 34 31 39 34 34 35 39 5a 30 81 b6 31 0b 30 09 06 Sep 21 07:25:07.125522: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:25:07.125525: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Sep 21 07:25:07.125528: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.125531: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:07.125535: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:07.125538: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:07.125542: | emitting length of ISAKMP Message: 539 Sep 21 07:25:07.125557: | **emit ISAKMP Message: Sep 21 07:25:07.125560: | initiator cookie: Sep 21 07:25:07.125562: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.125565: | responder cookie: Sep 21 07:25:07.125568: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.125571: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.125574: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.125577: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.125580: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.125582: | Message ID: 1 (0x1) Sep 21 07:25:07.125586: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.125589: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:07.125592: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.125594: | flags: none (0x0) Sep 21 07:25:07.125597: | fragment number: 2 (0x2) Sep 21 07:25:07.125600: | total fragments: 5 (0x5) Sep 21 07:25:07.125603: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:07.125608: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.125611: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:07.125614: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:07.125619: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:07.125622: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Sep 21 07:25:07.125625: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Sep 21 07:25:07.125628: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Sep 21 07:25:07.125631: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Sep 21 07:25:07.125634: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Sep 21 07:25:07.125637: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Sep 21 07:25:07.125640: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:25:07.125643: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Sep 21 07:25:07.125646: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Sep 21 07:25:07.125649: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Sep 21 07:25:07.125652: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Sep 21 07:25:07.125655: | cleartext fragment 82 01 81 00 ba c2 12 92 f3 67 1c ca 50 e4 11 97 Sep 21 07:25:07.125658: | cleartext fragment bd e2 74 f8 2d a7 50 1c 73 d5 23 89 43 a9 58 74 Sep 21 07:25:07.125661: | cleartext fragment 05 29 97 ee a9 71 9c 8d 92 44 52 90 56 aa 55 a8 Sep 21 07:25:07.125664: | cleartext fragment 8c 69 5e 32 49 62 fb 18 4f f0 e2 24 38 f0 a3 3c Sep 21 07:25:07.125667: | cleartext fragment 7d 95 a9 03 66 29 11 c0 f2 0c e3 de a1 62 78 96 Sep 21 07:25:07.125670: | cleartext fragment 0e ff d1 f8 93 ac b7 cf 52 33 01 71 ef 46 ad ad Sep 21 07:25:07.125673: | cleartext fragment d4 46 f5 e0 c5 e5 57 42 2f 10 0e 27 24 45 5e d0 Sep 21 07:25:07.125676: | cleartext fragment bd 90 32 70 b9 bb 27 2a 4c 93 a8 87 8c f0 61 5d Sep 21 07:25:07.125679: | cleartext fragment d9 74 91 04 d9 e9 5b e5 31 9c ca e0 5b 2c 3b 17 Sep 21 07:25:07.125682: | cleartext fragment be 1a c9 1c 28 62 24 3c e4 eb d0 1a e4 e3 c4 61 Sep 21 07:25:07.125685: | cleartext fragment b6 9d 1a a9 39 6a b0 92 a6 69 2c 19 b1 57 75 2b Sep 21 07:25:07.125688: | cleartext fragment a8 1b ac 95 2b 35 5a 2f 1f 33 eb 9a 50 d0 4d fa Sep 21 07:25:07.125691: | cleartext fragment 7a 05 9b 59 44 7d ba a6 91 64 c9 4d 4a 01 39 e3 Sep 21 07:25:07.125694: | cleartext fragment 83 11 04 e9 b5 b3 9d 19 1b 35 86 8a e9 e4 8b 28 Sep 21 07:25:07.125699: | cleartext fragment e9 57 06 58 e2 cb a6 24 35 73 37 7c 05 25 07 5f Sep 21 07:25:07.125702: | cleartext fragment b6 df 3f 8b ab 5f e7 e4 38 d2 69 f6 1f 68 e9 7b Sep 21 07:25:07.125705: | cleartext fragment 4f 2f fd 11 62 0e 47 ee 67 3b 0e 71 d8 9a 35 1b Sep 21 07:25:07.125708: | cleartext fragment e4 4f 56 64 fd c1 66 02 69 2e 08 ac e7 43 ca 55 Sep 21 07:25:07.125711: | cleartext fragment 47 97 ae 83 19 50 e4 9d c7 a6 5c 9b 93 22 Sep 21 07:25:07.125714: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.125717: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:07.125721: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:07.125724: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:07.125727: | emitting length of ISAKMP Message: 539 Sep 21 07:25:07.125734: | **emit ISAKMP Message: Sep 21 07:25:07.125736: | initiator cookie: Sep 21 07:25:07.125739: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.125742: | responder cookie: Sep 21 07:25:07.125744: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.125747: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.125750: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.125753: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.125756: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.125759: | Message ID: 1 (0x1) Sep 21 07:25:07.125762: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.125765: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:07.125768: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.125771: | flags: none (0x0) Sep 21 07:25:07.125774: | fragment number: 3 (0x3) Sep 21 07:25:07.125776: | total fragments: 5 (0x5) Sep 21 07:25:07.125780: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:07.125787: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.125793: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:07.125797: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:07.125801: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:07.125804: | cleartext fragment 54 6f 02 4b 75 00 cf 67 e3 e2 07 7c d8 47 8f c1 Sep 21 07:25:07.125807: | cleartext fragment 09 83 cc 70 94 fa 6c 74 c8 55 7b 96 2c c1 85 f1 Sep 21 07:25:07.125810: | cleartext fragment 02 98 cd 1d be 85 5c 10 80 dd bb 89 44 4b 94 fa Sep 21 07:25:07.125813: | cleartext fragment 5e 56 5c 67 0e 2e c6 62 69 d4 de 0e 97 31 ed 00 Sep 21 07:25:07.125816: | cleartext fragment 10 7b 83 dc 75 e4 12 fb 00 15 eb 5d e4 85 6b 0d Sep 21 07:25:07.125819: | cleartext fragment 07 4b e6 db 86 31 02 03 01 00 01 a3 81 e4 30 81 Sep 21 07:25:07.125822: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Sep 21 07:25:07.125825: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Sep 21 07:25:07.125828: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:25:07.125831: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Sep 21 07:25:07.125834: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Sep 21 07:25:07.125837: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Sep 21 07:25:07.125840: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Sep 21 07:25:07.125843: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Sep 21 07:25:07.125846: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Sep 21 07:25:07.125849: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Sep 21 07:25:07.125854: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Sep 21 07:25:07.125857: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Sep 21 07:25:07.125860: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Sep 21 07:25:07.125863: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Sep 21 07:25:07.125866: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Sep 21 07:25:07.125869: | cleartext fragment 00 03 81 81 00 c0 be 88 d3 94 e8 3a e9 d3 b3 fd Sep 21 07:25:07.125872: | cleartext fragment ed 79 1d 46 48 36 a3 2a 00 15 9e 62 f1 22 44 4c Sep 21 07:25:07.125875: | cleartext fragment 58 20 2e de 7d 7f 95 09 d5 bd 95 29 e4 f8 99 e3 Sep 21 07:25:07.125878: | cleartext fragment 8f c0 67 b4 eb f6 4b a3 4e 69 48 de 1c 93 9f 22 Sep 21 07:25:07.125881: | cleartext fragment c8 b7 ca bb e8 0c af 7e 5a cd 90 0c b9 e5 4b 4a Sep 21 07:25:07.125884: | cleartext fragment de cc c3 7c ea e6 3f 96 0c b5 dc 5f 88 2d e7 e2 Sep 21 07:25:07.125888: | cleartext fragment cc f5 f3 90 76 dc b3 05 1d 01 60 24 b8 8c a2 f7 Sep 21 07:25:07.125891: | cleartext fragment 26 17 04 4f 25 15 bc 7f 1c ff 4a f7 81 eb 12 63 Sep 21 07:25:07.125894: | cleartext fragment 8b 11 8c 53 ba 24 00 00 19 04 4e cf af 8c Sep 21 07:25:07.125897: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.125900: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:07.125904: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:07.125907: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:07.125910: | emitting length of ISAKMP Message: 539 Sep 21 07:25:07.125917: | **emit ISAKMP Message: Sep 21 07:25:07.125920: | initiator cookie: Sep 21 07:25:07.125923: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.125925: | responder cookie: Sep 21 07:25:07.125928: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.125931: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.125934: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.125937: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.125940: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.125943: | Message ID: 1 (0x1) Sep 21 07:25:07.125946: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.125949: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:07.125952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.125955: | flags: none (0x0) Sep 21 07:25:07.125957: | fragment number: 4 (0x4) Sep 21 07:25:07.125960: | total fragments: 5 (0x5) Sep 21 07:25:07.125964: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:07.125968: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.125972: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:07.125975: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:07.125983: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:07.125986: | cleartext fragment 44 87 de 90 be 28 67 b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:25:07.125989: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Sep 21 07:25:07.125992: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:25:07.125995: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:25:07.125998: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:25:07.126001: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:25:07.126004: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:25:07.126008: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:25:07.126012: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:25:07.126015: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:25:07.126018: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:25:07.126021: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:25:07.126024: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Sep 21 07:25:07.126027: | cleartext fragment 00 01 88 01 00 00 00 6b fc 46 ab 5b b9 4b c2 63 Sep 21 07:25:07.126030: | cleartext fragment cc 64 8e 37 6a 71 a1 dd 03 03 ff dd 13 94 5a 24 Sep 21 07:25:07.126033: | cleartext fragment 3e 04 bf fa 48 51 49 a4 d8 07 08 2d ac 12 3e 1b Sep 21 07:25:07.126037: | cleartext fragment 11 a4 f1 bc c5 5e 40 ee 08 54 9e bf 79 67 9d 47 Sep 21 07:25:07.126040: | cleartext fragment c8 ed b9 3d 22 7c 2e 60 43 28 2b 19 f5 51 36 05 Sep 21 07:25:07.126043: | cleartext fragment de a3 da dc 8b c6 62 d7 88 ea 58 04 4f 65 d4 30 Sep 21 07:25:07.126046: | cleartext fragment 99 ed 22 a9 3e c5 da df 55 ea fe 6a 53 48 51 6a Sep 21 07:25:07.126049: | cleartext fragment 9b f3 e3 88 a3 5a ce 01 dd 5f f7 4a 09 65 82 e4 Sep 21 07:25:07.126052: | cleartext fragment ee 32 ca 12 65 8d e5 fc 7e ca dc 87 38 24 86 12 Sep 21 07:25:07.126055: | cleartext fragment bd 95 73 db 02 3f 2c 98 29 23 6a 6f 01 f0 d5 e9 Sep 21 07:25:07.126058: | cleartext fragment ea af ac 25 5d e3 3f bb 62 d7 98 7c f2 c3 ad df Sep 21 07:25:07.126061: | cleartext fragment fd 76 6f 30 ae ed 5d d2 41 b9 b5 71 e5 4d 71 98 Sep 21 07:25:07.126064: | cleartext fragment 9f 02 44 bf 45 5c 39 4a c8 39 34 03 75 be e3 1e Sep 21 07:25:07.126067: | cleartext fragment 10 af 14 15 5b 35 f6 08 ba 2a c2 5b 9c f7 21 82 Sep 21 07:25:07.126070: | cleartext fragment 96 e2 bd 5a 83 28 06 d5 2b 7e d5 32 97 cc 45 bb Sep 21 07:25:07.126073: | cleartext fragment d8 ea fb bc a4 d1 c7 48 16 9a 3e bc d7 db 72 79 Sep 21 07:25:07.126076: | cleartext fragment 76 9c 19 40 6a 96 42 33 ee c6 8d b7 36 93 Sep 21 07:25:07.126079: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.126082: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:07.126086: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:07.126089: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:07.126092: | emitting length of ISAKMP Message: 539 Sep 21 07:25:07.126098: | **emit ISAKMP Message: Sep 21 07:25:07.126101: | initiator cookie: Sep 21 07:25:07.126104: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.126107: | responder cookie: Sep 21 07:25:07.126109: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.126112: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.126115: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.126119: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.126121: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.126124: | Message ID: 1 (0x1) Sep 21 07:25:07.126127: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.126130: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:07.126133: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.126136: | flags: none (0x0) Sep 21 07:25:07.126139: | fragment number: 5 (0x5) Sep 21 07:25:07.126141: | total fragments: 5 (0x5) Sep 21 07:25:07.126145: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:07.126149: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.126153: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:07.126156: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:07.126162: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:07.126165: | cleartext fragment 2d fe 82 0a bd 09 46 3e 95 f5 f1 0f 0e d5 b9 51 Sep 21 07:25:07.126168: | cleartext fragment 7d 32 50 6f 53 ec a0 e1 ab 1d 5a 59 e8 b0 a1 2e Sep 21 07:25:07.126171: | cleartext fragment 9a a5 24 2c 94 57 97 5d 39 ad 86 b6 de ee d0 c3 Sep 21 07:25:07.126174: | cleartext fragment 25 02 90 a6 ca 7c 98 3d 41 05 48 5c 15 45 2f 41 Sep 21 07:25:07.126177: | cleartext fragment d5 cc b7 bd 65 c2 d6 97 ab 4a 96 7d f3 1c 6a fc Sep 21 07:25:07.126180: | cleartext fragment 58 2c 83 51 d7 d5 c2 5e f5 f1 aa e1 2c 53 65 7c Sep 21 07:25:07.126183: | cleartext fragment c0 3b 8e c5 50 b0 f6 57 81 97 6d 17 21 a8 e3 42 Sep 21 07:25:07.126186: | cleartext fragment 95 9a 3a 6e f7 94 1d f4 cc 2c 00 00 a4 02 00 00 Sep 21 07:25:07.126189: | cleartext fragment 20 01 03 04 02 55 9b 23 61 03 00 00 0c 01 00 00 Sep 21 07:25:07.126192: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Sep 21 07:25:07.126195: | cleartext fragment 20 02 03 04 02 55 9b 23 61 03 00 00 0c 01 00 00 Sep 21 07:25:07.126198: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Sep 21 07:25:07.126202: | cleartext fragment 30 03 03 04 04 55 9b 23 61 03 00 00 0c 01 00 00 Sep 21 07:25:07.126205: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Sep 21 07:25:07.126208: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Sep 21 07:25:07.126211: | cleartext fragment 30 04 03 04 04 55 9b 23 61 03 00 00 0c 01 00 00 Sep 21 07:25:07.126214: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Sep 21 07:25:07.126217: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Sep 21 07:25:07.126220: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Sep 21 07:25:07.126223: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Sep 21 07:25:07.126226: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Sep 21 07:25:07.126229: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.126233: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:07.126236: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:07.126239: | emitting length of IKEv2 Encrypted Fragment: 366 Sep 21 07:25:07.126242: | emitting length of ISAKMP Message: 394 Sep 21 07:25:07.126254: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.126260: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.126266: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:07.126270: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:07.126274: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:07.126278: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:07.126285: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:07.126291: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:07.126297: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:07.126640: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:07.126648: | sending fragments ... Sep 21 07:25:07.126656: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.126662: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.126665: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:07.126668: | 00 01 00 05 65 1f bc 81 9b 7d b3 7f 64 e6 bc 6b Sep 21 07:25:07.126671: | fb ec 1b 2d 4d 0e 60 e7 b6 91 a2 ca 1d b0 6c 6c Sep 21 07:25:07.126674: | 53 55 6b 97 cc 58 e2 23 7f a9 20 b1 4b 1a 7e 8e Sep 21 07:25:07.126677: | aa da 9b 10 19 e8 20 1f e1 09 aa 9b e5 28 9a 20 Sep 21 07:25:07.126679: | 61 f1 41 cc ab 00 df ec 45 e7 83 1b 25 85 b6 26 Sep 21 07:25:07.126682: | 14 7e 66 35 e8 c0 fb c0 0e c6 f9 37 82 e7 b3 5a Sep 21 07:25:07.126685: | da 2f 5c ed 70 87 79 37 e4 c3 e6 6e 02 da ba ec Sep 21 07:25:07.126688: | 68 05 e4 1e 17 bf 0b 74 c2 bd ae 60 54 11 5d 4e Sep 21 07:25:07.126691: | 2f 7e 57 c4 8b 1c 2b b7 90 bc 0a d8 a6 5c 36 39 Sep 21 07:25:07.126694: | 4d 39 f6 3a 40 d1 8b 9e c1 78 db 17 e6 77 f2 98 Sep 21 07:25:07.126697: | 33 5b 14 46 c6 fc 29 9f 49 15 44 0f cc 7c ea 4e Sep 21 07:25:07.126700: | ac 35 93 38 9a aa cf 4a e7 e9 11 d7 52 34 05 b3 Sep 21 07:25:07.126703: | 07 8d fd e5 52 55 a3 2f ae c4 72 6d f9 9b 77 9e Sep 21 07:25:07.126706: | 88 fb d4 aa ee 02 27 75 74 f9 a4 90 7a 45 19 6f Sep 21 07:25:07.126709: | 43 8a c7 57 47 5c da 33 64 52 e1 db 82 ee a6 98 Sep 21 07:25:07.126711: | 62 89 5f 55 6d 6c 72 25 11 3f dd e8 61 3c 71 1f Sep 21 07:25:07.126714: | b0 83 d6 d3 96 aa df 23 21 3b 6e ab 39 db d9 9e Sep 21 07:25:07.126717: | 6f ff 2b 2a f5 89 ef 5c 5f c5 f7 0e de c8 6a 97 Sep 21 07:25:07.126720: | 8e 45 13 98 ac 27 da 2d f9 66 32 c0 f5 70 ff dd Sep 21 07:25:07.126723: | d8 20 c5 46 cb 9f 90 25 9a 7b eb f3 19 c6 98 3e Sep 21 07:25:07.126726: | ec 23 ee fe ae 67 6c cd d8 3a 5a 3b d6 77 54 01 Sep 21 07:25:07.126729: | 76 31 32 dd 70 03 33 ca 25 4c 7c 6d 86 64 2f 92 Sep 21 07:25:07.126732: | 71 4d 84 1d b0 60 d7 0f 96 29 47 6a 94 d5 89 b4 Sep 21 07:25:07.126735: | a6 9b 9f 4e 4a d3 85 e8 80 23 cc 69 99 72 65 7a Sep 21 07:25:07.126738: | 2a 16 33 0a 54 ed e3 d8 c9 ab 0b f5 5e 73 12 97 Sep 21 07:25:07.126741: | 56 46 56 5e 2b aa 67 f4 dd 51 4e 63 49 0a fa d2 Sep 21 07:25:07.126744: | ff 06 3e 64 f1 3c eb d3 b8 99 f3 84 b2 26 30 9e Sep 21 07:25:07.126746: | 97 b6 02 60 54 0e e1 c1 86 92 9c b9 3a 9f 53 18 Sep 21 07:25:07.126749: | 29 52 8f 54 39 0d 59 80 51 ab 19 ae a5 d9 05 3e Sep 21 07:25:07.126752: | 55 8a a9 26 24 b6 cc 1e 99 0f 4e 74 71 9e af 97 Sep 21 07:25:07.126755: | a1 64 79 68 31 d2 a7 37 0a ab 2f 0b 13 63 43 08 Sep 21 07:25:07.126758: | 44 c4 ae 59 81 6f c2 18 ef 97 b8 Sep 21 07:25:07.127124: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.127131: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.127134: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:07.127137: | 00 02 00 05 24 6d 6e 2e 87 d0 1f 24 2d 88 f6 d9 Sep 21 07:25:07.127140: | c8 7b 91 a8 a1 41 b9 95 81 26 2c 19 54 91 0d b1 Sep 21 07:25:07.127143: | f2 b6 7c dd 2c 95 c3 27 93 d2 68 66 91 d0 90 6b Sep 21 07:25:07.127146: | 2b aa 48 a7 1e ee c1 46 6a a9 b9 b2 a1 ca b6 c5 Sep 21 07:25:07.127149: | 30 0c 99 4c fc ff e6 54 de f3 58 ab 0e 05 b6 78 Sep 21 07:25:07.127152: | f0 3e 0e 4a 16 2a a8 7f da 24 9e 57 64 85 f1 d2 Sep 21 07:25:07.127154: | 1c fa 94 3b 8b 5d 90 86 80 a8 f6 91 ce 35 4f 87 Sep 21 07:25:07.127157: | 29 62 bb 1f 3c d9 fb 38 49 f8 6a 75 f6 af 8a aa Sep 21 07:25:07.127160: | a7 a4 9a 4f 06 0a aa 62 b0 d5 15 cd 86 1b db 0c Sep 21 07:25:07.127163: | ab 7c 32 6b f2 45 57 06 b9 ac ec 56 16 6c b7 0e Sep 21 07:25:07.127166: | c2 00 b8 5c ef 8e f9 08 1e 0a de a1 01 61 d7 f3 Sep 21 07:25:07.127169: | 53 1b f4 68 3d 1a ff 62 37 5d 11 4f 15 c9 1d 9f Sep 21 07:25:07.127172: | b8 05 5c 55 87 a0 c7 c5 b5 a0 87 37 f1 6a 26 cf Sep 21 07:25:07.127175: | 57 2c 91 10 ad 8d fd 02 3b 66 ca c6 27 54 9f b2 Sep 21 07:25:07.127182: | 2b 72 f7 e9 b5 d5 10 8f 82 46 d5 0f 5a db df aa Sep 21 07:25:07.127185: | d1 0c c0 ab be 89 86 6a 8d bb ce 81 c2 4d 97 f4 Sep 21 07:25:07.127188: | fe 95 21 91 0c b5 dc fd ef 07 46 3b 62 35 69 52 Sep 21 07:25:07.127191: | 00 17 e0 6f 57 ce 76 01 ad 59 67 12 fa 8b b8 3e Sep 21 07:25:07.127193: | 48 e6 45 4a 81 a0 0b 32 d9 ae b3 7c 1f da 37 17 Sep 21 07:25:07.127196: | ff f7 60 86 7a cc 47 ff 2e f0 3c d8 f5 e7 46 b5 Sep 21 07:25:07.127199: | ad b7 85 87 38 64 7f b8 f6 06 d8 c0 23 5b 63 6e Sep 21 07:25:07.127202: | 7b 22 5e b4 98 c2 a7 9c cf 6b fa 90 53 3a 4d ca Sep 21 07:25:07.127205: | 98 ec fe 7e 52 b3 bf 5a 1b c2 ac f5 fa 59 23 7f Sep 21 07:25:07.127208: | d5 12 71 1a 21 96 ce 05 45 b1 8f db 3d 37 89 dd Sep 21 07:25:07.127211: | da 5a f3 dc 60 25 dd d7 29 ea f5 3f a1 88 43 a4 Sep 21 07:25:07.127214: | fb 96 54 d8 8b 56 d4 01 12 34 f9 73 1a f3 49 e4 Sep 21 07:25:07.127217: | 92 d9 84 91 b0 e2 03 1a 79 13 e9 2e 48 4d 6a 11 Sep 21 07:25:07.127219: | f6 f2 c3 02 2f cb df c0 a3 ed bc e2 8b 22 31 02 Sep 21 07:25:07.127222: | b3 1c 76 e8 3b a8 87 f7 3c 21 f4 15 d9 c4 18 90 Sep 21 07:25:07.127225: | f8 12 08 e0 05 4d 26 72 55 27 e5 b6 b8 98 ca fe Sep 21 07:25:07.127228: | b5 12 f5 2f fa 62 73 0c 76 a0 29 f1 f9 1b a0 0a Sep 21 07:25:07.127231: | a8 8c 13 74 6c 7f 7c 3b dd 52 43 Sep 21 07:25:07.127245: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.127248: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.127251: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:07.127254: | 00 03 00 05 dd d7 99 f6 ea b1 b1 68 12 fb 4f de Sep 21 07:25:07.127257: | 7c 6f e3 d0 fd 98 87 2c 23 cc 45 9a b6 f9 fd ec Sep 21 07:25:07.127259: | 42 3f 07 96 1d bd f0 57 df e5 21 58 1f 21 6b 8e Sep 21 07:25:07.127262: | 34 13 af 4f 30 22 e3 16 72 6b 22 ba 05 32 2f 68 Sep 21 07:25:07.127265: | a0 b2 77 1b c8 9f 65 72 d3 85 3a 04 7e 75 4e 2e Sep 21 07:25:07.127268: | f1 f9 f4 a5 52 6f 2a ea 21 71 a8 ce 30 b5 40 a5 Sep 21 07:25:07.127271: | 13 6a d7 c7 ae 62 ec fd 95 f9 0d 1c d0 53 1c e0 Sep 21 07:25:07.127274: | a3 19 09 a5 09 e6 53 f3 25 f2 3f d6 11 e5 0a 0b Sep 21 07:25:07.127277: | a5 e1 2c 6f 97 31 ae 3a 63 e7 2c 66 fc 11 86 a4 Sep 21 07:25:07.127280: | 18 3e e8 5b ec 06 6e 77 60 1a b8 8e d1 dd 7b 9e Sep 21 07:25:07.127283: | 43 1d 5a 24 5d 81 d2 42 70 ef 28 24 0f 37 dc 03 Sep 21 07:25:07.127286: | 56 b9 e2 ce da 0b 93 37 81 8e a9 d0 3a 04 d7 30 Sep 21 07:25:07.127289: | b0 5e 01 26 8d 97 18 0c 37 28 a1 7d 95 2b f5 62 Sep 21 07:25:07.127291: | bd 7f 67 dc 0f 39 d2 0a bf 52 a3 b7 7d 8d f6 d9 Sep 21 07:25:07.127294: | 64 c3 70 8c 7b ee ef e8 70 26 7d 42 ab e5 20 6c Sep 21 07:25:07.127297: | 82 ec e8 49 0c e8 83 37 c0 89 6f 7f d0 12 c3 15 Sep 21 07:25:07.127300: | c5 29 3e 83 ad 32 e9 83 e1 28 05 ef 0b 93 a8 e3 Sep 21 07:25:07.127303: | db e6 37 e7 9f 5c b9 5c d4 de a8 99 6d d0 b9 20 Sep 21 07:25:07.127306: | 4e 09 a6 64 84 66 cd a9 4e ca 0d 3d 4d f4 8e 1c Sep 21 07:25:07.127309: | 81 56 16 0b a6 7b 71 99 98 90 ea 89 dc 53 7b c7 Sep 21 07:25:07.127311: | d3 2d 7f 55 f2 50 c3 0c 28 ad 7e be 16 d2 ef 5a Sep 21 07:25:07.127314: | dc e7 1e 3c 3d 4d b2 ca 95 f7 6f e9 e8 fd da 50 Sep 21 07:25:07.127317: | 53 7a 66 6d 56 6d 01 34 8a ae d6 1e d4 9c c6 44 Sep 21 07:25:07.127320: | 96 f6 c0 9e 0c 65 4c a3 88 8f b7 04 6d 47 aa 38 Sep 21 07:25:07.127323: | 1c 44 88 84 31 e6 f4 50 40 72 29 0d 9f ed 88 af Sep 21 07:25:07.127326: | 16 e3 08 d7 fb fb 9d 39 ae 43 d7 47 9c 2a 27 06 Sep 21 07:25:07.127328: | 76 5a 9b 95 3b e7 55 c7 9d a0 e5 b5 1a e9 52 8e Sep 21 07:25:07.127331: | d6 01 59 bb 9d f1 f9 eb c3 71 f6 21 3b 9a 8c 97 Sep 21 07:25:07.127335: | 11 80 f1 8e 01 38 72 d3 60 93 08 c3 64 49 9f 77 Sep 21 07:25:07.127338: | 9b 08 02 87 6e 44 e5 be 1e fe b8 ab 4d 06 37 10 Sep 21 07:25:07.127342: | ef 02 65 15 01 d6 1f b7 51 9f 55 7e 16 66 35 14 Sep 21 07:25:07.127345: | d2 34 d3 56 7b 40 64 58 a6 02 4b Sep 21 07:25:07.127355: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.127358: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.127361: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:07.127364: | 00 04 00 05 96 73 a1 43 44 cf 44 15 ae 73 1d dc Sep 21 07:25:07.127366: | 28 87 c1 8d 3d a6 46 e9 9e 84 33 7f 03 60 44 28 Sep 21 07:25:07.127369: | 46 da bb c9 77 61 c6 80 c6 2a 93 bc bd 4d 52 ae Sep 21 07:25:07.127372: | 61 be 75 a0 f5 71 fb 4f 42 08 fc b0 78 52 46 52 Sep 21 07:25:07.127375: | 45 53 1a de 21 6a 5a 05 64 0f 97 be 8b a5 79 0f Sep 21 07:25:07.127378: | 0d e6 d1 6d e2 01 b7 6d 51 a8 5b 84 61 76 8b 24 Sep 21 07:25:07.127381: | d3 48 4d 32 8f bf b1 9a b3 7d c4 22 df 66 a6 2c Sep 21 07:25:07.127384: | eb b1 51 67 0f 4b 86 0e 2a 7e 3f 07 53 90 a5 bd Sep 21 07:25:07.127386: | eb 81 a6 c8 5b fb d6 7d 38 92 b4 c9 a1 c7 8b f1 Sep 21 07:25:07.127389: | 31 e9 f9 72 7a 5a db 8c 87 47 98 87 dc 4f 2e 7c Sep 21 07:25:07.127392: | c2 97 bb 09 70 18 43 cd c6 14 c2 04 da d3 f8 5b Sep 21 07:25:07.127395: | 0a b3 05 e8 fe e3 98 32 c6 cc 60 10 91 ce ba a7 Sep 21 07:25:07.127398: | 02 7e 20 15 57 a4 2e 72 e8 1f d5 b7 2e 3e 82 1d Sep 21 07:25:07.127401: | be 19 e8 13 88 fb 67 26 d0 cf d2 a0 d5 79 13 83 Sep 21 07:25:07.127404: | ec 30 0e ed c1 f0 48 1e 08 42 d3 e6 dd 72 74 88 Sep 21 07:25:07.127407: | 1b 83 88 67 d0 91 40 8a 3b 6d 78 d9 48 73 3a f1 Sep 21 07:25:07.127410: | b3 3c 61 35 a1 ef ad c5 8b 5e ce e8 7a b5 e6 90 Sep 21 07:25:07.127413: | 3f 18 f6 c2 30 d8 57 2f 42 fd a1 91 fb e5 05 16 Sep 21 07:25:07.127416: | d0 84 89 84 ff d4 17 c6 6f cd c5 8e 2f 05 43 73 Sep 21 07:25:07.127418: | d2 e5 bc f1 7e 41 b5 a9 a5 d6 a0 f2 35 f0 c9 ec Sep 21 07:25:07.127421: | d0 2d b2 7f ce 6a 9a 80 d5 85 87 fb 6f d9 9f d7 Sep 21 07:25:07.127424: | f1 31 f0 de 8c 51 ae df e4 86 a9 40 e1 40 cc b5 Sep 21 07:25:07.127427: | b0 53 29 2d 41 98 5b 42 1c 61 52 0a ff 8e 1b 18 Sep 21 07:25:07.127430: | af aa cf 01 7a 9c d1 93 c1 9e d9 02 8b a0 22 69 Sep 21 07:25:07.127433: | a8 c0 19 75 c6 5d 34 ac f0 1d 9f 1a 76 fd fc eb Sep 21 07:25:07.127436: | 4c 90 28 15 f2 01 68 a7 4e 77 92 a4 52 4c 7f 37 Sep 21 07:25:07.127438: | 85 a4 c0 02 a5 c5 17 1d 9d 7a bf 59 ad 3f e5 33 Sep 21 07:25:07.127441: | 57 b8 0b 55 bb 33 bd d1 f0 a6 70 a0 f8 93 dd 8d Sep 21 07:25:07.127444: | 1e a5 19 a2 97 5b db 50 92 5b 9d d4 e5 ae d1 f8 Sep 21 07:25:07.127447: | d7 17 42 82 4b 38 4d d7 b1 fe 94 1c 27 ce b0 af Sep 21 07:25:07.127450: | 73 62 28 07 05 74 f4 51 36 dd 4d b3 ec e2 32 0c Sep 21 07:25:07.127453: | 23 27 ff 94 92 c8 ff b3 82 21 ed Sep 21 07:25:07.127462: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.127466: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.127469: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Sep 21 07:25:07.127472: | 00 05 00 05 e9 e6 f2 be 7b 10 07 f8 11 af 12 4d Sep 21 07:25:07.127475: | e3 4b 41 6e 08 08 d1 31 03 48 e0 20 b8 f8 6d 75 Sep 21 07:25:07.127478: | 0b 0e f8 33 bd f7 7d ef 9f 1c 07 c1 60 c5 21 74 Sep 21 07:25:07.127481: | e7 12 00 20 67 6a 03 46 98 11 18 78 d2 95 39 5d Sep 21 07:25:07.127483: | 99 ce 3c 76 af 1c 2d 89 fc cb 66 fb 62 c4 f4 f7 Sep 21 07:25:07.127486: | ff a5 1f 2d 47 a0 61 15 bb 43 a1 5f d6 ea f2 8a Sep 21 07:25:07.127489: | 2d 6e 78 7d 64 f2 71 b2 15 44 1a c2 3c f5 e6 88 Sep 21 07:25:07.127492: | 66 98 e0 2a 92 50 b3 32 8b 8a d0 31 b5 2c 2c f4 Sep 21 07:25:07.127495: | e7 dc 0f 5a 4f 04 ad 6c e4 1e 5a 9d 96 45 c4 c9 Sep 21 07:25:07.127498: | b1 4e a9 28 65 f2 68 5b 43 4d 61 70 32 15 53 11 Sep 21 07:25:07.127501: | 25 27 7b fb 6c 46 9b 27 b5 f5 2b c1 5b 02 f3 81 Sep 21 07:25:07.127505: | a2 00 35 ea 0d d7 76 3f 3f ff b2 a9 4c e7 cb 33 Sep 21 07:25:07.127508: | 62 79 41 cc 94 11 f2 e4 93 48 bf ba 87 94 6b 62 Sep 21 07:25:07.127511: | eb 7f 67 12 5c 3b 45 b0 e7 21 e1 c2 a2 33 b7 f2 Sep 21 07:25:07.127514: | 94 5c da fb a7 b3 2c ed 63 31 68 cd 22 e5 d2 fb Sep 21 07:25:07.127517: | d6 81 59 de aa ed b3 32 50 e7 9c 37 1b dc 2d bf Sep 21 07:25:07.127519: | 37 7d 99 c2 d0 a9 d7 c0 f5 e7 7c f4 65 45 a9 21 Sep 21 07:25:07.127522: | c8 53 19 d3 85 c5 ab f8 67 9b e1 f3 bb 6a c3 3b Sep 21 07:25:07.127525: | b7 f7 56 0d ac 5b 4d c5 a6 aa 8f 8b 5c 24 5e a1 Sep 21 07:25:07.127528: | f7 0e a8 4b 11 62 6c c1 94 e1 54 1b ed 3c 6a a9 Sep 21 07:25:07.127531: | 8f d9 92 43 08 40 da 8c a4 86 71 df c4 42 2c 63 Sep 21 07:25:07.127534: | 2f 3f e4 f4 25 47 25 f4 bf 7a cb 5f 53 72 f6 14 Sep 21 07:25:07.127536: | 31 f1 32 40 b2 f4 06 4d 76 ba Sep 21 07:25:07.127543: | sent 5 fragments Sep 21 07:25:07.127547: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:07.127551: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:07.152863: | event_schedule: new EVENT_RETRANSMIT-pe@0x5596586b6bd0 Sep 21 07:25:07.152878: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:25:07.152883: | libevent_malloc: new ptr-libevent@0x7fb92c006900 size 128 Sep 21 07:25:07.152891: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49353.521122 Sep 21 07:25:07.152898: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:07.152908: | #1 spent 2.41 milliseconds Sep 21 07:25:07.152913: | #1 spent 13.9 milliseconds in resume sending helper answer Sep 21 07:25:07.152921: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:07.152926: | libevent_free: release ptr-libevent@0x7fb924006b90 Sep 21 07:25:07.408297: | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.408320: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.408323: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408326: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Sep 21 07:25:07.408328: | 00 01 00 05 81 63 78 fa 38 a4 8e 01 47 d7 c2 d6 Sep 21 07:25:07.408330: | f4 99 99 00 c5 89 f1 2d e7 83 a0 34 5f ef 85 dc Sep 21 07:25:07.408332: | 04 bc ae cc da fb 0f 71 22 0e c4 d8 b5 e8 12 1c Sep 21 07:25:07.408334: | 76 43 7a d1 5d e4 08 42 12 8d a7 72 29 38 4a a4 Sep 21 07:25:07.408336: | c6 45 4c 0b fc 72 33 7d 9a b0 55 13 19 22 ef 5b Sep 21 07:25:07.408338: | 33 ed 5f bf a9 ee f8 5a 5e 35 d0 9b b8 f8 a8 79 Sep 21 07:25:07.408340: | 14 07 ac 38 36 ff 9d b8 ad 9d a7 63 87 89 9d 65 Sep 21 07:25:07.408342: | 14 f3 be c7 2b 77 ab 78 f8 5f 87 6e fd 1f 15 59 Sep 21 07:25:07.408344: | c2 77 59 cf 5c 65 e5 2f ab 54 ac f1 c1 45 bc 26 Sep 21 07:25:07.408346: | f4 99 d0 9e 6b 4c 64 fd fc 8f 33 2f 38 ee 4e a0 Sep 21 07:25:07.408348: | fb 34 84 c8 50 c9 62 27 8b 28 98 62 2e 28 d8 bf Sep 21 07:25:07.408350: | 54 92 eb dd 5c 3c a8 79 e7 4d 4b 5c 4b 7e ca 23 Sep 21 07:25:07.408352: | b5 12 4a cf 44 15 9c 19 b0 c4 e1 8a 1f dd ef 92 Sep 21 07:25:07.408354: | f4 0a 48 1d 2c 1e 34 b1 3a fc 80 fa 15 8d 25 ee Sep 21 07:25:07.408356: | 06 dd 3b a1 f1 4d 1f 74 74 28 4e 04 d2 2e dc 21 Sep 21 07:25:07.408358: | 83 17 bd 37 94 ed ce 49 cb 90 04 12 17 04 86 9b Sep 21 07:25:07.408360: | 5f c3 77 36 4d b8 dd 2c 73 c0 47 06 6e 61 5c 3d Sep 21 07:25:07.408362: | ff 49 66 2f 08 16 35 4e 93 ab 01 11 75 00 2e 1a Sep 21 07:25:07.408365: | 2c 9e 5b 3b 79 bc ea a4 97 84 c8 88 bc 2c 03 30 Sep 21 07:25:07.408367: | d0 b9 49 2e 97 17 78 83 e7 e5 3a 36 54 9b 94 47 Sep 21 07:25:07.408369: | 72 93 d6 7d 89 be a1 9b 35 b6 cf 38 39 6d 21 4a Sep 21 07:25:07.408373: | 3a 36 c0 c5 66 55 19 d9 33 78 b5 04 f3 c9 b7 03 Sep 21 07:25:07.408376: | 0b fc a6 09 91 a7 68 cc 9f fe 43 b2 0e 7a 13 fb Sep 21 07:25:07.408378: | 6a d0 33 18 9d 7c 1e bb 6a 01 24 5e ef 4c 83 66 Sep 21 07:25:07.408380: | 39 24 12 ee a8 08 2a 2d 82 bb 96 72 be 06 45 fc Sep 21 07:25:07.408382: | 0b 76 63 df ca 9a 47 a4 ef 33 4e f2 70 5e 56 f3 Sep 21 07:25:07.408384: | c4 d4 cd a7 9d d5 c7 77 07 13 07 11 84 77 f1 5c Sep 21 07:25:07.408386: | c9 8d c8 9d 7f 5a 4b 0d 9e 61 10 83 80 e6 8d 75 Sep 21 07:25:07.408389: | cd 78 59 16 3d d6 af fe c3 da 5c 7b e8 05 f0 11 Sep 21 07:25:07.408391: | 4c b8 8f ed 7c 85 42 90 6f 3e f6 22 81 98 0a 65 Sep 21 07:25:07.408393: | f0 88 de 7c 92 62 ce 5b 4d 58 06 6c b3 1b b8 b0 Sep 21 07:25:07.408395: | 9d 21 0b 17 20 93 18 4d a5 c7 85 Sep 21 07:25:07.408400: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.408404: | **parse ISAKMP Message: Sep 21 07:25:07.408406: | initiator cookie: Sep 21 07:25:07.408408: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.408411: | responder cookie: Sep 21 07:25:07.408413: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408415: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:07.408418: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.408420: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.408423: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.408425: | Message ID: 1 (0x1) Sep 21 07:25:07.408428: | length: 539 (0x21b) Sep 21 07:25:07.408431: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:07.408435: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:07.408439: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:07.408446: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.408449: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:07.408454: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.408458: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.408461: | #2 is idle Sep 21 07:25:07.408463: | #2 idle Sep 21 07:25:07.408465: | unpacking clear payload Sep 21 07:25:07.408468: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.408471: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:07.408474: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:07.408476: | flags: none (0x0) Sep 21 07:25:07.408478: | length: 511 (0x1ff) Sep 21 07:25:07.408481: | fragment number: 1 (0x1) Sep 21 07:25:07.408483: | total fragments: 5 (0x5) Sep 21 07:25:07.408485: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:07.408488: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:07.408491: | received IKE encrypted fragment number '1', total number '5', next payload '36' Sep 21 07:25:07.408493: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:25:07.408499: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.408505: | #1 spent 0.195 milliseconds in ikev2_process_packet() Sep 21 07:25:07.408509: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:07.408512: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.408515: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.408519: | spent 0.21 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.408528: | spent 0.00162 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.408538: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.408544: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408546: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:07.408548: | 00 02 00 05 99 5a 92 87 ed 33 11 f4 01 e6 49 19 Sep 21 07:25:07.408550: | 1d f5 b3 03 34 de ab f4 6e 30 08 28 fb 38 b7 47 Sep 21 07:25:07.408552: | a3 5b be 3d 91 32 43 a0 f9 c0 e5 15 0f 86 92 3e Sep 21 07:25:07.408554: | ae 3c fb f5 ac d5 e9 b7 c0 b1 54 4e d2 29 14 83 Sep 21 07:25:07.408556: | 91 25 71 12 e1 f2 d2 b2 9f 90 d0 90 1d b7 21 05 Sep 21 07:25:07.408559: | a5 12 ac b7 f6 74 b8 b7 4b 6a ec 4a 99 9a 4c 54 Sep 21 07:25:07.408561: | c2 16 61 85 3b 1e 14 69 0d d5 51 86 27 94 6e f9 Sep 21 07:25:07.408563: | 9e 46 4e fb d8 75 ab ab 2c 42 90 0a a9 fe d8 d5 Sep 21 07:25:07.408565: | ab 09 23 16 61 f4 ee 68 ea ee 5e 09 ec 1f bc 17 Sep 21 07:25:07.408567: | 2e ed 08 9f 2b 49 67 42 31 fc 6d b3 33 75 f7 64 Sep 21 07:25:07.408569: | 02 4f 14 3f 94 8b ca db bd 2c d6 6f c0 ab 22 86 Sep 21 07:25:07.408571: | 84 58 28 8f 4a 0f 71 55 8f 6a 2c af f7 60 86 8b Sep 21 07:25:07.408573: | 5f 1a fc 84 31 c8 86 c0 42 63 eb 07 6a 28 6f 7a Sep 21 07:25:07.408576: | 15 b4 6c 34 3f a4 40 bd 4e fb 40 86 ba 00 aa ac Sep 21 07:25:07.408578: | bb 5c 08 82 ea a9 2c 56 d0 e6 c6 4f ff 66 ce 66 Sep 21 07:25:07.408580: | 05 ba 25 23 d9 f9 0d 9a d0 99 96 6b c0 96 de 76 Sep 21 07:25:07.408582: | 56 c7 6d c1 e2 27 9e 16 2e 92 f0 9c 71 14 a4 78 Sep 21 07:25:07.408583: | 33 86 c0 03 7d 74 65 4f 34 17 1a 37 69 9e 45 e0 Sep 21 07:25:07.408585: | 5c 1b 13 18 f2 c7 51 8e 8d 65 6a d4 81 c2 0c 11 Sep 21 07:25:07.408587: | a3 5c e5 98 f4 ee 6c 6b 40 e5 48 94 d2 94 32 24 Sep 21 07:25:07.408589: | 8d 26 08 5d d8 51 75 38 88 9b a5 ad 4b a4 78 8c Sep 21 07:25:07.408591: | e8 7b cd 60 9b 25 e4 a1 95 46 5c 02 95 bd 0a ac Sep 21 07:25:07.408593: | 67 ca 09 14 ce 22 c7 a7 6f 40 9f c3 fb 5d 11 db Sep 21 07:25:07.408594: | 33 db 48 19 0d 0e 86 49 eb 55 39 b5 cc f3 f1 53 Sep 21 07:25:07.408596: | fe 6a dd 68 60 ef 08 5c 65 10 dd 23 72 4a ed 99 Sep 21 07:25:07.408598: | fa 3a ac 8a 1d 62 b3 0e 14 a9 e9 f5 9e c3 00 be Sep 21 07:25:07.408600: | 44 b0 38 71 b9 26 bc 49 f4 65 ce 26 10 a2 fd bb Sep 21 07:25:07.408602: | e9 17 be 54 0d 24 5f fa 90 bc 64 0b c0 e3 f4 94 Sep 21 07:25:07.408604: | 18 2f db 45 3b 12 a6 5d 51 2d ae db dd d0 50 8c Sep 21 07:25:07.408605: | 19 a6 63 d7 14 95 8a 07 02 38 bf 2f e9 de 57 e0 Sep 21 07:25:07.408607: | bb 4b a3 05 aa 04 e1 a1 58 92 60 e6 55 65 67 ea Sep 21 07:25:07.408609: | 7c 73 ce 4f 03 79 5a 8c 85 7e a0 Sep 21 07:25:07.408614: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.408616: | **parse ISAKMP Message: Sep 21 07:25:07.408619: | initiator cookie: Sep 21 07:25:07.408621: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.408623: | responder cookie: Sep 21 07:25:07.408625: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408627: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:07.408630: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.408632: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.408634: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.408636: | Message ID: 1 (0x1) Sep 21 07:25:07.408638: | length: 539 (0x21b) Sep 21 07:25:07.408641: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:07.408644: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:07.408646: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:07.408651: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.408654: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:07.408658: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.408664: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.408667: | #2 is idle Sep 21 07:25:07.408669: | #2 idle Sep 21 07:25:07.408672: | unpacking clear payload Sep 21 07:25:07.408674: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.408677: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:07.408679: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.408682: | flags: none (0x0) Sep 21 07:25:07.408684: | length: 511 (0x1ff) Sep 21 07:25:07.408687: | fragment number: 2 (0x2) Sep 21 07:25:07.408689: | total fragments: 5 (0x5) Sep 21 07:25:07.408692: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:07.408694: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:07.408697: | received IKE encrypted fragment number '2', total number '5', next payload '0' Sep 21 07:25:07.408702: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.408707: | #1 spent 0.174 milliseconds in ikev2_process_packet() Sep 21 07:25:07.408711: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:07.408714: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.408717: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.408721: | spent 0.188 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.408730: | spent 0.00196 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.408739: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.408742: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408745: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:07.408747: | 00 03 00 05 d7 16 84 23 86 80 9b b2 93 cb 4a c9 Sep 21 07:25:07.408749: | e2 93 a8 17 1a 5a 4f 51 ec 84 b4 f6 a1 fb 8c 3f Sep 21 07:25:07.408751: | 52 7f b7 36 d6 50 71 36 e9 bd 0c 03 19 ce 5b e5 Sep 21 07:25:07.408753: | 0e e9 a5 f3 42 82 9a 10 90 4b 56 82 98 54 53 cc Sep 21 07:25:07.408755: | 49 0e 56 a7 98 81 17 0c 85 fe 06 97 b6 66 ce fb Sep 21 07:25:07.408757: | e3 0a 78 84 41 a3 6c 00 a7 87 ce a6 26 42 c4 e3 Sep 21 07:25:07.408759: | 16 ec a6 ed 2e 18 f2 b4 23 79 b2 87 b6 7c cc 3d Sep 21 07:25:07.408761: | d8 35 ba 1c 9c f0 31 f7 88 e8 73 45 7c 2d 4c 61 Sep 21 07:25:07.408763: | 0a 90 57 e2 ca 92 f2 33 f4 b6 df 9e 1d 90 a1 a4 Sep 21 07:25:07.408765: | 47 63 e4 0c 71 c4 ee a2 29 58 ef be b6 88 40 0b Sep 21 07:25:07.408767: | aa 59 98 bb e3 68 bd 21 27 d0 e0 70 ee c6 21 19 Sep 21 07:25:07.408769: | c1 e8 5d b2 43 4e a0 77 c6 64 89 4e cf ec e9 a4 Sep 21 07:25:07.408771: | 74 6b c2 c4 55 74 f8 f8 14 98 cd c5 83 14 e4 e2 Sep 21 07:25:07.408773: | 99 bb 4c 5d 67 a4 47 24 0d 2b a1 af 08 42 cc 06 Sep 21 07:25:07.408775: | c4 08 e1 ce c9 f4 b1 0c 17 03 3b 9e f0 a9 f6 5a Sep 21 07:25:07.408777: | 73 4c 8f 93 15 e1 1c 88 4e 48 20 ae f5 cd 49 9f Sep 21 07:25:07.408779: | 90 8f a7 f5 22 4b 5e e8 8e 78 c2 3a 81 05 d6 e0 Sep 21 07:25:07.408781: | 8e 95 42 c5 2b 17 d4 49 6f e5 3f 9a 4f c8 ce d1 Sep 21 07:25:07.408788: | ae 89 6c 84 79 ba 11 94 f0 c9 27 68 f9 92 aa 33 Sep 21 07:25:07.408793: | 7f 14 ff 59 74 2c de 53 17 36 b7 bb a8 3f 71 85 Sep 21 07:25:07.408795: | 10 01 28 78 c4 79 ef 27 46 3b db 6c 17 d8 3e 9c Sep 21 07:25:07.408797: | 22 1b 81 7a 00 6d 27 86 62 b6 37 93 62 d2 0b e0 Sep 21 07:25:07.408799: | e9 9e fa bb ce 37 8b e5 00 8f 34 1d e3 1b 4f ae Sep 21 07:25:07.408800: | 9c af 21 de d5 b5 fc 89 ef 92 ae 58 2e 03 a0 6a Sep 21 07:25:07.408802: | d2 9c 93 c0 44 a6 12 b3 1a ee b6 74 93 e9 77 d1 Sep 21 07:25:07.408804: | e8 4f 4d 61 11 f9 1b 95 af c1 8d 44 be cc d8 39 Sep 21 07:25:07.408806: | 37 03 bc 6f 8d 4b 9b a5 6f 3c 28 90 c3 bc 03 5e Sep 21 07:25:07.408811: | 2d ad 5f 55 d0 99 d6 36 8f 6f 54 bf 31 79 b6 8f Sep 21 07:25:07.408813: | 6b ca ca cc ad ef 9f 14 72 7b 61 bc d1 c9 16 90 Sep 21 07:25:07.408815: | 99 f4 20 97 44 00 ff a8 43 0b c8 24 8e 7d 6f b2 Sep 21 07:25:07.408817: | 35 c6 42 2f 4e f0 7b bc c3 73 af 63 ef 7d 63 b3 Sep 21 07:25:07.408818: | b5 5e b5 60 f7 40 ce 64 bf 7f 4d Sep 21 07:25:07.408823: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.408825: | **parse ISAKMP Message: Sep 21 07:25:07.408827: | initiator cookie: Sep 21 07:25:07.408830: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.408832: | responder cookie: Sep 21 07:25:07.408834: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408836: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:07.408839: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.408841: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.408843: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.408846: | Message ID: 1 (0x1) Sep 21 07:25:07.408848: | length: 539 (0x21b) Sep 21 07:25:07.408851: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:07.408854: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:07.408857: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:07.408863: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.408866: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:07.408870: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.408875: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.408878: | #2 is idle Sep 21 07:25:07.408881: | #2 idle Sep 21 07:25:07.408883: | unpacking clear payload Sep 21 07:25:07.408886: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.408888: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:07.408891: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.408893: | flags: none (0x0) Sep 21 07:25:07.408896: | length: 511 (0x1ff) Sep 21 07:25:07.408898: | fragment number: 3 (0x3) Sep 21 07:25:07.408900: | total fragments: 5 (0x5) Sep 21 07:25:07.408902: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:07.408905: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:07.408907: | received IKE encrypted fragment number '3', total number '5', next payload '0' Sep 21 07:25:07.408912: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.408918: | #1 spent 0.178 milliseconds in ikev2_process_packet() Sep 21 07:25:07.408925: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:07.408929: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.408933: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.408937: | spent 0.199 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.408946: | spent 0.0015 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.408956: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.408959: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.408964: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:07.408968: | 00 04 00 05 90 5c 85 92 a3 fa 60 6c 05 23 4b 41 Sep 21 07:25:07.408970: | 61 f2 19 3b a9 65 85 e6 59 0e 23 1c 85 18 ae 04 Sep 21 07:25:07.408972: | e9 d7 d8 1d 2f 7a 19 40 22 7a a3 8b 80 c5 a3 ed Sep 21 07:25:07.408974: | 9b 6d eb cc 3e c5 fb ca f8 38 de 3c a9 41 91 e3 Sep 21 07:25:07.408976: | 70 23 79 3b b7 98 43 a3 34 fe 0a 7e a0 31 24 80 Sep 21 07:25:07.408980: | 48 f9 c7 a9 1e ef 6a 01 3c fd 9b 0c f5 a6 de d7 Sep 21 07:25:07.408982: | bc 6b 85 40 6e bc 73 19 8a f3 c5 52 d7 c6 e8 91 Sep 21 07:25:07.408984: | 8c f7 09 bc e7 4c ef 50 02 3e b3 9a ac 70 05 a4 Sep 21 07:25:07.408987: | 6c ae a5 e6 8b 37 bc d0 77 43 7e 71 40 b4 4e 73 Sep 21 07:25:07.408989: | 02 89 49 7f 10 df fb 93 b5 5b 93 ab 4d 55 ff 97 Sep 21 07:25:07.408991: | 81 12 16 07 e7 1a c2 5e 7d a0 37 59 e8 6b 4d 83 Sep 21 07:25:07.408993: | d4 35 4e 87 a6 f3 35 99 29 f9 cc 94 6c 68 0a f7 Sep 21 07:25:07.408995: | 7f a9 2e 66 6d c5 ff c8 63 e5 68 dc fa 6b 1b 61 Sep 21 07:25:07.408998: | 19 5b 69 3a 7a 87 ba 9f 49 d7 dc f7 06 08 1b 15 Sep 21 07:25:07.409000: | 2b bd 8e 67 0d f2 08 dc 3f 08 e7 50 3b af a4 00 Sep 21 07:25:07.409002: | f3 76 e9 6e 6c 3a 06 c5 9c b3 b2 a9 fe b0 44 c7 Sep 21 07:25:07.409004: | ee 4b b9 b7 05 07 3b c7 94 07 4f 66 30 74 56 37 Sep 21 07:25:07.409006: | 76 54 0a af 64 ad d8 11 fe 93 da ca 48 7c e6 4b Sep 21 07:25:07.409008: | 6b f9 13 cc 8f 23 a2 86 f1 d0 b4 8d 2f 72 b6 aa Sep 21 07:25:07.409010: | 3d 5d 30 ac 13 63 ae 37 5a 04 fe 6f 57 4b d3 0a Sep 21 07:25:07.409012: | 2a f3 91 91 10 db 3e f4 8c 85 03 59 c0 c5 91 4c Sep 21 07:25:07.409015: | a5 08 0b b4 2d 08 14 e6 bd fd 59 28 cb 5d 9e 40 Sep 21 07:25:07.409017: | d6 8c fc ec 64 ce 79 bd 25 8f 47 d0 2b 0f 47 44 Sep 21 07:25:07.409019: | 63 fa 47 8c d4 05 f7 b9 60 ea b2 db b7 bd 3e 37 Sep 21 07:25:07.409021: | 01 4e 73 42 11 45 d8 bd fb 72 aa 51 47 73 8a 99 Sep 21 07:25:07.409024: | 3e e8 fa 35 1f 2d 08 67 66 e0 69 68 56 54 ae 9b Sep 21 07:25:07.409026: | d6 22 e0 2c de 12 6c 06 02 e3 4d 2a cc 0c c3 9d Sep 21 07:25:07.409028: | b4 97 55 77 ee c9 71 eb 23 15 87 89 12 15 36 9f Sep 21 07:25:07.409030: | 38 76 c5 c5 5a cd 0b 2d 21 9a 75 1e 2a 83 54 c9 Sep 21 07:25:07.409033: | 9f 91 a4 13 de 6b eb fb 55 95 24 7e 98 ee 8e 90 Sep 21 07:25:07.409035: | d3 65 7b 82 81 9a 92 90 52 6d 0c b5 43 f0 ed 6d Sep 21 07:25:07.409037: | 19 be ca 53 03 64 69 a5 f4 a2 63 Sep 21 07:25:07.409042: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.409045: | **parse ISAKMP Message: Sep 21 07:25:07.409047: | initiator cookie: Sep 21 07:25:07.409049: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.409052: | responder cookie: Sep 21 07:25:07.409054: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.409056: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:07.409059: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.409061: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.409064: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.409067: | Message ID: 1 (0x1) Sep 21 07:25:07.409069: | length: 539 (0x21b) Sep 21 07:25:07.409072: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:07.409074: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:07.409077: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:07.409083: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.409086: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:07.409091: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.409095: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.409098: | #2 is idle Sep 21 07:25:07.409101: | #2 idle Sep 21 07:25:07.409103: | unpacking clear payload Sep 21 07:25:07.409105: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.409108: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:07.409111: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.409113: | flags: none (0x0) Sep 21 07:25:07.409118: | length: 511 (0x1ff) Sep 21 07:25:07.409120: | fragment number: 4 (0x4) Sep 21 07:25:07.409123: | total fragments: 5 (0x5) Sep 21 07:25:07.409125: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:07.409128: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:07.409131: | received IKE encrypted fragment number '4', total number '5', next payload '0' Sep 21 07:25:07.409136: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.409141: | #1 spent 0.19 milliseconds in ikev2_process_packet() Sep 21 07:25:07.409145: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:07.409148: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.409151: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.409155: | spent 0.205 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.409168: | spent 0.00182 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.409179: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.409185: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.409189: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Sep 21 07:25:07.409191: | 00 05 00 05 45 81 e2 74 2c 14 ea ea 1a 6d 86 20 Sep 21 07:25:07.409193: | 1c a3 24 7f ae 42 da 3d c1 33 b4 a1 ae 12 49 57 Sep 21 07:25:07.409196: | 26 a8 de 0b 46 8c 1c cd 0d f3 5e 1f a9 38 3f a7 Sep 21 07:25:07.409198: | 37 Sep 21 07:25:07.409203: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.409206: | **parse ISAKMP Message: Sep 21 07:25:07.409209: | initiator cookie: Sep 21 07:25:07.409211: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.409213: | responder cookie: Sep 21 07:25:07.409215: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.409217: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:07.409220: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.409223: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:07.409225: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.409228: | Message ID: 1 (0x1) Sep 21 07:25:07.409230: | length: 81 (0x51) Sep 21 07:25:07.409233: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:07.409236: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:07.409239: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:07.409245: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.409248: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:07.409253: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.409258: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.409261: | #2 is idle Sep 21 07:25:07.409263: | #2 idle Sep 21 07:25:07.409267: | unpacking clear payload Sep 21 07:25:07.409272: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:07.409275: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:07.409278: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.409280: | flags: none (0x0) Sep 21 07:25:07.409282: | length: 53 (0x35) Sep 21 07:25:07.409284: | fragment number: 5 (0x5) Sep 21 07:25:07.409287: | total fragments: 5 (0x5) Sep 21 07:25:07.409289: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Sep 21 07:25:07.409292: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:07.409295: | received IKE encrypted fragment number '5', total number '5', next payload '0' Sep 21 07:25:07.409327: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:07.409335: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:07.409339: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:07.409341: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Sep 21 07:25:07.409344: | flags: none (0x0) Sep 21 07:25:07.409346: | length: 191 (0xbf) Sep 21 07:25:07.409348: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:25:07.409351: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Sep 21 07:25:07.409353: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Sep 21 07:25:07.409355: | **parse IKEv2 Certificate Payload: Sep 21 07:25:07.409358: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:07.409360: | flags: none (0x0) Sep 21 07:25:07.409363: | length: 1265 (0x4f1) Sep 21 07:25:07.409365: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:07.409368: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Sep 21 07:25:07.409370: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:07.409372: | **parse IKEv2 Authentication Payload: Sep 21 07:25:07.409374: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:07.409376: | flags: none (0x0) Sep 21 07:25:07.409378: | length: 392 (0x188) Sep 21 07:25:07.409381: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:07.409383: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Sep 21 07:25:07.409385: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:07.409387: | **parse IKEv2 Security Association Payload: Sep 21 07:25:07.409390: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:07.409392: | flags: none (0x0) Sep 21 07:25:07.409394: | length: 36 (0x24) Sep 21 07:25:07.409396: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:07.409398: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:07.409400: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:07.409403: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:07.409405: | flags: none (0x0) Sep 21 07:25:07.409407: | length: 24 (0x18) Sep 21 07:25:07.409410: | number of TS: 1 (0x1) Sep 21 07:25:07.409412: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:07.409414: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:07.409416: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:07.409418: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.409420: | flags: none (0x0) Sep 21 07:25:07.409422: | length: 24 (0x18) Sep 21 07:25:07.409424: | number of TS: 1 (0x1) Sep 21 07:25:07.409426: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:07.409428: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:07.409430: | Now let's proceed with state specific processing Sep 21 07:25:07.409432: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:07.409439: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:25:07.409442: loading root certificate cache Sep 21 07:25:07.413473: | spent 3.93 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:25:07.413520: | spent 0.0303 milliseconds in get_root_certs() filtering CAs Sep 21 07:25:07.413528: | #1 spent 4 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:25:07.413532: | checking for known CERT payloads Sep 21 07:25:07.413534: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:25:07.413579: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:07.413587: | #1 spent 0.0534 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:25:07.413592: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:07.413640: | #1 spent 0.0469 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:25:07.413644: | missing or expired CRL Sep 21 07:25:07.413651: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:25:07.413654: | verify_end_cert trying profile IPsec Sep 21 07:25:07.413798: | certificate is valid (profile IPsec) Sep 21 07:25:07.413810: | #1 spent 0.153 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:25:07.413816: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:07.413903: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a3580 Sep 21 07:25:07.413909: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a6e40 Sep 21 07:25:07.413912: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586adb00 Sep 21 07:25:07.413914: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586a2f60 Sep 21 07:25:07.413917: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5596586ad1e0 Sep 21 07:25:07.414149: | unreference key: 0x5596586be320 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:07.414160: | #1 spent 0.327 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:25:07.414165: | #1 spent 4.64 milliseconds in decode_certs() Sep 21 07:25:07.414169: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:25:07.414172: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:25:07.414174: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:25:07.414176: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:25:07.414179: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:25:07.414181: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:25:07.414183: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:25:07.414185: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:07.414187: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:25:07.414190: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:25:07.414192: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:07.414194: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:25:07.414210: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:25:07.414216: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:25:07.414218: | X509: CERT and ID matches current connection Sep 21 07:25:07.414226: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.414236: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:25:07.414291: | verifying AUTH payload Sep 21 07:25:07.414313: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.414331: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:25:07.414341: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.414353: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.414363: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.414502: | an RSA Sig check passed with *AwEAAbANn [remote certificates] Sep 21 07:25:07.414511: | #1 spent 0.143 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:07.414515: "northnet-eastnets/0x1" #2: Authenticated using RSA Sep 21 07:25:07.414536: | #1 spent 0.225 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:07.414541: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:07.414547: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:07.414550: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:07.414556: | libevent_free: release ptr-libevent@0x5596586a2ed0 Sep 21 07:25:07.414559: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5596586add20 Sep 21 07:25:07.414562: | event_schedule: new EVENT_SA_REKEY-pe@0x5596586b6080 Sep 21 07:25:07.414565: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:07.414569: | libevent_malloc: new ptr-libevent@0x5596586a2ed0 size 128 Sep 21 07:25:07.415009: | pstats #1 ikev2.ike established Sep 21 07:25:07.415018: | TSi: parsing 1 traffic selectors Sep 21 07:25:07.415023: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:07.415026: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.415028: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.415031: | length: 16 (0x10) Sep 21 07:25:07.415033: | start port: 0 (0x0) Sep 21 07:25:07.415035: | end port: 65535 (0xffff) Sep 21 07:25:07.415038: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:07.415040: | TS low c0 00 03 00 Sep 21 07:25:07.415042: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:07.415044: | TS high c0 00 03 ff Sep 21 07:25:07.415046: | TSi: parsed 1 traffic selectors Sep 21 07:25:07.415049: | TSr: parsing 1 traffic selectors Sep 21 07:25:07.415051: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:07.415053: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.415055: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.415057: | length: 16 (0x10) Sep 21 07:25:07.415059: | start port: 0 (0x0) Sep 21 07:25:07.415062: | end port: 65535 (0xffff) Sep 21 07:25:07.415064: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:07.415066: | TS low c0 00 02 00 Sep 21 07:25:07.415068: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:07.415070: | TS high c0 00 02 ff Sep 21 07:25:07.415072: | TSr: parsed 1 traffic selectors Sep 21 07:25:07.415079: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:07.415084: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:07.415090: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:07.415094: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:07.415096: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:07.415098: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:07.415101: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:07.415105: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:07.415111: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:07.415113: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:07.415116: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:07.415118: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:07.415124: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:07.415126: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:07.415128: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:07.415130: | printing contents struct traffic_selector Sep 21 07:25:07.415132: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:07.415134: | ipprotoid: 0 Sep 21 07:25:07.415136: | port range: 0-65535 Sep 21 07:25:07.415140: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:07.415141: | printing contents struct traffic_selector Sep 21 07:25:07.415143: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:07.415145: | ipprotoid: 0 Sep 21 07:25:07.415147: | port range: 0-65535 Sep 21 07:25:07.415150: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:07.415164: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:07.415167: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:07.415170: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:07.415173: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:07.415175: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:07.415177: | local proposal 1 type DH has 1 transforms Sep 21 07:25:07.415179: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:07.415182: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:07.415184: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:07.415186: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:07.415188: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:07.415190: | local proposal 2 type DH has 1 transforms Sep 21 07:25:07.415193: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:07.415195: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:07.415198: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:07.415200: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:07.415202: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:07.415204: | local proposal 3 type DH has 1 transforms Sep 21 07:25:07.415206: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:07.415208: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:07.415211: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:07.415213: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:07.415215: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:07.415218: | local proposal 4 type DH has 1 transforms Sep 21 07:25:07.415220: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:07.415223: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:07.415226: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.415229: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:07.415231: | length: 32 (0x20) Sep 21 07:25:07.415233: | prop #: 1 (0x1) Sep 21 07:25:07.415235: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.415237: | spi size: 4 (0x4) Sep 21 07:25:07.415239: | # transforms: 2 (0x2) Sep 21 07:25:07.415243: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:07.415245: | remote SPI c8 a3 79 05 Sep 21 07:25:07.415248: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:07.415251: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.415253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.415255: | length: 12 (0xc) Sep 21 07:25:07.415258: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.415260: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.415265: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.415267: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.415270: | length/value: 256 (0x100) Sep 21 07:25:07.415274: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:07.415276: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.415279: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.415281: | length: 8 (0x8) Sep 21 07:25:07.415283: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.415285: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.415289: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:07.415292: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:07.415296: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:07.415298: | remote proposal 1 matches local proposal 1 Sep 21 07:25:07.415300: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:07.415305: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=c8a37905;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:07.415307: | converting proposal to internal trans attrs Sep 21 07:25:07.415312: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:07.415481: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:07.415487: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:25:07.415491: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:07.415493: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.415496: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:07.415499: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.415501: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:07.415506: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:07.415510: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:07.415513: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:07.415516: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:07.415519: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:07.415524: | setting IPsec SA replay-window to 32 Sep 21 07:25:07.415527: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:25:07.415531: | netlink: enabling tunnel mode Sep 21 07:25:07.415534: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:07.415536: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:07.415749: | netlink response for Add SA esp.c8a37905@192.1.2.23 included non-error error Sep 21 07:25:07.415756: | set up outgoing SA, ref=0/0 Sep 21 07:25:07.415760: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:07.415763: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:07.415766: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:07.415769: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:07.415773: | setting IPsec SA replay-window to 32 Sep 21 07:25:07.415776: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:25:07.415779: | netlink: enabling tunnel mode Sep 21 07:25:07.415782: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:07.415792: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:07.416068: | netlink response for Add SA esp.559b2361@192.1.3.33 included non-error error Sep 21 07:25:07.416075: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:07.416089: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:07.416093: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:07.416352: | raw_eroute result=success Sep 21 07:25:07.416358: | set up incoming SA, ref=0/0 Sep 21 07:25:07.416361: | sr for #2: unrouted Sep 21 07:25:07.416364: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:07.416368: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:07.416372: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.416375: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:07.416379: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.416381: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:07.416386: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:07.416391: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:07.416396: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:07.416405: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:07.416409: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:07.416547: | raw_eroute result=success Sep 21 07:25:07.416554: | running updown command "ipsec _updown" for verb up Sep 21 07:25:07.416557: | command executing up-client Sep 21 07:25:07.416599: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.416611: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.416634: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:25:07.416641: | popen cmd is 1406 chars long Sep 21 07:25:07.416645: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:25:07.416648: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:25:07.416652: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:25:07.416656: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:25:07.416659: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:25:07.416661: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:25:07.416664: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:25:07.416666: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:25:07.416669: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:25:07.416671: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:25:07.416677: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:07.416679: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:25:07.416681: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Sep 21 07:25:07.416684: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:25:07.416686: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:25:07.416688: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:25:07.416691: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:25:07.416693: | cmd(1360):c8a37905 SPI_OUT=0x559b2361 ipsec _updown 2>&1: Sep 21 07:25:07.481290: | route_and_eroute: firewall_notified: true Sep 21 07:25:07.481308: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:07.481312: | command executing prepare-client Sep 21 07:25:07.481351: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.481360: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.481382: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Sep 21 07:25:07.481385: | popen cmd is 1411 chars long Sep 21 07:25:07.481388: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:07.481391: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:25:07.481394: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:07.481396: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:25:07.481399: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:25:07.481401: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Sep 21 07:25:07.481404: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Sep 21 07:25:07.481406: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Sep 21 07:25:07.481409: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:25:07.481411: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:25:07.481414: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:25:07.481417: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:25:07.481419: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Sep 21 07:25:07.481426: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:25:07.481429: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:25:07.481431: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:25:07.481434: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:25:07.481436: | cmd(1360):IN=0xc8a37905 SPI_OUT=0x559b2361 ipsec _updown 2>&1: Sep 21 07:25:07.528046: | running updown command "ipsec _updown" for verb route Sep 21 07:25:07.528066: | command executing route-client Sep 21 07:25:07.528111: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.528123: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.528147: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Sep 21 07:25:07.528152: | popen cmd is 1409 chars long Sep 21 07:25:07.528155: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:25:07.528158: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Sep 21 07:25:07.528161: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Sep 21 07:25:07.528164: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:25:07.528167: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:25:07.528170: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:25:07.528173: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:25:07.528176: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:25:07.528179: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:25:07.528182: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:25:07.528184: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Sep 21 07:25:07.528187: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Sep 21 07:25:07.528190: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Sep 21 07:25:07.528192: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Sep 21 07:25:07.528195: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Sep 21 07:25:07.528198: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Sep 21 07:25:07.528205: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Sep 21 07:25:07.528208: | cmd(1360):=0xc8a37905 SPI_OUT=0x559b2361 ipsec _updown 2>&1: Sep 21 07:25:07.558230: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x5596586a1430,sr=0x5596586a1430} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:07.558679: | #1 spent 1.26 milliseconds in install_ipsec_sa() Sep 21 07:25:07.558689: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:07.558693: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:07.558696: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:07.558701: | libevent_free: release ptr-libevent@0x7fb92c006900 Sep 21 07:25:07.558705: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5596586b6bd0 Sep 21 07:25:07.558710: | #2 spent 6.88 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:07.558718: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.558722: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:07.558726: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:07.558729: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:07.558732: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:07.558739: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:07.558743: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:07.558746: | pstats #2 ikev2.child established Sep 21 07:25:07.558754: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:07.558766: | NAT-T: encaps is 'auto' Sep 21 07:25:07.558771: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xc8a37905 <0x559b2361 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:07.558775: | releasing whack for #2 (sock=fd@26) Sep 21 07:25:07.558778: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:25:07.558781: | releasing whack and unpending for parent #1 Sep 21 07:25:07.558786: | unpending state #1 connection "northnet-eastnets/0x1" Sep 21 07:25:07.558794: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Sep 21 07:25:07.558796: | removing pending policy for no connection {0x559658649430} Sep 21 07:25:07.558800: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:07.558805: | creating state object #3 at 0x5596586c6e30 Sep 21 07:25:07.558808: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:07.558816: | pstats #3 ikev2.child started Sep 21 07:25:07.558820: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:25:07.558825: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:07.558833: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:07.558839: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:07.558844: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:07.558848: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:25:07.558852: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:07.558856: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:25:07.558864: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:07.558871: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.558874: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:07.558878: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.558881: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:07.558885: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.558888: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:07.558892: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.558900: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.558911: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:25:07.558916: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x5596586bb210 Sep 21 07:25:07.558920: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:25:07.558924: | libevent_malloc: new ptr-libevent@0x7fb92c006900 size 128 Sep 21 07:25:07.558932: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:07.558937: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:07.558941: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Sep 21 07:25:07.558944: | removing pending policy for no connection {0x5596586494b0} Sep 21 07:25:07.558948: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:25:07.558952: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:07.558955: | event_schedule: new EVENT_SA_REKEY-pe@0x5596586add20 Sep 21 07:25:07.558958: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:07.558961: | libevent_malloc: new ptr-libevent@0x5596586cf920 size 128 Sep 21 07:25:07.558963: | libevent_realloc: release ptr-libevent@0x559658683f80 Sep 21 07:25:07.558966: | libevent_realloc: new ptr-libevent@0x5596586cfaf0 size 128 Sep 21 07:25:07.558969: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.558974: | #1 spent 7.41 milliseconds in ikev2_process_packet() Sep 21 07:25:07.558978: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.558982: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.558987: | spent 7.42 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.559003: | timer_event_cb: processing event@0x5596586bb210 Sep 21 07:25:07.559007: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:25:07.559013: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:07.559019: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:25:07.559022: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5596586b0c70 Sep 21 07:25:07.559026: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:07.559029: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:07.559037: | libevent_free: release ptr-libevent@0x7fb92c006900 Sep 21 07:25:07.559042: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x5596586bb210 Sep 21 07:25:07.559042: | crypto helper 1 resuming Sep 21 07:25:07.559055: | crypto helper 1 starting work-order 3 for state #3 Sep 21 07:25:07.559061: | crypto helper 1 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:25:07.559046: | #3 spent 0.0427 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:07.559306: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:07.559311: | processing signal PLUTO_SIGCHLD Sep 21 07:25:07.559318: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:07.559324: | spent 0.00649 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:07.559327: | processing signal PLUTO_SIGCHLD Sep 21 07:25:07.559331: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:07.559335: | spent 0.00403 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:07.559338: | processing signal PLUTO_SIGCHLD Sep 21 07:25:07.559341: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:07.559345: | spent 0.00334 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:07.560009: | crypto helper 1 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000948 seconds Sep 21 07:25:07.560022: | (#3) spent 0.956 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:25:07.560025: | crypto helper 1 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:07.560029: | scheduling resume sending helper answer for #3 Sep 21 07:25:07.560032: | libevent_malloc: new ptr-libevent@0x7fb928006900 size 128 Sep 21 07:25:07.560041: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:07.560052: | processing resume sending helper answer for #3 Sep 21 07:25:07.560063: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:07.560069: | crypto helper 1 replies to request ID 3 Sep 21 07:25:07.560072: | calling continuation function 0x559656c5e630 Sep 21 07:25:07.560077: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:25:07.560080: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:07.560083: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:07.560086: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5596586b0c70 Sep 21 07:25:07.560089: | event_schedule: new EVENT_SA_REPLACE-pe@0x5596586b0c70 Sep 21 07:25:07.560093: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:25:07.560096: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:07.560102: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:07.560105: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:07.560108: | libevent_malloc: new ptr-libevent@0x7fb92c006900 size 128 Sep 21 07:25:07.560115: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.560120: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:25:07.560123: | suspending state #3 and saving MD Sep 21 07:25:07.560126: | #3 is busy; has a suspended MD Sep 21 07:25:07.560131: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:07.560136: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:07.560140: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:25:07.560146: | #3 spent 0.076 milliseconds in resume sending helper answer Sep 21 07:25:07.560151: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:07.560157: | libevent_free: release ptr-libevent@0x7fb928006900 Sep 21 07:25:07.560162: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:07.560167: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:07.560172: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:07.560177: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:07.560181: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:07.560187: | **emit ISAKMP Message: Sep 21 07:25:07.560190: | initiator cookie: Sep 21 07:25:07.560192: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.560194: | responder cookie: Sep 21 07:25:07.560196: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.560199: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:07.560202: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.560204: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:07.560207: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:07.560210: | Message ID: 2 (0x2) Sep 21 07:25:07.560212: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:07.560216: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:07.560218: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.560221: | flags: none (0x0) Sep 21 07:25:07.560224: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:07.560227: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.560230: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:07.560257: | netlink_get_spi: allocated 0xcea9d904 for esp.0@192.1.3.33 Sep 21 07:25:07.560262: | Emitting ikev2_proposals ... Sep 21 07:25:07.560265: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:07.560269: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.560272: | flags: none (0x0) Sep 21 07:25:07.560275: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:07.560279: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.560282: | discarding INTEG=NONE Sep 21 07:25:07.560285: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.560288: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.560291: | prop #: 1 (0x1) Sep 21 07:25:07.560294: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.560296: | spi size: 4 (0x4) Sep 21 07:25:07.560298: | # transforms: 3 (0x3) Sep 21 07:25:07.560301: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.560305: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.560307: | our spi ce a9 d9 04 Sep 21 07:25:07.560309: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560316: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.560319: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.560323: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560326: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.560329: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.560332: | length/value: 256 (0x100) Sep 21 07:25:07.560339: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.560342: | discarding INTEG=NONE Sep 21 07:25:07.560345: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560351: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.560354: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.560358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560366: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560368: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.560371: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.560373: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.560377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560383: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560386: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:07.560390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.560393: | discarding INTEG=NONE Sep 21 07:25:07.560396: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.560399: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.560401: | prop #: 2 (0x2) Sep 21 07:25:07.560404: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.560407: | spi size: 4 (0x4) Sep 21 07:25:07.560410: | # transforms: 3 (0x3) Sep 21 07:25:07.560414: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.560417: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.560421: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.560423: | our spi ce a9 d9 04 Sep 21 07:25:07.560426: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560430: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.560433: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.560436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560438: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.560440: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.560443: | length/value: 128 (0x80) Sep 21 07:25:07.560446: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.560449: | discarding INTEG=NONE Sep 21 07:25:07.560452: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560455: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560458: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.560461: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.560464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560473: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560476: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560479: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.560482: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.560485: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.560488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560494: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560496: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:07.560499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.560501: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.560504: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.560506: | prop #: 3 (0x3) Sep 21 07:25:07.560508: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.560511: | spi size: 4 (0x4) Sep 21 07:25:07.560513: | # transforms: 5 (0x5) Sep 21 07:25:07.560516: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.560520: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.560523: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.560526: | our spi ce a9 d9 04 Sep 21 07:25:07.560529: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560532: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560534: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.560537: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:07.560541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560544: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.560547: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.560550: | length/value: 256 (0x100) Sep 21 07:25:07.560553: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.560556: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560562: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.560565: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:07.560567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560573: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560575: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560580: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.560582: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:07.560585: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560588: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560591: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560594: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560602: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.560605: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.560608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560614: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560617: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560620: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.560623: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.560626: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.560630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560633: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560636: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560639: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:07.560642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.560644: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.560647: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:07.560649: | prop #: 4 (0x4) Sep 21 07:25:07.560651: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.560654: | spi size: 4 (0x4) Sep 21 07:25:07.560656: | # transforms: 5 (0x5) Sep 21 07:25:07.560659: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:07.560662: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:07.560665: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:07.560667: | our spi ce a9 d9 04 Sep 21 07:25:07.560670: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560676: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.560679: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:07.560682: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560685: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.560688: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.560691: | length/value: 128 (0x80) Sep 21 07:25:07.560694: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:07.560697: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560703: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.560706: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:07.560710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560713: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560716: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560718: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560723: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:07.560726: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:07.560730: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560735: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560738: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560743: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.560746: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.560750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560753: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560756: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560759: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:07.560762: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.560765: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.560768: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.560771: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.560775: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:07.560778: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:07.560781: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:07.560792: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:07.560798: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:25:07.560801: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:07.560804: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:07.560806: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.560809: | flags: none (0x0) Sep 21 07:25:07.560812: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:07.560815: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.560819: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:07.560822: | IKEv2 nonce 4b d4 c7 23 62 3e ea 06 8d 6d 66 c4 6a 7d 01 c3 Sep 21 07:25:07.560825: | IKEv2 nonce 4c 3f 37 c8 96 31 4e 62 3e d6 32 af 07 f7 bb c2 Sep 21 07:25:07.560828: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:07.560831: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:07.560834: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.560836: | flags: none (0x0) Sep 21 07:25:07.560839: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.560843: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:07.560846: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.560850: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:07.560853: | ikev2 g^x 2f 82 e3 6c ae 53 98 a9 a2 e6 9e 9c a0 ac 30 08 Sep 21 07:25:07.560856: | ikev2 g^x d6 d2 e4 d3 7c a2 6b 69 b9 37 f1 38 6f 4c ba cb Sep 21 07:25:07.560858: | ikev2 g^x 50 93 d9 35 87 df 2b ee 1f 62 c0 93 81 58 ef 6a Sep 21 07:25:07.560861: | ikev2 g^x b2 81 d6 2e 8d 87 d7 46 9b bc fd 1f 41 60 7b 62 Sep 21 07:25:07.560866: | ikev2 g^x d1 5d 5e 35 da bd d4 59 c5 1d 9b 68 d9 75 24 94 Sep 21 07:25:07.560868: | ikev2 g^x e7 4f 8b ef 99 1d 0b 6e 0f 88 8c bc c0 30 07 d8 Sep 21 07:25:07.560871: | ikev2 g^x d3 c9 df d1 ca 3c a6 eb 20 87 8c ad 5b 9c eb b1 Sep 21 07:25:07.560873: | ikev2 g^x 00 3b 5f fe a0 a6 ca 6e 68 a7 55 2a 81 32 05 a9 Sep 21 07:25:07.560875: | ikev2 g^x 09 79 6f 2d 35 2f 50 b7 d9 94 d4 76 de a7 43 07 Sep 21 07:25:07.560878: | ikev2 g^x c6 4b e5 c7 31 78 69 04 13 93 ee ff 31 24 7e 5f Sep 21 07:25:07.560880: | ikev2 g^x 5f 27 01 9c 71 cb 00 98 3e 5b 3d d2 cc 88 fc be Sep 21 07:25:07.560882: | ikev2 g^x ed 88 be d5 d7 a9 86 69 61 17 56 19 a7 f7 a2 18 Sep 21 07:25:07.560885: | ikev2 g^x d3 89 9c 91 a2 58 75 b6 b1 25 4b 44 ed 37 09 6e Sep 21 07:25:07.560888: | ikev2 g^x 41 f5 f3 ef f2 52 2d 1e bf 1b 32 ce b9 39 8f 13 Sep 21 07:25:07.560891: | ikev2 g^x dc a4 98 3d a4 80 40 eb 83 64 65 04 f9 7c bb 08 Sep 21 07:25:07.560893: | ikev2 g^x 76 ea 37 29 cf e1 01 73 e9 22 01 4e a9 14 f7 69 Sep 21 07:25:07.560897: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:07.560901: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:07.560904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.560907: | flags: none (0x0) Sep 21 07:25:07.560909: | number of TS: 1 (0x1) Sep 21 07:25:07.560913: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:07.560917: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.560920: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:07.560923: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.560926: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.560929: | start port: 0 (0x0) Sep 21 07:25:07.560931: | end port: 65535 (0xffff) Sep 21 07:25:07.560935: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:07.560937: | IP start c0 00 03 00 Sep 21 07:25:07.560940: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:07.560942: | IP end c0 00 03 ff Sep 21 07:25:07.560944: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:07.560947: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:07.560950: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:07.560952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.560954: | flags: none (0x0) Sep 21 07:25:07.560957: | number of TS: 1 (0x1) Sep 21 07:25:07.560960: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:07.560962: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:07.560965: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:07.560967: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.560969: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.560971: | start port: 0 (0x0) Sep 21 07:25:07.560974: | end port: 65535 (0xffff) Sep 21 07:25:07.560976: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:07.560979: | IP start c0 00 16 00 Sep 21 07:25:07.560981: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:07.560983: | IP end c0 00 16 ff Sep 21 07:25:07.560985: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:07.560987: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:07.560990: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:07.560993: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:07.560996: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:07.561001: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:07.561003: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:25:07.561006: | emitting length of ISAKMP Message: 601 Sep 21 07:25:07.561025: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.561031: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:25:07.561035: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:25:07.561039: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:25:07.561043: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:25:07.561046: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:07.561053: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:25:07.561057: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:07.561072: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:07.561079: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:07.561081: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.561084: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:25:07.561086: | b5 89 5b 3d c2 f1 af ed b9 a1 ab 18 2e 4b 2d 0e Sep 21 07:25:07.561088: | 3b 45 35 2f 67 97 46 40 56 ed 5a d1 e3 fa 34 54 Sep 21 07:25:07.561090: | 5a 25 d8 46 b7 f9 25 ab 38 b7 d0 1a 2b 87 ca bd Sep 21 07:25:07.561093: | be 00 6d 61 6e 50 38 74 61 fc 81 f1 5b ee be 2d Sep 21 07:25:07.561095: | aa c8 93 ed 96 88 88 ce 0b fa e7 1c 08 6d a6 69 Sep 21 07:25:07.561098: | 5a a5 5a 21 96 44 c0 0d 7c d1 91 63 d0 05 fc 31 Sep 21 07:25:07.561100: | 9f 17 ac 38 3d b2 db 45 3e b8 b4 d4 77 e3 45 a0 Sep 21 07:25:07.561103: | 18 5f 83 5d 3d 7f 7a bb 36 0d 9a 31 69 8a d4 15 Sep 21 07:25:07.561106: | f1 9b b2 89 fc e7 5a 51 2b 91 5e b6 34 f5 e6 28 Sep 21 07:25:07.561108: | 94 29 20 a6 dc e5 78 55 d9 78 4a 88 60 b4 bb 9a Sep 21 07:25:07.561111: | 20 4b e8 58 0b b3 17 38 c1 c6 a6 4a e3 3e d3 fa Sep 21 07:25:07.561114: | 35 34 c6 ff 87 cf 03 c5 df f2 5a 80 2a f6 e6 29 Sep 21 07:25:07.561116: | 13 4f a5 da 11 d6 3e ff 1c 83 0f e0 f8 81 a2 29 Sep 21 07:25:07.561119: | 83 9a 4e c2 95 cc ad f7 cb 8b 63 16 a4 6b af 31 Sep 21 07:25:07.561122: | 50 f0 22 bb 45 b3 b6 da f7 0c ad 28 b6 f6 8b 23 Sep 21 07:25:07.561124: | cf fd f6 c1 c8 38 2b d8 6a b1 f6 dc 8d 62 5f 45 Sep 21 07:25:07.561127: | 01 b0 1a 4d e3 7c 04 45 69 30 e1 86 ed 0e 8e 1a Sep 21 07:25:07.561130: | 45 bc 79 bf e0 92 7c 30 83 b0 a3 54 68 2f 03 70 Sep 21 07:25:07.561132: | 46 ba ee 29 8b c9 8b 52 54 21 4d da 33 32 55 92 Sep 21 07:25:07.561135: | 9a 66 9a 4a b3 8a 6f 96 25 09 a2 fb 94 80 82 3f Sep 21 07:25:07.561138: | 7a 7f 7a 13 2f 91 94 3d 7f 69 e7 53 e9 01 84 c3 Sep 21 07:25:07.561141: | 0e 34 0f d2 02 fd 7a 38 1a db c7 11 cf b2 c3 3f Sep 21 07:25:07.561143: | 65 c8 e5 6c 81 e2 26 cf 6c 7d 07 3a 28 39 11 1f Sep 21 07:25:07.561146: | 6f f6 fe fd 45 29 7d 59 70 05 41 69 f1 fd 74 2c Sep 21 07:25:07.561148: | dc 98 8f 6e 86 fc bf 59 78 0e 91 e3 bf ec eb cf Sep 21 07:25:07.561150: | 1d 5c 79 d9 e7 0e 93 76 10 47 f1 00 8f 44 6c 7f Sep 21 07:25:07.561152: | 1e 01 82 f9 26 de 0f 7c a1 f7 3e 2f b5 fc 8e b4 Sep 21 07:25:07.561155: | b1 88 c7 46 90 29 98 6c ec b8 9d f5 c2 5c 0d 5b Sep 21 07:25:07.561157: | b2 f2 97 89 6b f8 c8 ba c8 4a 19 5d b0 19 a9 0d Sep 21 07:25:07.561159: | 11 c3 19 19 f6 b8 0c b8 e3 f5 29 38 e5 f2 94 d4 Sep 21 07:25:07.561162: | 29 13 c9 47 af a7 7e cc 9b 88 cc d7 45 7f 08 ae Sep 21 07:25:07.561164: | c5 50 86 ef ef f2 6e cd 9e 21 a0 71 79 5f 2f 53 Sep 21 07:25:07.561168: | 45 1a 43 d5 68 76 f9 b4 57 d7 96 14 b8 e7 30 c3 Sep 21 07:25:07.561171: | 4d 5c 1f 2f f5 5b 89 6f 38 80 e8 61 04 29 f5 68 Sep 21 07:25:07.561173: | 7e 8c d6 92 84 94 eb 5e 16 1b 45 0e 0e d9 a3 5e Sep 21 07:25:07.561175: | ee 0d 92 d2 46 41 0b 33 74 Sep 21 07:25:07.561240: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:07.561244: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:07.561247: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5596586b0c70 Sep 21 07:25:07.561250: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:07.561254: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:07.561261: | event_schedule: new EVENT_RETRANSMIT-pe@0x5596586b0c70 Sep 21 07:25:07.561265: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Sep 21 07:25:07.561269: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:07.561275: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49353.929525 Sep 21 07:25:07.561281: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:07.561287: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:07.561293: | #1 spent 1.08 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:07.561298: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:07.561302: | libevent_free: release ptr-libevent@0x7fb92c006900 Sep 21 07:25:07.582726: | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:07.582748: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:07.582752: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.582755: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:25:07.582758: | a1 d8 8b 6a 0e ba db 18 4c b0 62 fc 2b 1f f3 53 Sep 21 07:25:07.582760: | d4 00 72 64 3c 13 e3 d0 7d b8 7c 32 59 bd 05 7c Sep 21 07:25:07.582762: | c2 5e 8b 3c b6 d7 a4 b4 ae c6 e2 6f c7 fd 24 e0 Sep 21 07:25:07.582764: | b5 bc 3e 46 0b ee 93 45 52 c7 f7 7a 67 ed 1d 45 Sep 21 07:25:07.582767: | e6 1d 2c 34 0f 9f 6a ac 17 b2 f0 ad aa 07 1b d9 Sep 21 07:25:07.582769: | 82 13 a3 dd 23 ea 40 cb 7d f2 d5 8e 06 83 bb 1f Sep 21 07:25:07.582771: | eb 6a 1b 5c a2 56 16 d2 0e f0 ec d1 c8 96 b8 ed Sep 21 07:25:07.582774: | f8 17 bf 46 59 13 d0 f6 75 52 33 5d a7 29 64 88 Sep 21 07:25:07.582776: | 2c 15 3a d4 28 b3 7b aa 0d 12 8d cd 4b d9 26 f4 Sep 21 07:25:07.582778: | 6d df c8 9c 3b bb 3b 3e 79 0c da 03 ba 64 8f 11 Sep 21 07:25:07.582781: | 46 9a 46 eb 12 12 8d ef 85 c5 94 80 f1 e4 42 a9 Sep 21 07:25:07.582786: | 84 bd 8a 2c 9d ff 66 d0 25 df 18 c1 11 89 85 a7 Sep 21 07:25:07.582791: | 37 6c 9a 3f 85 d6 dd cd ae 1c fa 51 f8 04 b3 cf Sep 21 07:25:07.582793: | 65 74 c7 4d 87 ff 10 fa ea 70 80 a5 8b eb b6 03 Sep 21 07:25:07.582795: | b3 93 7c 12 fe 48 9d c9 8c d8 41 81 8c e9 f9 c5 Sep 21 07:25:07.582797: | 16 a0 dd 94 70 01 c3 9b e9 0b 10 f1 c2 27 e6 64 Sep 21 07:25:07.582799: | 5b 85 af 57 9e 6b 68 63 08 0b 3f 12 cf 9b df 3b Sep 21 07:25:07.582802: | b8 50 ec 72 20 5c 1d 39 9f 7c 10 37 e7 4d 1d 21 Sep 21 07:25:07.582804: | de 8f 89 c2 50 62 76 d4 cd 91 7b 89 08 8e 1f 80 Sep 21 07:25:07.582806: | 39 5a 21 03 d8 99 8a b5 5c 3d fc ce 07 e8 ec 3e Sep 21 07:25:07.582808: | 32 ed 2c 1e 71 54 2f 7c 13 1d 5b 81 aa c8 5a 03 Sep 21 07:25:07.582810: | 0f 0c e5 eb 94 ae d5 1b 11 74 12 a5 37 c2 1e 4f Sep 21 07:25:07.582812: | a6 2b f5 44 48 60 55 ef 21 bf ab 62 e8 44 69 86 Sep 21 07:25:07.582815: | 24 34 fb 22 85 fa 97 72 3a e8 e3 b5 6d 6a 22 9e Sep 21 07:25:07.582817: | f3 09 b5 e0 d2 47 8e 98 a4 81 85 53 3f 05 e0 7b Sep 21 07:25:07.582822: | 70 64 79 5f 8c a7 d2 15 30 68 6c 2d 92 cd f8 6f Sep 21 07:25:07.582824: | cc Sep 21 07:25:07.582829: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:07.582833: | **parse ISAKMP Message: Sep 21 07:25:07.582836: | initiator cookie: Sep 21 07:25:07.582838: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:07.582840: | responder cookie: Sep 21 07:25:07.582842: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:07.582845: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:07.582848: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:07.582851: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:07.582854: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:07.582856: | Message ID: 2 (0x2) Sep 21 07:25:07.582858: | length: 449 (0x1c1) Sep 21 07:25:07.582861: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:07.582865: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:25:07.582869: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:07.582876: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:07.582880: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:25:07.582885: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.582889: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:07.582892: | #3 is idle Sep 21 07:25:07.582894: | #3 idle Sep 21 07:25:07.582896: | unpacking clear payload Sep 21 07:25:07.582899: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:07.582902: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:07.582904: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:07.582907: | flags: none (0x0) Sep 21 07:25:07.582909: | length: 421 (0x1a5) Sep 21 07:25:07.582912: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:25:07.582914: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:07.582930: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:07.582933: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:07.582936: | **parse IKEv2 Security Association Payload: Sep 21 07:25:07.582938: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:07.582941: | flags: none (0x0) Sep 21 07:25:07.582943: | length: 44 (0x2c) Sep 21 07:25:07.582945: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:25:07.582948: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:07.582950: | **parse IKEv2 Nonce Payload: Sep 21 07:25:07.582953: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:07.582955: | flags: none (0x0) Sep 21 07:25:07.582957: | length: 36 (0x24) Sep 21 07:25:07.582959: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:07.582962: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:07.582964: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:07.582967: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:07.582969: | flags: none (0x0) Sep 21 07:25:07.582971: | length: 264 (0x108) Sep 21 07:25:07.582973: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.582976: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:07.582978: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:07.582981: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:07.582983: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:07.582985: | flags: none (0x0) Sep 21 07:25:07.582987: | length: 24 (0x18) Sep 21 07:25:07.582990: | number of TS: 1 (0x1) Sep 21 07:25:07.582992: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:07.582996: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:07.582999: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:07.583002: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:07.583004: | flags: none (0x0) Sep 21 07:25:07.583006: | length: 24 (0x18) Sep 21 07:25:07.583008: | number of TS: 1 (0x1) Sep 21 07:25:07.583011: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:07.583013: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:07.583019: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:07.583022: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:25:07.583024: | Now let's proceed with state specific processing Sep 21 07:25:07.583026: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:07.583041: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.583045: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:07.583048: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:07.583051: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:07.583053: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:07.583056: | local proposal 1 type DH has 1 transforms Sep 21 07:25:07.583058: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:07.583061: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:25:07.583064: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:07.583066: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:07.583069: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:07.583071: | local proposal 2 type DH has 1 transforms Sep 21 07:25:07.583074: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:07.583076: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:25:07.583078: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:07.583080: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:07.583083: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:07.583085: | local proposal 3 type DH has 1 transforms Sep 21 07:25:07.583088: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:07.583091: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:07.583093: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:07.583095: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:07.583097: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:07.583100: | local proposal 4 type DH has 1 transforms Sep 21 07:25:07.583102: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:07.583104: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:07.583107: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:07.583110: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:07.583112: | length: 40 (0x28) Sep 21 07:25:07.583115: | prop #: 1 (0x1) Sep 21 07:25:07.583117: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:07.583119: | spi size: 4 (0x4) Sep 21 07:25:07.583122: | # transforms: 3 (0x3) Sep 21 07:25:07.583125: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:07.583127: | remote SPI a9 c1 7f a2 Sep 21 07:25:07.583130: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:07.583133: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.583135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.583139: | length: 12 (0xc) Sep 21 07:25:07.583141: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:07.583144: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:07.583146: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:07.583149: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:07.583151: | length/value: 256 (0x100) Sep 21 07:25:07.583155: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:07.583157: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.583159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:07.583161: | length: 8 (0x8) Sep 21 07:25:07.583163: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:07.583165: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:07.583168: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:07.583171: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:07.583349: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:07.583356: | length: 8 (0x8) Sep 21 07:25:07.583359: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:07.583362: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:07.583366: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:07.583370: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:25:07.583374: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:25:07.583376: | remote proposal 1 matches local proposal 1 Sep 21 07:25:07.583379: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:25:07.583385: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=a9c17fa2;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:25:07.583387: | converting proposal to internal trans attrs Sep 21 07:25:07.583392: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:25:07.583397: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:25:07.583400: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:07.583402: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:25:07.583406: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:07.583409: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5596586b0c70 Sep 21 07:25:07.583412: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5596586b0c70 Sep 21 07:25:07.583415: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:07.583418: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:07.583431: | #3 spent 0.226 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:25:07.583433: | crypto helper 2 resuming Sep 21 07:25:07.583438: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.583454: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:25:07.583458: | suspending state #3 and saving MD Sep 21 07:25:07.583460: | #3 is busy; has a suspended MD Sep 21 07:25:07.583464: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:07.583468: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:07.583472: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:07.583477: | #1 spent 0.561 milliseconds in ikev2_process_packet() Sep 21 07:25:07.583481: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:07.583486: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:07.583489: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:07.583493: | spent 0.578 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:07.583446: | crypto helper 2 starting work-order 4 for state #3 Sep 21 07:25:07.583506: | crypto helper 2 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:25:07.584312: | crypto helper 2 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000805 seconds Sep 21 07:25:07.584328: | (#3) spent 0.811 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:25:07.584332: | crypto helper 2 sending results from work-order 4 for state #3 to event queue Sep 21 07:25:07.584335: | scheduling resume sending helper answer for #3 Sep 21 07:25:07.584339: | libevent_malloc: new ptr-libevent@0x7fb91c001ef0 size 128 Sep 21 07:25:07.584349: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:07.584361: | processing resume sending helper answer for #3 Sep 21 07:25:07.584367: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:07.584371: | crypto helper 2 replies to request ID 4 Sep 21 07:25:07.584374: | calling continuation function 0x559656c5f4f0 Sep 21 07:25:07.584378: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:25:07.584382: | TSi: parsing 1 traffic selectors Sep 21 07:25:07.584385: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:07.584387: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.584390: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.584392: | length: 16 (0x10) Sep 21 07:25:07.584394: | start port: 0 (0x0) Sep 21 07:25:07.584397: | end port: 65535 (0xffff) Sep 21 07:25:07.584400: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:07.584403: | TS low c0 00 03 00 Sep 21 07:25:07.584405: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:07.584407: | TS high c0 00 03 ff Sep 21 07:25:07.584410: | TSi: parsed 1 traffic selectors Sep 21 07:25:07.584412: | TSr: parsing 1 traffic selectors Sep 21 07:25:07.584415: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:07.584417: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:07.584420: | IP Protocol ID: 0 (0x0) Sep 21 07:25:07.584422: | length: 16 (0x10) Sep 21 07:25:07.584425: | start port: 0 (0x0) Sep 21 07:25:07.584427: | end port: 65535 (0xffff) Sep 21 07:25:07.584429: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:07.584432: | TS low c0 00 16 00 Sep 21 07:25:07.584434: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:07.584436: | TS high c0 00 16 ff Sep 21 07:25:07.584438: | TSr: parsed 1 traffic selectors Sep 21 07:25:07.584446: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:07.584451: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:07.584458: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:07.584462: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:07.584465: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:07.584468: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:07.584471: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:07.584476: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:07.584482: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:07.584485: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:07.584488: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:07.584490: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:07.584493: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:07.584499: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:07.584502: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:07.584504: | printing contents struct traffic_selector Sep 21 07:25:07.584507: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:07.584509: | ipprotoid: 0 Sep 21 07:25:07.584511: | port range: 0-65535 Sep 21 07:25:07.584516: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:07.584518: | printing contents struct traffic_selector Sep 21 07:25:07.584520: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:07.584522: | ipprotoid: 0 Sep 21 07:25:07.584524: | port range: 0-65535 Sep 21 07:25:07.584528: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:25:07.584532: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:07.584712: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:25:07.584718: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:25:07.584721: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:07.584724: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.584727: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:07.584730: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.584733: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:07.584737: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:07.584741: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:07.584744: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:07.584747: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:07.584750: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:07.584754: | setting IPsec SA replay-window to 32 Sep 21 07:25:07.584757: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:25:07.584761: | netlink: enabling tunnel mode Sep 21 07:25:07.584763: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:07.584766: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:07.584881: | netlink response for Add SA esp.a9c17fa2@192.1.2.23 included non-error error Sep 21 07:25:07.584891: | set up outgoing SA, ref=0/0 Sep 21 07:25:07.584896: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:07.584899: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:07.584902: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:07.584905: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:07.584909: | setting IPsec SA replay-window to 32 Sep 21 07:25:07.584913: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:25:07.584915: | netlink: enabling tunnel mode Sep 21 07:25:07.584918: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:07.584921: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:07.585021: | netlink response for Add SA esp.cea9d904@192.1.3.33 included non-error error Sep 21 07:25:07.585027: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:07.585036: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:07.585039: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:07.585168: | raw_eroute result=success Sep 21 07:25:07.585174: | set up incoming SA, ref=0/0 Sep 21 07:25:07.585177: | sr for #3: unrouted Sep 21 07:25:07.585181: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:07.585184: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:07.585188: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.585191: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:07.585195: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:07.585203: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:07.585208: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:07.585212: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:25:07.585216: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:07.585224: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:07.585227: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:07.585299: | raw_eroute result=success Sep 21 07:25:07.585305: | running updown command "ipsec _updown" for verb up Sep 21 07:25:07.585309: | command executing up-client Sep 21 07:25:07.585348: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.585360: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.585383: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:25:07.585387: | popen cmd is 1408 chars long Sep 21 07:25:07.585390: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:25:07.585394: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:25:07.585397: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:25:07.585400: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:25:07.585402: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:25:07.585405: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:25:07.585408: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:25:07.585411: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:25:07.585414: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Sep 21 07:25:07.585417: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:25:07.585420: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:25:07.585423: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:25:07.585426: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Sep 21 07:25:07.585428: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:25:07.585431: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:25:07.585434: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:25:07.585439: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:25:07.585442: | cmd(1360):0xa9c17fa2 SPI_OUT=0xcea9d904 ipsec _updown 2>&1: Sep 21 07:25:07.621013: | route_and_eroute: firewall_notified: true Sep 21 07:25:07.621030: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:07.621035: | command executing prepare-client Sep 21 07:25:07.621074: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.621083: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.621106: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Sep 21 07:25:07.621110: | popen cmd is 1413 chars long Sep 21 07:25:07.621113: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:07.621116: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:25:07.621118: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:07.621121: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:25:07.621124: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:25:07.621127: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Sep 21 07:25:07.621129: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Sep 21 07:25:07.621132: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Sep 21 07:25:07.621134: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:25:07.621137: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:25:07.621139: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Sep 21 07:25:07.621142: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Sep 21 07:25:07.621144: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Sep 21 07:25:07.621147: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Sep 21 07:25:07.621149: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Sep 21 07:25:07.621152: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Sep 21 07:25:07.621155: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Sep 21 07:25:07.621157: | cmd(1360):I_IN=0xa9c17fa2 SPI_OUT=0xcea9d904 ipsec _updown 2>&1: Sep 21 07:25:07.633315: | running updown command "ipsec _updown" for verb route Sep 21 07:25:07.633335: | command executing route-client Sep 21 07:25:07.633374: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.633383: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:07.633405: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Sep 21 07:25:07.633408: | popen cmd is 1411 chars long Sep 21 07:25:07.633411: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:25:07.633414: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Sep 21 07:25:07.633416: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Sep 21 07:25:07.633419: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:25:07.633421: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:25:07.633424: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Sep 21 07:25:07.633426: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:25:07.633429: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:25:07.633431: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Sep 21 07:25:07.633434: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:25:07.633436: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:25:07.633439: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:25:07.633442: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Sep 21 07:25:07.633444: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:25:07.633447: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:25:07.633449: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:25:07.633452: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:25:07.633454: | cmd(1360):IN=0xa9c17fa2 SPI_OUT=0xcea9d904 ipsec _updown 2>&1: Sep 21 07:25:07.653893: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x5596586ab030,sr=0x5596586ab030} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:07.654061: | #1 spent 1.19 milliseconds in install_ipsec_sa() Sep 21 07:25:07.654068: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:25:07.654072: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:07.654077: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:07.654084: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5596586b0c70 Sep 21 07:25:07.654093: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:07.654097: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:25:07.654100: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:25:07.654103: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:07.654106: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:25:07.654112: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:25:07.654117: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:07.654120: | pstats #3 ikev2.child established Sep 21 07:25:07.654129: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:25:07.654141: | NAT-T: encaps is 'auto' Sep 21 07:25:07.654147: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xa9c17fa2 <0xcea9d904 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:25:07.654151: | releasing whack for #3 (sock=fd@25) Sep 21 07:25:07.654157: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:25:07.654160: | releasing whack and unpending for parent #1 Sep 21 07:25:07.654163: | unpending state #1 connection "northnet-eastnets/0x2" Sep 21 07:25:07.654167: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:25:07.654171: | event_schedule: new EVENT_SA_REKEY-pe@0x5596586b0c70 Sep 21 07:25:07.654174: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:25:07.654178: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:07.654185: | #3 spent 1.66 milliseconds in resume sending helper answer Sep 21 07:25:07.654189: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:07.654193: | libevent_free: release ptr-libevent@0x7fb91c001ef0 Sep 21 07:25:07.654204: | processing signal PLUTO_SIGCHLD Sep 21 07:25:07.654209: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:07.654213: | spent 0.00495 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:07.654216: | processing signal PLUTO_SIGCHLD Sep 21 07:25:07.654219: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:07.654223: | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:07.654225: | processing signal PLUTO_SIGCHLD Sep 21 07:25:07.654228: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:07.654232: | spent 0.00342 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:07.735227: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:07.735507: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:07.735515: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:07.735711: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:07.735716: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:07.735727: | get_sa_info esp.559b2361@192.1.3.33 Sep 21 07:25:07.736211: | get_sa_info esp.c8a37905@192.1.2.23 Sep 21 07:25:07.736243: | get_sa_info esp.cea9d904@192.1.3.33 Sep 21 07:25:07.736252: | get_sa_info esp.a9c17fa2@192.1.2.23 Sep 21 07:25:07.736274: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:07.736311: | spent 0.938 milliseconds in whack Sep 21 07:25:10.109344: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:10.109366: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:10.109370: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:10.109375: | get_sa_info esp.559b2361@192.1.3.33 Sep 21 07:25:10.109389: | get_sa_info esp.c8a37905@192.1.2.23 Sep 21 07:25:10.109405: | get_sa_info esp.cea9d904@192.1.3.33 Sep 21 07:25:10.109410: | get_sa_info esp.a9c17fa2@192.1.2.23 Sep 21 07:25:10.109429: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:10.109436: | spent 0.102 milliseconds in whack Sep 21 07:25:11.042297: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:11.042508: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:11.042514: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:11.042695: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:11.042699: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:11.042709: | get_sa_info esp.559b2361@192.1.3.33 Sep 21 07:25:11.042726: | get_sa_info esp.c8a37905@192.1.2.23 Sep 21 07:25:11.042747: | get_sa_info esp.cea9d904@192.1.3.33 Sep 21 07:25:11.042755: | get_sa_info esp.a9c17fa2@192.1.2.23 Sep 21 07:25:11.042776: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:11.042800: | spent 0.496 milliseconds in whack Sep 21 07:25:11.427561: | spent 0.00409 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:11.427596: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:11.427601: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.427604: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:11.427608: | 85 cc 12 ce 95 ec bc 47 0f be d8 19 8a 1e 3d b7 Sep 21 07:25:11.427611: | 46 2e 1c 8d 68 20 f7 b8 3b 27 18 1d 2a fa 99 2c Sep 21 07:25:11.427614: | 08 38 a8 c0 7b Sep 21 07:25:11.427620: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:11.427625: | **parse ISAKMP Message: Sep 21 07:25:11.427629: | initiator cookie: Sep 21 07:25:11.427632: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.427635: | responder cookie: Sep 21 07:25:11.427638: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.427642: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:11.427646: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.427650: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:11.427653: | flags: none (0x0) Sep 21 07:25:11.427657: | Message ID: 0 (0x0) Sep 21 07:25:11.427660: | length: 69 (0x45) Sep 21 07:25:11.427664: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:11.427669: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:11.427675: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:11.427685: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:11.427689: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:11.427696: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:11.427700: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:11.427706: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:25:11.427710: | unpacking clear payload Sep 21 07:25:11.427713: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:11.427718: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:11.427721: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:11.427724: | flags: none (0x0) Sep 21 07:25:11.427728: | length: 41 (0x29) Sep 21 07:25:11.427731: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:11.427738: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:11.427746: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:11.427769: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:11.427773: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:11.427776: | **parse IKEv2 Delete Payload: Sep 21 07:25:11.427780: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.427788: | flags: none (0x0) Sep 21 07:25:11.427791: | length: 12 (0xc) Sep 21 07:25:11.427794: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:11.427796: | SPI size: 4 (0x4) Sep 21 07:25:11.427798: | number of SPIs: 1 (0x1) Sep 21 07:25:11.427800: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:11.427803: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:11.427805: | Now let's proceed with state specific processing Sep 21 07:25:11.427807: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:11.427810: | an informational request should send a response Sep 21 07:25:11.427815: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:11.427818: | **emit ISAKMP Message: Sep 21 07:25:11.427820: | initiator cookie: Sep 21 07:25:11.427822: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.427824: | responder cookie: Sep 21 07:25:11.427826: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.427828: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:11.427830: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.427832: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:11.427835: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:11.427837: | Message ID: 0 (0x0) Sep 21 07:25:11.427840: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:11.427843: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:11.427845: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.427847: | flags: none (0x0) Sep 21 07:25:11.427850: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:11.427852: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:11.427855: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:11.427861: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:11.427864: | SPI a9 c1 7f a2 Sep 21 07:25:11.427866: | delete PROTO_v2_ESP SA(0xa9c17fa2) Sep 21 07:25:11.427869: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:11.427871: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:11.427874: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xa9c17fa2) Sep 21 07:25:11.427877: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:25:11.427880: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:11.427883: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:11.427886: | free_event_entry: release EVENT_SA_REKEY-pe@0x5596586b0c70 Sep 21 07:25:11.427889: | event_schedule: new EVENT_SA_REPLACE-pe@0x5596586b0c70 Sep 21 07:25:11.427894: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:25:11.427899: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:11.427904: | ****emit IKEv2 Delete Payload: Sep 21 07:25:11.427907: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.427911: | flags: none (0x0) Sep 21 07:25:11.427914: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:11.427917: | SPI size: 4 (0x4) Sep 21 07:25:11.427921: | number of SPIs: 1 (0x1) Sep 21 07:25:11.427925: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:11.427929: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:11.427937: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:11.427940: | local SPIs ce a9 d9 04 Sep 21 07:25:11.427943: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:11.427947: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:11.427951: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:11.427956: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:11.427959: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:11.427962: | emitting length of ISAKMP Message: 69 Sep 21 07:25:11.427985: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:11.427990: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.427993: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:11.427996: | 92 7f 15 6f 23 b1 c7 93 df 67 76 bc 45 f5 ea 24 Sep 21 07:25:11.428000: | b2 b5 69 39 2a ed dc 3d 35 d2 71 5a 37 2c 29 9e Sep 21 07:25:11.428003: | a7 2f 4b 38 a9 Sep 21 07:25:11.428051: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:11.428059: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:11.428068: | #1 spent 0.229 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:11.428076: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.428082: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:11.428086: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:11.428093: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:11.428099: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:11.428103: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:11.428110: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:11.428116: | #1 spent 0.506 milliseconds in ikev2_process_packet() Sep 21 07:25:11.428122: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:11.428127: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:11.428131: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:11.428136: | spent 0.526 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:11.428146: | timer_event_cb: processing event@0x5596586b0c70 Sep 21 07:25:11.428150: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:25:11.428157: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:11.428161: | picked newest_ipsec_sa #3 for #3 Sep 21 07:25:11.428165: | replacing stale CHILD SA Sep 21 07:25:11.428170: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:11.428174: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:11.428179: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:11.428185: | creating state object #4 at 0x5596586c4730 Sep 21 07:25:11.428189: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:11.428195: | pstats #4 ikev2.child started Sep 21 07:25:11.428202: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Sep 21 07:25:11.428208: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:11.428217: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:11.428224: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:11.428230: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:11.428236: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:11.428254: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:11.428263: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:25:11.428267: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fb928002b20 Sep 21 07:25:11.428272: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:25:11.428276: | libevent_malloc: new ptr-libevent@0x7fb91c001ef0 size 128 Sep 21 07:25:11.428283: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:11.428287: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5596586b5f10 Sep 21 07:25:11.428292: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:25:11.428296: | libevent_malloc: new ptr-libevent@0x7fb928006900 size 128 Sep 21 07:25:11.428300: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:11.428304: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5596586b0c70 Sep 21 07:25:11.428310: | #3 spent 0.163 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:11.428313: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:11.428320: | timer_event_cb: processing event@0x7fb928002b20 Sep 21 07:25:11.428324: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:25:11.428330: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:11.428337: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:25:11.428340: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5596586b0c70 Sep 21 07:25:11.428345: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:11.428349: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:11.428359: | libevent_free: release ptr-libevent@0x7fb91c001ef0 Sep 21 07:25:11.428363: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fb928002b20 Sep 21 07:25:11.428364: | crypto helper 0 resuming Sep 21 07:25:11.428393: | crypto helper 0 starting work-order 5 for state #4 Sep 21 07:25:11.428398: | crypto helper 0 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:25:11.429375: | crypto helper 0 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000978 seconds Sep 21 07:25:11.429386: | (#4) spent 0.984 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:11.429389: | crypto helper 0 sending results from work-order 5 for state #4 to event queue Sep 21 07:25:11.429392: | scheduling resume sending helper answer for #4 Sep 21 07:25:11.429395: | libevent_malloc: new ptr-libevent@0x7fb920006900 size 128 Sep 21 07:25:11.429402: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:11.428373: | #4 spent 0.0519 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:11.429415: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:11.429419: | timer_event_cb: processing event@0x5596586b5f10 Sep 21 07:25:11.429422: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:25:11.429427: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:11.429430: | picked newest_ipsec_sa #3 for #3 Sep 21 07:25:11.429433: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:11.429435: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:25:11.429438: | pstats #3 ikev2.child deleted completed Sep 21 07:25:11.429441: | #3 spent 3.94 milliseconds in total Sep 21 07:25:11.429446: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.429449: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 3.870s and NOT sending notification Sep 21 07:25:11.429452: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:11.429456: | get_sa_info esp.a9c17fa2@192.1.2.23 Sep 21 07:25:11.429469: | get_sa_info esp.cea9d904@192.1.3.33 Sep 21 07:25:11.429477: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Sep 21 07:25:11.429481: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:11.429654: | running updown command "ipsec _updown" for verb down Sep 21 07:25:11.429660: | command executing down-client Sep 21 07:25:11.429696: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:11.429705: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:11.429725: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050707' PLUTO_ Sep 21 07:25:11.429728: | popen cmd is 1419 chars long Sep 21 07:25:11.429731: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:25:11.429734: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:25:11.429737: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:25:11.429739: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:25:11.429742: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:25:11.429745: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:25:11.429747: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:25:11.429750: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:25:11.429755: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Sep 21 07:25:11.429758: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:25:11.429760: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Sep 21 07:25:11.429763: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Sep 21 07:25:11.429765: | cmd( 960): PLUTO_ADDTIME='1569050707' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Sep 21 07:25:11.429768: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Sep 21 07:25:11.429770: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Sep 21 07:25:11.429773: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Sep 21 07:25:11.429775: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Sep 21 07:25:11.429778: | cmd(1360):no' SPI_IN=0xa9c17fa2 SPI_OUT=0xcea9d904 ipsec _updown 2>&1: Sep 21 07:25:11.445205: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:25:11.445221: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:25:11.445226: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:11.445229: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:11.445278: | delete esp.a9c17fa2@192.1.2.23 Sep 21 07:25:11.445305: | netlink response for Del SA esp.a9c17fa2@192.1.2.23 included non-error error Sep 21 07:25:11.445309: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:11.445316: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:11.445362: | raw_eroute result=success Sep 21 07:25:11.445367: | delete esp.cea9d904@192.1.3.33 Sep 21 07:25:11.445391: | netlink response for Del SA esp.cea9d904@192.1.3.33 included non-error error Sep 21 07:25:11.445397: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:11.445402: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:25:11.445406: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:11.445427: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.445438: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:11.445441: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:25:11.445446: | libevent_free: release ptr-libevent@0x7fb928006900 Sep 21 07:25:11.445449: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5596586b5f10 Sep 21 07:25:11.445452: | in statetime_stop() and could not find #3 Sep 21 07:25:11.445456: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:11.445476: | spent 0.00302 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:11.445489: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:11.445492: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.445495: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:25:11.445497: | 9a d7 df 1c a4 db fb 68 18 1b 75 ad 15 4c c5 c5 Sep 21 07:25:11.445499: | c3 a4 e8 9a 42 e8 5a 88 f9 d6 16 14 6c c2 18 9f Sep 21 07:25:11.445502: | 7e a7 12 b6 1b Sep 21 07:25:11.445506: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:11.445510: | **parse ISAKMP Message: Sep 21 07:25:11.445513: | initiator cookie: Sep 21 07:25:11.445515: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.445517: | responder cookie: Sep 21 07:25:11.445520: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.445523: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:11.445529: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.445532: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:11.445535: | flags: none (0x0) Sep 21 07:25:11.445537: | Message ID: 1 (0x1) Sep 21 07:25:11.445539: | length: 69 (0x45) Sep 21 07:25:11.445542: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:11.445546: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:11.445550: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:11.445556: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:11.445559: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:11.445563: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:11.445567: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:11.445572: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:25:11.445574: | unpacking clear payload Sep 21 07:25:11.445577: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:11.445580: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:11.445582: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:11.445585: | flags: none (0x0) Sep 21 07:25:11.445587: | length: 41 (0x29) Sep 21 07:25:11.445590: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:11.445594: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:11.445597: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:11.445613: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:11.445616: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:11.445619: | **parse IKEv2 Delete Payload: Sep 21 07:25:11.445622: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.445624: | flags: none (0x0) Sep 21 07:25:11.445626: | length: 12 (0xc) Sep 21 07:25:11.445629: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:11.445631: | SPI size: 4 (0x4) Sep 21 07:25:11.445633: | number of SPIs: 1 (0x1) Sep 21 07:25:11.445636: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:11.445639: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:11.445641: | Now let's proceed with state specific processing Sep 21 07:25:11.445644: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:11.445648: | an informational request should send a response Sep 21 07:25:11.445654: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:11.445658: | **emit ISAKMP Message: Sep 21 07:25:11.445660: | initiator cookie: Sep 21 07:25:11.445663: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.445665: | responder cookie: Sep 21 07:25:11.445667: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.445670: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:11.445672: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.445675: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:11.445677: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:11.445680: | Message ID: 1 (0x1) Sep 21 07:25:11.445683: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:11.445686: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:11.445688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.445690: | flags: none (0x0) Sep 21 07:25:11.445693: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:11.445696: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:11.445702: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:11.445713: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:11.445716: | SPI c8 a3 79 05 Sep 21 07:25:11.445718: | delete PROTO_v2_ESP SA(0xc8a37905) Sep 21 07:25:11.445721: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:11.445724: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:11.445727: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xc8a37905) Sep 21 07:25:11.445730: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:25:11.445733: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:11.445736: | libevent_free: release ptr-libevent@0x5596586cf920 Sep 21 07:25:11.445739: | free_event_entry: release EVENT_SA_REKEY-pe@0x5596586add20 Sep 21 07:25:11.445742: | event_schedule: new EVENT_SA_REPLACE-pe@0x5596586b5f10 Sep 21 07:25:11.445745: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:25:11.445748: | libevent_malloc: new ptr-libevent@0x5596586cf920 size 128 Sep 21 07:25:11.445752: | ****emit IKEv2 Delete Payload: Sep 21 07:25:11.445755: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.445758: | flags: none (0x0) Sep 21 07:25:11.445760: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:11.445762: | SPI size: 4 (0x4) Sep 21 07:25:11.445764: | number of SPIs: 1 (0x1) Sep 21 07:25:11.445767: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:11.445770: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:11.445773: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:11.445775: | local SPIs 55 9b 23 61 Sep 21 07:25:11.445778: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:11.445780: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:11.445788: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:11.445794: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:11.445796: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:11.445798: | emitting length of ISAKMP Message: 69 Sep 21 07:25:11.445811: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:11.445814: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.445816: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:25:11.445818: | c1 c6 6a 99 b0 60 91 53 23 af 4f 09 e2 5b 2d 1c Sep 21 07:25:11.445820: | f6 2b a1 f5 3b 4a ba ba 06 0b af 7a 64 9f 10 ce Sep 21 07:25:11.445822: | 89 20 dd 62 57 Sep 21 07:25:11.445871: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:11.445877: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:11.445883: | #1 spent 0.203 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:11.445888: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.445892: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:11.445895: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:25:11.445899: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:11.445906: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:11.445909: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:11.445914: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:11.445918: | #1 spent 0.407 milliseconds in ikev2_process_packet() Sep 21 07:25:11.445922: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:11.445925: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:11.445928: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:11.445932: | spent 0.421 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:11.445939: | processing resume sending helper answer for #4 Sep 21 07:25:11.445944: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:11.445948: | crypto helper 0 replies to request ID 5 Sep 21 07:25:11.445951: | calling continuation function 0x559656c5e630 Sep 21 07:25:11.445954: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:25:11.445957: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:11.445960: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:11.445963: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5596586b0c70 Sep 21 07:25:11.445966: | event_schedule: new EVENT_SA_REPLACE-pe@0x5596586b0c70 Sep 21 07:25:11.445970: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:25:11.445972: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:11.445977: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:11.445980: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:11.445983: | libevent_malloc: new ptr-libevent@0x7fb928006900 size 128 Sep 21 07:25:11.445988: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.445991: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:25:11.445993: | suspending state #4 and saving MD Sep 21 07:25:11.445996: | #4 is busy; has a suspended MD Sep 21 07:25:11.446000: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:11.446004: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:11.446008: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:25:11.446013: | #4 spent 0.064 milliseconds in resume sending helper answer Sep 21 07:25:11.446019: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:11.446022: | libevent_free: release ptr-libevent@0x7fb920006900 Sep 21 07:25:11.446024: | processing signal PLUTO_SIGCHLD Sep 21 07:25:11.446029: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:11.446033: | spent 0.00496 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:11.446039: | timer_event_cb: processing event@0x5596586b5f10 Sep 21 07:25:11.446042: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:25:11.446046: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:11.446050: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:11.446052: | replacing stale CHILD SA Sep 21 07:25:11.446056: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:11.446058: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:11.446064: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:11.446070: | creating state object #5 at 0x5596586c6e30 Sep 21 07:25:11.446072: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:25:11.446076: | pstats #5 ikev2.child started Sep 21 07:25:11.446079: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Sep 21 07:25:11.446083: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:11.446088: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:11.446091: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:11.446096: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:11.446100: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:11.446104: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:11.446108: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:11.446111: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Sep 21 07:25:11.446116: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:11.446123: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:11.446126: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:11.446130: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:11.446133: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:11.446138: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:11.446141: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:11.446145: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:11.446153: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:11.446159: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:25:11.446162: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fb920002b20 Sep 21 07:25:11.446166: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Sep 21 07:25:11.446168: | libevent_malloc: new ptr-libevent@0x7fb920006900 size 128 Sep 21 07:25:11.446173: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:11.446176: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5596586b6bd0 Sep 21 07:25:11.446179: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:25:11.446181: | libevent_malloc: new ptr-libevent@0x7fb91c001ef0 size 128 Sep 21 07:25:11.446184: | libevent_free: release ptr-libevent@0x5596586cf920 Sep 21 07:25:11.446186: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5596586b5f10 Sep 21 07:25:11.446191: | #2 spent 0.15 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:11.446193: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:11.446196: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:11.446200: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:11.446208: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:11.446212: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:11.446216: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:11.446220: | **emit ISAKMP Message: Sep 21 07:25:11.446223: | initiator cookie: Sep 21 07:25:11.446225: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.446227: | responder cookie: Sep 21 07:25:11.446229: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.446231: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:11.446234: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.446236: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:11.446239: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:11.446241: | Message ID: 3 (0x3) Sep 21 07:25:11.446243: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:11.446246: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:11.446249: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.446251: | flags: none (0x0) Sep 21 07:25:11.446254: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:11.446257: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.446260: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:11.446277: | netlink_get_spi: allocated 0x5200fe47 for esp.0@192.1.3.33 Sep 21 07:25:11.446281: | Emitting ikev2_proposals ... Sep 21 07:25:11.446283: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:11.446286: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.446288: | flags: none (0x0) Sep 21 07:25:11.446291: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:11.446294: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.446296: | discarding INTEG=NONE Sep 21 07:25:11.446299: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.446301: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.446304: | prop #: 1 (0x1) Sep 21 07:25:11.446306: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.446309: | spi size: 4 (0x4) Sep 21 07:25:11.446311: | # transforms: 3 (0x3) Sep 21 07:25:11.446313: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.446316: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.446319: | our spi 52 00 fe 47 Sep 21 07:25:11.446322: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446327: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.446329: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:11.446332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446335: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.446337: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.446340: | length/value: 256 (0x100) Sep 21 07:25:11.446343: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.446345: | discarding INTEG=NONE Sep 21 07:25:11.446347: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.446357: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.446360: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446363: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446365: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446368: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446370: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.446373: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.446375: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.446378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446384: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446386: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:11.446389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.446391: | discarding INTEG=NONE Sep 21 07:25:11.446394: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.446396: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.446399: | prop #: 2 (0x2) Sep 21 07:25:11.446401: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.446404: | spi size: 4 (0x4) Sep 21 07:25:11.446406: | # transforms: 3 (0x3) Sep 21 07:25:11.446409: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.446412: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.446415: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.446417: | our spi 52 00 fe 47 Sep 21 07:25:11.446420: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446425: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.446427: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:11.446430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446432: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.446435: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.446438: | length/value: 128 (0x80) Sep 21 07:25:11.446440: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.446442: | discarding INTEG=NONE Sep 21 07:25:11.446445: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446448: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446450: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.446453: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.446456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446461: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446463: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446466: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.446468: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.446471: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.446475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446481: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446484: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:11.446486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.446489: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.446491: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.446493: | prop #: 3 (0x3) Sep 21 07:25:11.446496: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.446498: | spi size: 4 (0x4) Sep 21 07:25:11.446500: | # transforms: 5 (0x5) Sep 21 07:25:11.446503: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.446506: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.446509: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.446512: | our spi 52 00 fe 47 Sep 21 07:25:11.446514: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446518: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.446521: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:11.446524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446526: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.446529: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.446531: | length/value: 256 (0x100) Sep 21 07:25:11.446533: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.446536: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446540: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.446543: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:11.446546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446551: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446553: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446558: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.446561: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:11.446564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446569: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446571: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.446579: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.446581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446588: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446590: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446592: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.446595: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.446597: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.446599: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446605: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446607: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:11.446610: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.446612: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.446615: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:11.446617: | prop #: 4 (0x4) Sep 21 07:25:11.446619: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.446621: | spi size: 4 (0x4) Sep 21 07:25:11.446623: | # transforms: 5 (0x5) Sep 21 07:25:11.446626: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.446629: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.446632: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.446634: | our spi 52 00 fe 47 Sep 21 07:25:11.446637: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446641: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.446644: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:11.446646: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446649: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.446652: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.446654: | length/value: 128 (0x80) Sep 21 07:25:11.446656: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.446659: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446663: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.446666: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:11.446669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446674: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446676: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446681: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.446683: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:11.446686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446693: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446695: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446700: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.446702: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.446705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446711: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446713: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.446715: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.446718: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.446720: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.446723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.446725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.446728: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.446730: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:11.446733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.446735: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:25:11.446738: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:11.446741: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:25:11.446744: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:25:11.446750: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.446753: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:25:11.447334: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:25:11.447350: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:11.447356: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:11.447363: | #1 spent 0.646 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:11.447367: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:11.447372: | libevent_free: release ptr-libevent@0x7fb928006900 Sep 21 07:25:11.447380: | timer_event_cb: processing event@0x7fb920002b20 Sep 21 07:25:11.447384: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Sep 21 07:25:11.447388: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:11.447394: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Sep 21 07:25:11.447397: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5596586b5f10 Sep 21 07:25:11.447401: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:25:11.447404: | libevent_malloc: new ptr-libevent@0x7fb928006900 size 128 Sep 21 07:25:11.447414: | libevent_free: release ptr-libevent@0x7fb920006900 Sep 21 07:25:11.447418: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fb920002b20 Sep 21 07:25:11.447419: | crypto helper 3 resuming Sep 21 07:25:11.447422: | #5 spent 0.041 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:11.447433: | crypto helper 3 starting work-order 6 for state #5 Sep 21 07:25:11.447441: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:11.447448: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Sep 21 07:25:11.447450: | timer_event_cb: processing event@0x5596586b6bd0 Sep 21 07:25:11.447456: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:25:11.447460: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:11.447464: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:11.447466: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:11.447469: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:25:11.447472: | pstats #2 ikev2.child deleted completed Sep 21 07:25:11.447478: | #2 spent 7.04 milliseconds in total Sep 21 07:25:11.447482: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.447485: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 4.338s and NOT sending notification Sep 21 07:25:11.447487: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:11.447492: | get_sa_info esp.c8a37905@192.1.2.23 Sep 21 07:25:11.447505: | get_sa_info esp.559b2361@192.1.3.33 Sep 21 07:25:11.447512: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:25:11.447516: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:11.447654: | running updown command "ipsec _updown" for verb down Sep 21 07:25:11.447660: | command executing down-client Sep 21 07:25:11.447696: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:11.447704: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:11.447725: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050707' PLUTO_CO Sep 21 07:25:11.447728: | popen cmd is 1417 chars long Sep 21 07:25:11.447731: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:25:11.447733: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:25:11.447736: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:25:11.447738: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:25:11.447741: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:25:11.447743: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Sep 21 07:25:11.447746: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:25:11.447751: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:25:11.447753: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:25:11.447756: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:25:11.447758: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:25:11.447761: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:25:11.447763: | cmd( 960):LUTO_ADDTIME='1569050707' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Sep 21 07:25:11.447766: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Sep 21 07:25:11.447768: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Sep 21 07:25:11.447770: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Sep 21 07:25:11.447773: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Sep 21 07:25:11.447775: | cmd(1360):' SPI_IN=0xc8a37905 SPI_OUT=0x559b2361 ipsec _updown 2>&1: Sep 21 07:25:11.448274: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000826 seconds Sep 21 07:25:11.448285: | (#5) spent 0.83 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:11.448288: | crypto helper 3 sending results from work-order 6 for state #5 to event queue Sep 21 07:25:11.448290: | scheduling resume sending helper answer for #5 Sep 21 07:25:11.448292: | libevent_malloc: new ptr-libevent@0x7fb914006900 size 128 Sep 21 07:25:11.448296: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:11.457698: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:11.457714: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:11.457718: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:11.457721: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:11.457763: | delete esp.c8a37905@192.1.2.23 Sep 21 07:25:11.457799: | netlink response for Del SA esp.c8a37905@192.1.2.23 included non-error error Sep 21 07:25:11.457806: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:11.457813: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:11.457858: | raw_eroute result=success Sep 21 07:25:11.457863: | delete esp.559b2361@192.1.3.33 Sep 21 07:25:11.457886: | netlink response for Del SA esp.559b2361@192.1.3.33 included non-error error Sep 21 07:25:11.457892: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:25:11.457896: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:11.457901: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:11.457908: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.457914: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:11.457917: | can't expire unused IKE SA #1; it has the child #5 Sep 21 07:25:11.457922: | libevent_free: release ptr-libevent@0x7fb91c001ef0 Sep 21 07:25:11.457992: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5596586b6bd0 Sep 21 07:25:11.457999: | in statetime_stop() and could not find #2 Sep 21 07:25:11.458003: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:11.458019: | processing resume sending helper answer for #5 Sep 21 07:25:11.458025: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:11.458033: | crypto helper 3 replies to request ID 6 Sep 21 07:25:11.458036: | calling continuation function 0x559656c5e630 Sep 21 07:25:11.458040: | ikev2_child_outI_continue for #5 STATE_V2_REKEY_CHILD_I0 Sep 21 07:25:11.458044: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:11.458047: | libevent_free: release ptr-libevent@0x7fb928006900 Sep 21 07:25:11.458050: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5596586b5f10 Sep 21 07:25:11.458054: | event_schedule: new EVENT_SA_REPLACE-pe@0x5596586cdeb0 Sep 21 07:25:11.458058: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #5 Sep 21 07:25:11.458061: | libevent_malloc: new ptr-libevent@0x7fb928006900 size 128 Sep 21 07:25:11.458067: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:11.458070: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:11.458073: | libevent_malloc: new ptr-libevent@0x7fb91c001ef0 size 128 Sep 21 07:25:11.458079: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.458083: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:25:11.458086: | suspending state #5 and saving MD Sep 21 07:25:11.458088: | #5 is busy; has a suspended MD Sep 21 07:25:11.458093: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:11.458097: | "northnet-eastnets/0x1" #5 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:11.458100: | resume sending helper answer for #5 suppresed complete_v2_state_transition() Sep 21 07:25:11.458107: | #5 spent 0.0722 milliseconds in resume sending helper answer Sep 21 07:25:11.458112: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:11.458115: | libevent_free: release ptr-libevent@0x7fb914006900 Sep 21 07:25:11.458118: | processing signal PLUTO_SIGCHLD Sep 21 07:25:11.458122: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:11.458126: | spent 0.00489 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:11.458130: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:11.458135: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:11.458140: | Message ID: #1.#5 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:11.458144: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:11.458148: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:11.458154: | **emit ISAKMP Message: Sep 21 07:25:11.458156: | initiator cookie: Sep 21 07:25:11.458158: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.458160: | responder cookie: Sep 21 07:25:11.458162: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.458164: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:11.458167: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.458169: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:11.458172: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:11.458175: | Message ID: 3 (0x3) Sep 21 07:25:11.458178: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:11.458181: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:11.458183: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.458186: | flags: none (0x0) Sep 21 07:25:11.458189: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:11.458194: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.458197: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:11.458220: | netlink_get_spi: allocated 0x5b8dfec9 for esp.0@192.1.3.33 Sep 21 07:25:11.458223: | Emitting ikev2_proposals ... Sep 21 07:25:11.458226: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:11.458228: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.458230: | flags: none (0x0) Sep 21 07:25:11.458233: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:11.458236: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.458239: | discarding INTEG=NONE Sep 21 07:25:11.458241: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.458244: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.458246: | prop #: 1 (0x1) Sep 21 07:25:11.458248: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.458250: | spi size: 4 (0x4) Sep 21 07:25:11.458252: | # transforms: 3 (0x3) Sep 21 07:25:11.458255: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.458258: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.458260: | our spi 5b 8d fe c9 Sep 21 07:25:11.458263: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458267: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.458269: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:11.458272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458275: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.458277: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.458279: | length/value: 256 (0x100) Sep 21 07:25:11.458282: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.458284: | discarding INTEG=NONE Sep 21 07:25:11.458287: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458289: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458291: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.458294: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.458296: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458301: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458304: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458306: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.458308: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.458310: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.458313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458316: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458318: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458320: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:11.458323: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.458328: | discarding INTEG=NONE Sep 21 07:25:11.458330: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.458333: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.458334: | prop #: 2 (0x2) Sep 21 07:25:11.458337: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.458339: | spi size: 4 (0x4) Sep 21 07:25:11.458341: | # transforms: 3 (0x3) Sep 21 07:25:11.458344: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.458347: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.458350: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.458352: | our spi 5b 8d fe c9 Sep 21 07:25:11.458354: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458359: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.458362: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:11.458364: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458367: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.458369: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.458372: | length/value: 128 (0x80) Sep 21 07:25:11.458374: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.458377: | discarding INTEG=NONE Sep 21 07:25:11.458379: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.458386: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.458390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458400: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458404: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458407: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.458410: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.458413: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.458417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458428: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458431: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:11.458436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.458441: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.458444: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.458446: | prop #: 3 (0x3) Sep 21 07:25:11.458448: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.458450: | spi size: 4 (0x4) Sep 21 07:25:11.458452: | # transforms: 5 (0x5) Sep 21 07:25:11.458455: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.458458: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.458461: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.458464: | our spi 5b 8d fe c9 Sep 21 07:25:11.458468: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458472: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.458475: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:11.458477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458480: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.458482: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.458484: | length/value: 256 (0x100) Sep 21 07:25:11.458487: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.458489: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458494: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.458496: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:11.458499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458504: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458506: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458510: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.458512: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:11.458515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458518: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458520: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458522: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458524: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458526: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.458528: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.458531: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458536: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458538: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458541: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.458543: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.458545: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.458548: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458551: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458553: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458555: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:11.458558: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.458560: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.458562: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:11.458564: | prop #: 4 (0x4) Sep 21 07:25:11.458566: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:11.458570: | spi size: 4 (0x4) Sep 21 07:25:11.458573: | # transforms: 5 (0x5) Sep 21 07:25:11.458576: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.458578: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.458581: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:11.458584: | our spi 5b 8d fe c9 Sep 21 07:25:11.458586: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458588: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458591: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.458593: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:11.458596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458598: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.458601: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.458603: | length/value: 128 (0x80) Sep 21 07:25:11.458606: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.458609: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458614: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.458616: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:11.458619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458625: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458627: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458632: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.458635: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:11.458638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458644: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458646: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.458654: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.458657: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458663: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458665: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.458668: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.458670: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:11.458673: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:11.458676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.458679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.458682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.458686: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:11.458689: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.458692: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:25:11.458695: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:11.458698: "northnet-eastnets/0x1" #5: CHILD SA to rekey #2 vanished abort this exchange Sep 21 07:25:11.458700: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:25:11.458705: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.458707: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:25:11.458765: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:25:11.458775: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:11.458782: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:11.458807: | #1 spent 0.649 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:11.458813: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:11.458818: | libevent_free: release ptr-libevent@0x7fb91c001ef0 Sep 21 07:25:11.459881: | spent 0.00239 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:11.459902: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:11.459904: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.459906: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:25:11.459908: | 8a 67 2a 71 77 a8 ee 00 2b 50 75 96 b9 f4 6f 26 Sep 21 07:25:11.459909: | cb 7e 78 af 0a a8 2d 04 4d ad ba 39 6a 21 7c 27 Sep 21 07:25:11.459910: | 02 Sep 21 07:25:11.459913: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:11.459915: | **parse ISAKMP Message: Sep 21 07:25:11.459917: | initiator cookie: Sep 21 07:25:11.459918: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.459920: | responder cookie: Sep 21 07:25:11.459921: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.459923: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:11.459925: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.459926: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:11.459928: | flags: none (0x0) Sep 21 07:25:11.459930: | Message ID: 2 (0x2) Sep 21 07:25:11.459931: | length: 65 (0x41) Sep 21 07:25:11.459933: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:11.459935: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:11.459938: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:11.459942: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:11.459944: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:11.459947: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:11.459949: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:25:11.459952: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:25:11.459953: | unpacking clear payload Sep 21 07:25:11.459955: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:11.459957: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:11.459959: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:11.459964: | flags: none (0x0) Sep 21 07:25:11.459965: | length: 37 (0x25) Sep 21 07:25:11.459967: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:11.459970: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:11.459972: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:11.459984: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:11.459986: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:11.459988: | **parse IKEv2 Delete Payload: Sep 21 07:25:11.459990: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.459991: | flags: none (0x0) Sep 21 07:25:11.459993: | length: 8 (0x8) Sep 21 07:25:11.459995: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:11.459997: | SPI size: 0 (0x0) Sep 21 07:25:11.459999: | number of SPIs: 0 (0x0) Sep 21 07:25:11.460001: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:11.460004: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:11.460007: | Now let's proceed with state specific processing Sep 21 07:25:11.460009: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:11.460012: | an informational request should send a response Sep 21 07:25:11.460017: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:11.460021: | **emit ISAKMP Message: Sep 21 07:25:11.460023: | initiator cookie: Sep 21 07:25:11.460025: | 9e f0 dc 87 3c 6f c0 43 Sep 21 07:25:11.460027: | responder cookie: Sep 21 07:25:11.460029: | 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.460032: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:11.460035: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.460037: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:11.460040: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:11.460042: | Message ID: 2 (0x2) Sep 21 07:25:11.460045: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:11.460048: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:11.460050: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.460053: | flags: none (0x0) Sep 21 07:25:11.460055: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:11.460058: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:11.460061: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:11.460067: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:11.460070: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:11.460073: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:11.460076: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:11.460078: | emitting length of ISAKMP Message: 57 Sep 21 07:25:11.460090: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:11.460093: | 9e f0 dc 87 3c 6f c0 43 3c e7 fa 06 4d 25 7b d7 Sep 21 07:25:11.460095: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:25:11.460097: | 58 88 44 05 28 c6 08 0c 6a 1b ce 8c 98 6c 99 93 Sep 21 07:25:11.460099: | a3 a3 d7 96 6b c0 58 6e ca Sep 21 07:25:11.460132: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:25:11.460137: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:25:11.460144: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:11.460147: | pstats #5 ikev2.child deleted other Sep 21 07:25:11.460150: | #5 spent 0.943 milliseconds in total Sep 21 07:25:11.460153: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.460156: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.460159: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.014s and NOT sending notification Sep 21 07:25:11.460160: | child state #5: CHILDSA_DEL(informational) => delete Sep 21 07:25:11.460162: | state #5 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:11.460165: | libevent_free: release ptr-libevent@0x7fb928006900 Sep 21 07:25:11.460167: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5596586cdeb0 Sep 21 07:25:11.460170: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:11.460174: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:11.460184: | raw_eroute result=success Sep 21 07:25:11.460187: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:25:11.460188: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:25:11.460190: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:11.460200: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.460203: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.460206: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:11.460208: | pstats #4 ikev2.child deleted other Sep 21 07:25:11.460210: | #4 spent 1.1 milliseconds in total Sep 21 07:25:11.460212: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.460215: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.460217: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.032s and NOT sending notification Sep 21 07:25:11.460218: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:25:11.460220: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:11.460222: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:11.460223: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5596586b0c70 Sep 21 07:25:11.460225: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:11.460229: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:11.460236: | raw_eroute result=success Sep 21 07:25:11.460238: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:11.460239: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:25:11.460241: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:11.460248: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.460251: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.460253: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:11.460255: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:11.460257: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:11.460259: | #1 spent 31.9 milliseconds in total Sep 21 07:25:11.460261: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.460263: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 4.360s and NOT sending notification Sep 21 07:25:11.460267: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:11.460323: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:11.460329: | libevent_free: release ptr-libevent@0x5596586a2ed0 Sep 21 07:25:11.460333: | free_event_entry: release EVENT_SA_REKEY-pe@0x5596586b6080 Sep 21 07:25:11.460337: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:11.460340: | picked newest_isakmp_sa #0 for #1 Sep 21 07:25:11.460343: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:11.460347: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Sep 21 07:25:11.460351: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:25:11.460355: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:11.460358: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:11.460362: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:11.460376: | unreference key: 0x5596586ca430 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Sep 21 07:25:11.460392: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.460405: | unreference key: 0x5596586ca430 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:11.460411: | unreference key: 0x5596586be970 user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:11.460416: | unreference key: 0x5596586ce230 @east.testing.libreswan.org cnt 1-- Sep 21 07:25:11.460421: | unreference key: 0x5596586c07e0 east@testing.libreswan.org cnt 1-- Sep 21 07:25:11.460426: | unreference key: 0x55965867dbc0 192.1.2.23 cnt 1-- Sep 21 07:25:11.460441: | in statetime_stop() and could not find #1 Sep 21 07:25:11.460445: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.460448: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:11.460450: | STF_OK but no state object remains Sep 21 07:25:11.460452: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:11.460453: | in statetime_stop() and could not find #1 Sep 21 07:25:11.460456: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:11.460458: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:11.460460: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:11.460463: | spent 0.55 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:11.460468: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:25:11.460470: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:25:11.460472: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:11.460475: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:11.460477: | connection 'northnet-eastnets/0x2' +POLICY_UP Sep 21 07:25:11.460479: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:11.460481: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:11.460486: | creating state object #6 at 0x5596586c6e30 Sep 21 07:25:11.460488: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:25:11.460493: | pstats #6 ikev2.ike started Sep 21 07:25:11.460495: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:11.460497: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:11.460501: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:11.460506: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:11.460509: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:11.460511: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:11.460513: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Sep 21 07:25:11.460516: "northnet-eastnets/0x2" #6: initiating v2 parent SA Sep 21 07:25:11.460526: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:11.460530: | adding ikev2_outI1 KE work-order 7 for state #6 Sep 21 07:25:11.460533: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb914002b20 Sep 21 07:25:11.460535: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:25:11.460537: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:11.460547: | #6 spent 0.0689 milliseconds in ikev2_parent_outI1() Sep 21 07:25:11.460548: | crypto helper 4 resuming Sep 21 07:25:11.460558: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:11.460561: | crypto helper 4 starting work-order 7 for state #6 Sep 21 07:25:11.460569: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Sep 21 07:25:11.460562: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:11.460583: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:11.460590: | spent 0.113 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:25:11.461291: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000722 seconds Sep 21 07:25:11.461303: | (#6) spent 0.724 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Sep 21 07:25:11.461306: | crypto helper 4 sending results from work-order 7 for state #6 to event queue Sep 21 07:25:11.461309: | scheduling resume sending helper answer for #6 Sep 21 07:25:11.461312: | libevent_malloc: new ptr-libevent@0x7fb918006900 size 128 Sep 21 07:25:11.461319: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:11.461326: | processing resume sending helper answer for #6 Sep 21 07:25:11.461334: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:11.461337: | crypto helper 4 replies to request ID 7 Sep 21 07:25:11.461339: | calling continuation function 0x559656c5e630 Sep 21 07:25:11.461341: | ikev2_parent_outI1_continue for #6 Sep 21 07:25:11.461345: | **emit ISAKMP Message: Sep 21 07:25:11.461347: | initiator cookie: Sep 21 07:25:11.461348: | 17 02 b6 8c 85 28 86 24 Sep 21 07:25:11.461349: | responder cookie: Sep 21 07:25:11.461351: | 00 00 00 00 00 00 00 00 Sep 21 07:25:11.461353: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:11.461355: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:11.461356: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:11.461358: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:11.461360: | Message ID: 0 (0x0) Sep 21 07:25:11.461366: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:11.461376: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:11.461378: | Emitting ikev2_proposals ... Sep 21 07:25:11.461380: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:11.461382: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.461383: | flags: none (0x0) Sep 21 07:25:11.461386: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:11.461387: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.461389: | discarding INTEG=NONE Sep 21 07:25:11.461391: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.461392: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.461394: | prop #: 1 (0x1) Sep 21 07:25:11.461395: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:11.461397: | spi size: 0 (0x0) Sep 21 07:25:11.461398: | # transforms: 11 (0xb) Sep 21 07:25:11.461400: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.461402: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461405: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.461406: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:11.461408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461410: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.461412: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.461413: | length/value: 256 (0x100) Sep 21 07:25:11.461415: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.461416: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461418: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461419: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461421: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:11.461423: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461426: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461428: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461429: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461431: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461432: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:11.461434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461437: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461439: | discarding INTEG=NONE Sep 21 07:25:11.461441: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461442: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461444: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461445: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.461447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461449: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461450: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461452: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461454: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461456: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:11.461458: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461461: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461462: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461467: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:11.461468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461471: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461473: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461477: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:11.461479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461482: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461484: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461488: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:11.461490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461493: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461494: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461497: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461498: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:11.461500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461503: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461504: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461506: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461510: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:11.461512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461515: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461516: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461518: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.461519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461521: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:11.461522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461526: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461527: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:11.461529: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.461530: | discarding INTEG=NONE Sep 21 07:25:11.461532: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.461533: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.461535: | prop #: 2 (0x2) Sep 21 07:25:11.461536: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:11.461537: | spi size: 0 (0x0) Sep 21 07:25:11.461539: | # transforms: 11 (0xb) Sep 21 07:25:11.461541: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.461543: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.461544: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461547: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.461548: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:11.461550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461552: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.461553: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.461555: | length/value: 128 (0x80) Sep 21 07:25:11.461556: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.461558: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461561: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461562: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:11.461564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461567: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461569: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461571: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461572: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461574: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:11.461575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461578: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461580: | discarding INTEG=NONE Sep 21 07:25:11.461581: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461584: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461586: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.461587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461590: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461592: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461596: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:11.461598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461601: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461602: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461605: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461607: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:11.461609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461610: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461612: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461613: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461616: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461617: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:11.461619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461622: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461624: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461628: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:11.461630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461634: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461635: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461638: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461640: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:11.461641: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461645: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461646: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461650: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:11.461652: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461654: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461655: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461657: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461658: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.461659: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461661: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:11.461663: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461666: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461667: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:11.461669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.461671: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.461672: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.461673: | prop #: 3 (0x3) Sep 21 07:25:11.461675: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:11.461676: | spi size: 0 (0x0) Sep 21 07:25:11.461678: | # transforms: 13 (0xd) Sep 21 07:25:11.461679: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.461681: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.461683: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461686: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.461687: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:11.461689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461690: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.461692: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.461693: | length/value: 256 (0x100) Sep 21 07:25:11.461695: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.461696: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461700: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461701: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:11.461703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461706: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461707: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461710: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461712: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:11.461713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461717: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461718: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461719: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461721: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.461722: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:11.461724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461727: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461729: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461732: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.461733: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:11.461735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461738: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461739: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461742: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461744: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.461745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461747: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461749: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461750: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461754: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:11.461756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461760: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461761: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461764: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461766: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:11.461768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461771: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461772: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461776: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:11.461778: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461781: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461805: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461809: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461811: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461812: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:11.461814: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461817: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461819: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461822: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461823: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:11.461825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461828: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461829: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461832: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461834: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:11.461835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461839: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461840: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461842: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.461843: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461844: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:11.461846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461850: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461852: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:11.461854: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.461855: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:11.461857: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:11.461858: | prop #: 4 (0x4) Sep 21 07:25:11.461860: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:11.461861: | spi size: 0 (0x0) Sep 21 07:25:11.461862: | # transforms: 13 (0xd) Sep 21 07:25:11.461864: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:11.461866: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:11.461867: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461870: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:11.461872: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:11.461873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461875: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:11.461877: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:11.461878: | length/value: 128 (0x80) Sep 21 07:25:11.461879: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:11.461881: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461882: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461884: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461885: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:11.461887: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461890: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461892: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461894: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:11.461896: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:11.461898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461899: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461901: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461902: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461904: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461905: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.461906: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:11.461908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461911: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461914: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461916: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:11.461918: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:11.461920: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461923: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461924: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461926: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461927: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461928: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.461930: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461933: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461935: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461939: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:11.461941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461944: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461945: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461947: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461948: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461950: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:11.461951: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461953: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461955: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461956: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461959: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461960: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:11.461962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461965: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461967: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461969: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461971: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:11.461973: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461974: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461977: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461978: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461982: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:11.461984: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461987: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461989: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.461990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461991: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.461993: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:11.461995: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.461996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.461998: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.461999: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:11.462001: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:11.462002: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:11.462004: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:11.462005: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:11.462007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:11.462009: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:11.462010: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:11.462012: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:11.462013: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:11.462015: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:11.462016: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:11.462018: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.462019: | flags: none (0x0) Sep 21 07:25:11.462021: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:11.462023: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:11.462025: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.462027: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:11.462029: | ikev2 g^x 5e 91 48 00 7e d3 7f ee 3a af 26 aa 18 ef 9d 57 Sep 21 07:25:11.462030: | ikev2 g^x 81 4d 21 3b 27 06 b1 15 e5 3a f9 ff de 70 dc f5 Sep 21 07:25:11.462032: | ikev2 g^x 92 25 2f e8 54 46 15 bd c7 76 01 23 36 c8 48 1b Sep 21 07:25:11.462033: | ikev2 g^x b1 72 b1 e4 42 87 bd 8e 0f bd 6d 26 76 02 54 6c Sep 21 07:25:11.462034: | ikev2 g^x d7 08 28 db 59 4a 46 22 e8 c4 38 84 a4 a3 12 61 Sep 21 07:25:11.462036: | ikev2 g^x a3 c2 3e 7b d8 45 fc 31 8b fd 28 65 b8 53 b0 13 Sep 21 07:25:11.462037: | ikev2 g^x b9 02 52 5c e6 c7 40 99 bc cc 3f d1 d6 e6 b8 d6 Sep 21 07:25:11.462039: | ikev2 g^x 1f cd 81 83 59 87 bf 3b f3 d5 32 f2 c5 81 68 e3 Sep 21 07:25:11.462041: | ikev2 g^x 0d 2c dc d5 e7 83 1e ea d1 f4 0e 41 1e 46 95 d6 Sep 21 07:25:11.462042: | ikev2 g^x 39 63 26 52 64 48 9b 85 8c 0e 37 b3 97 ae 96 c3 Sep 21 07:25:11.462044: | ikev2 g^x 86 78 40 e9 1d be 8b 31 71 94 3f 4c 1d 98 45 24 Sep 21 07:25:11.462045: | ikev2 g^x 8a f3 01 fd 03 0a 2b 73 a0 98 9e 4b 93 9b 32 b4 Sep 21 07:25:11.462046: | ikev2 g^x ef 6f 82 23 2b 75 a5 c6 dd 73 5a 6f 31 9f 02 ff Sep 21 07:25:11.462048: | ikev2 g^x 8a c5 3e bd 15 a3 0c 1c 38 32 65 94 21 ed 37 5c Sep 21 07:25:11.462049: | ikev2 g^x 47 d2 7f 4c 06 33 8e a6 ec 9a 9e 68 3c 48 a0 30 Sep 21 07:25:11.462051: | ikev2 g^x 64 7e 42 41 4a 0d db f2 ad e1 9f 82 25 5c 65 91 Sep 21 07:25:11.462052: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:11.462054: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:11.462055: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:11.462057: | flags: none (0x0) Sep 21 07:25:11.462058: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:11.462060: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:11.462062: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.462064: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:11.462065: | IKEv2 nonce 56 a7 5f 63 8b 74 45 96 ca a0 b4 73 5c 0d 36 51 Sep 21 07:25:11.462067: | IKEv2 nonce cb cd c6 51 e0 76 ae b6 f5 0f 9c f2 85 61 2f 6e Sep 21 07:25:11.462068: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:11.462070: | Adding a v2N Payload Sep 21 07:25:11.462071: | ***emit IKEv2 Notify Payload: Sep 21 07:25:11.462073: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.462074: | flags: none (0x0) Sep 21 07:25:11.462076: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:11.462077: | SPI size: 0 (0x0) Sep 21 07:25:11.462079: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:11.462081: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:11.462082: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.462084: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:11.462086: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:11.462088: | natd_hash: rcookie is zero Sep 21 07:25:11.462099: | natd_hash: hasher=0x559656d347a0(20) Sep 21 07:25:11.462101: | natd_hash: icookie= 17 02 b6 8c 85 28 86 24 Sep 21 07:25:11.462103: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:11.462104: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:11.462105: | natd_hash: port= 01 f4 Sep 21 07:25:11.462107: | natd_hash: hash= b7 6f d1 44 13 fc 7e e2 03 09 bc a4 a7 f7 0f 1f Sep 21 07:25:11.462108: | natd_hash: hash= 4b 2a 6b 62 Sep 21 07:25:11.462110: | Adding a v2N Payload Sep 21 07:25:11.462111: | ***emit IKEv2 Notify Payload: Sep 21 07:25:11.462113: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.462114: | flags: none (0x0) Sep 21 07:25:11.462116: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:11.462117: | SPI size: 0 (0x0) Sep 21 07:25:11.462119: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:11.462120: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:11.462122: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.462124: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:11.462125: | Notify data b7 6f d1 44 13 fc 7e e2 03 09 bc a4 a7 f7 0f 1f Sep 21 07:25:11.462127: | Notify data 4b 2a 6b 62 Sep 21 07:25:11.462128: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:11.462131: | natd_hash: rcookie is zero Sep 21 07:25:11.462135: | natd_hash: hasher=0x559656d347a0(20) Sep 21 07:25:11.462136: | natd_hash: icookie= 17 02 b6 8c 85 28 86 24 Sep 21 07:25:11.462138: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:11.462139: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:11.462140: | natd_hash: port= 01 f4 Sep 21 07:25:11.462142: | natd_hash: hash= 49 a7 58 41 b2 84 c3 3f b9 e7 08 15 90 df 19 63 Sep 21 07:25:11.462143: | natd_hash: hash= 42 dc 06 db Sep 21 07:25:11.462145: | Adding a v2N Payload Sep 21 07:25:11.462146: | ***emit IKEv2 Notify Payload: Sep 21 07:25:11.462147: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:11.462149: | flags: none (0x0) Sep 21 07:25:11.462150: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:11.462152: | SPI size: 0 (0x0) Sep 21 07:25:11.462153: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:11.462155: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:11.462157: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:11.462158: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:11.462160: | Notify data 49 a7 58 41 b2 84 c3 3f b9 e7 08 15 90 df 19 63 Sep 21 07:25:11.462161: | Notify data 42 dc 06 db Sep 21 07:25:11.462163: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:11.462164: | emitting length of ISAKMP Message: 828 Sep 21 07:25:11.462169: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:11.462173: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:11.462176: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:11.462178: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:11.462180: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:11.462182: | Message ID: updating counters for #6 to 4294967295 after switching state Sep 21 07:25:11.462184: | Message ID: IKE #6 skipping update_recv as MD is fake Sep 21 07:25:11.462187: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:11.462189: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:11.462192: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:11.462196: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:25:11.462197: | 17 02 b6 8c 85 28 86 24 00 00 00 00 00 00 00 00 Sep 21 07:25:11.462199: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:11.462200: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:11.462202: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:11.462203: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:11.462204: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:11.462206: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:11.462207: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:11.462208: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:11.462210: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:11.462211: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:11.462213: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:11.462214: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:11.462215: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:11.462217: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:11.462219: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:11.462220: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:11.462222: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:11.462223: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:11.462225: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:11.462226: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:11.462227: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:11.462229: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:11.462230: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:11.462232: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:11.462233: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:11.462235: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:11.462236: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:11.462237: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:11.462239: | 28 00 01 08 00 0e 00 00 5e 91 48 00 7e d3 7f ee Sep 21 07:25:11.462240: | 3a af 26 aa 18 ef 9d 57 81 4d 21 3b 27 06 b1 15 Sep 21 07:25:11.462242: | e5 3a f9 ff de 70 dc f5 92 25 2f e8 54 46 15 bd Sep 21 07:25:11.462243: | c7 76 01 23 36 c8 48 1b b1 72 b1 e4 42 87 bd 8e Sep 21 07:25:11.462244: | 0f bd 6d 26 76 02 54 6c d7 08 28 db 59 4a 46 22 Sep 21 07:25:11.462246: | e8 c4 38 84 a4 a3 12 61 a3 c2 3e 7b d8 45 fc 31 Sep 21 07:25:11.462247: | 8b fd 28 65 b8 53 b0 13 b9 02 52 5c e6 c7 40 99 Sep 21 07:25:11.462248: | bc cc 3f d1 d6 e6 b8 d6 1f cd 81 83 59 87 bf 3b Sep 21 07:25:11.462250: | f3 d5 32 f2 c5 81 68 e3 0d 2c dc d5 e7 83 1e ea Sep 21 07:25:11.462251: | d1 f4 0e 41 1e 46 95 d6 39 63 26 52 64 48 9b 85 Sep 21 07:25:11.462253: | 8c 0e 37 b3 97 ae 96 c3 86 78 40 e9 1d be 8b 31 Sep 21 07:25:11.462254: | 71 94 3f 4c 1d 98 45 24 8a f3 01 fd 03 0a 2b 73 Sep 21 07:25:11.462255: | a0 98 9e 4b 93 9b 32 b4 ef 6f 82 23 2b 75 a5 c6 Sep 21 07:25:11.462257: | dd 73 5a 6f 31 9f 02 ff 8a c5 3e bd 15 a3 0c 1c Sep 21 07:25:11.462258: | 38 32 65 94 21 ed 37 5c 47 d2 7f 4c 06 33 8e a6 Sep 21 07:25:11.462259: | ec 9a 9e 68 3c 48 a0 30 64 7e 42 41 4a 0d db f2 Sep 21 07:25:11.462261: | ad e1 9f 82 25 5c 65 91 29 00 00 24 56 a7 5f 63 Sep 21 07:25:11.462262: | 8b 74 45 96 ca a0 b4 73 5c 0d 36 51 cb cd c6 51 Sep 21 07:25:11.462264: | e0 76 ae b6 f5 0f 9c f2 85 61 2f 6e 29 00 00 08 Sep 21 07:25:11.462265: | 00 00 40 2e 29 00 00 1c 00 00 40 04 b7 6f d1 44 Sep 21 07:25:11.462266: | 13 fc 7e e2 03 09 bc a4 a7 f7 0f 1f 4b 2a 6b 62 Sep 21 07:25:11.462268: | 00 00 00 1c 00 00 40 05 49 a7 58 41 b2 84 c3 3f Sep 21 07:25:11.462269: | b9 e7 08 15 90 df 19 63 42 dc 06 db Sep 21 07:25:11.462329: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:11.462336: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:11.462338: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb914002b20 Sep 21 07:25:11.462340: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:11.462342: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:11.462344: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb914002b20 Sep 21 07:25:11.462347: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Sep 21 07:25:11.462349: | libevent_malloc: new ptr-libevent@0x5596586cf9b0 size 128 Sep 21 07:25:11.462352: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49357.830609 Sep 21 07:25:11.462354: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:11.462359: | #6 spent 0.968 milliseconds in resume sending helper answer Sep 21 07:25:11.462362: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:11.462366: | libevent_free: release ptr-libevent@0x7fb918006900 Sep 21 07:25:11.977940: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:11.977965: shutting down Sep 21 07:25:11.977975: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:11.977979: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:11.977987: destroying root certificate cache Sep 21 07:25:11.978007: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:11.978009: forgetting secrets Sep 21 07:25:11.978013: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:11.978024: | unreference key: 0x5596586ac6c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:11.978030: | unreference key: 0x5596586ac2b0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:11.978034: | unreference key: 0x5596586adbf0 @east.testing.libreswan.org cnt 1-- Sep 21 07:25:11.978038: | unreference key: 0x5596586ab6f0 east@testing.libreswan.org cnt 1-- Sep 21 07:25:11.978043: | unreference key: 0x5596586adb30 192.1.2.23 cnt 1-- Sep 21 07:25:11.978053: | unreference key: 0x5596586a6d00 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:11.978057: | unreference key: 0x5596586a6b30 user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:11.978061: | unreference key: 0x5596586a2b40 @north.testing.libreswan.org cnt 1-- Sep 21 07:25:11.978066: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:25:11.978070: | removing pending policy for no connection {0x5596586b9940} Sep 21 07:25:11.978073: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:11.978075: | pass 0 Sep 21 07:25:11.978077: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:11.978079: | state #6 Sep 21 07:25:11.978083: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:11.978088: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:11.978090: | pstats #6 ikev2.ike deleted other Sep 21 07:25:11.978095: | #6 spent 1.76 milliseconds in total Sep 21 07:25:11.978099: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:11.978102: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.517s and NOT sending notification Sep 21 07:25:11.978105: | parent state #6: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:11.978108: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:11.978111: | #6 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:11.978115: | libevent_free: release ptr-libevent@0x5596586cf9b0 Sep 21 07:25:11.978118: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb914002b20 Sep 21 07:25:11.978121: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:11.978124: | picked newest_isakmp_sa #0 for #6 Sep 21 07:25:11.978126: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:11.978130: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Sep 21 07:25:11.978133: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:25:11.978139: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:11.978142: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:11.978145: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:11.978151: | State DB: deleting IKEv2 state #6 in PARENT_I1 Sep 21 07:25:11.978154: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:11.978166: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:11.978170: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:11.978172: | pass 1 Sep 21 07:25:11.978173: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:11.978177: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:25:11.978181: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:25:11.978183: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:11.978231: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:11.978246: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:11.978252: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:11.978255: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:11.978258: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:11.978261: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:11.978266: | route owner of "northnet-eastnets/0x2" unrouted: NULL Sep 21 07:25:11.978269: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:11.978272: | command executing unroute-client Sep 21 07:25:11.978318: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Sep 21 07:25:11.978322: | popen cmd is 1282 chars long Sep 21 07:25:11.978326: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:11.978329: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:25:11.978333: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:11.978336: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:25:11.978339: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:25:11.978342: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Sep 21 07:25:11.978345: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Sep 21 07:25:11.978348: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Sep 21 07:25:11.978352: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:25:11.978354: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Sep 21 07:25:11.978357: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Sep 21 07:25:11.978358: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:25:11.978362: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:25:11.978364: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:25:11.978365: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:25:11.978367: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Sep 21 07:25:11.978368: | cmd(1280):&1: Sep 21 07:25:12.010923: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.010940: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.010943: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.010953: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.010965: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.010976: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.010989: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011544: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011579: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011607: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011635: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011666: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011694: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011722: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011750: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011777: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011811: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011843: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011870: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011897: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011925: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011953: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.011980: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012008: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012036: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012068: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012099: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012127: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012154: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012180: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012207: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012235: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012502: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012530: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012557: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012584: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012613: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012642: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012673: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012703: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012733: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012771: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012804: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012837: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012867: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012897: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012928: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012957: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.012987: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013015: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013045: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013076: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013105: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013134: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013163: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013193: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013224: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013253: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013282: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013311: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013340: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013371: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013401: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013430: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013460: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013489: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013520: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013549: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013578: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013607: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013638: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013669: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.013699: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014017: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014054: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014084: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014116: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014146: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014234: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014270: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014300: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014333: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014418: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014454: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014484: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014514: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014548: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014578: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014611: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014641: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014671: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014702: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014907: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014948: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.014979: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015008: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015041: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015071: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015100: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015130: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015162: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015193: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015224: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015253: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015283: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015312: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015343: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015373: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015403: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015496: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015530: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.015562: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.039800: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Sep 21 07:25:12.039815: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:12.039828: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:25:12.039831: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:12.039834: | pass 0 Sep 21 07:25:12.039837: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:12.039839: | pass 1 Sep 21 07:25:12.039841: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:12.039849: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:12.039855: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:12.039858: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:12.039905: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:12.039916: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:12.039920: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:12.039985: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:12.039990: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:25:12.039994: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:12.039997: | command executing unroute-client Sep 21 07:25:12.040041: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Sep 21 07:25:12.040049: | popen cmd is 1280 chars long Sep 21 07:25:12.040052: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:12.040055: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:25:12.040057: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:12.040060: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:25:12.040063: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:25:12.040065: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Sep 21 07:25:12.040068: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Sep 21 07:25:12.040071: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Sep 21 07:25:12.040073: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:25:12.040076: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:25:12.040079: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Sep 21 07:25:12.040081: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:25:12.040084: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:25:12.040087: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:25:12.040089: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:25:12.040092: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:12.060524: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060544: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060547: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060556: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060569: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060582: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060596: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060623: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060655: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060683: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060710: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060741: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060768: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060800: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060838: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.060870: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061026: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061032: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061035: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061037: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061040: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061042: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061044: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061046: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061049: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061051: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061053: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061056: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061058: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061060: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061064: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061066: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061304: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061333: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061356: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061365: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061379: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061391: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061403: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061415: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061429: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061442: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061454: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061466: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061478: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061490: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061504: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061525: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061553: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061580: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061611: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061641: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061664: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061678: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061691: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061704: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061718: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061730: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061742: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061753: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061765: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061779: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061803: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061836: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061864: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061893: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061923: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061950: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.061978: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062007: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062030: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062043: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062055: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062067: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062080: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062092: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062106: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062117: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062131: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062143: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062155: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062169: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062181: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062193: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062207: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062219: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062232: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062244: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062257: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062269: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062335: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062340: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062343: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062346: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062348: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062351: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062354: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062357: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062368: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062382: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062395: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062409: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062430: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062459: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062486: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062514: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062543: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062575: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062582: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062602: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062623: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.062636: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:12.080706: | free hp@0x5596586ab7f0 Sep 21 07:25:12.080732: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Sep 21 07:25:12.080740: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:25:12.080776: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:12.080780: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:12.080802: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:12.080810: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:12.080815: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:12.080820: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:25:12.080825: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:12.080829: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:25:12.080836: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:12.080847: | libevent_free: release ptr-libevent@0x5596586a0640 Sep 21 07:25:12.080852: | free_event_entry: release EVENT_NULL-pe@0x559658689ab0 Sep 21 07:25:12.080866: | libevent_free: release ptr-libevent@0x5596586a0730 Sep 21 07:25:12.080871: | free_event_entry: release EVENT_NULL-pe@0x5596586a06f0 Sep 21 07:25:12.080886: | libevent_free: release ptr-libevent@0x5596586a0820 Sep 21 07:25:12.080890: | free_event_entry: release EVENT_NULL-pe@0x5596586a07e0 Sep 21 07:25:12.080899: | libevent_free: release ptr-libevent@0x5596586a0910 Sep 21 07:25:12.080902: | free_event_entry: release EVENT_NULL-pe@0x5596586a08d0 Sep 21 07:25:12.080911: | libevent_free: release ptr-libevent@0x5596586a0a00 Sep 21 07:25:12.080914: | free_event_entry: release EVENT_NULL-pe@0x5596586a09c0 Sep 21 07:25:12.080923: | libevent_free: release ptr-libevent@0x5596586a0af0 Sep 21 07:25:12.080927: | free_event_entry: release EVENT_NULL-pe@0x5596586a0ab0 Sep 21 07:25:12.080934: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:12.081518: | libevent_free: release ptr-libevent@0x55965869fe20 Sep 21 07:25:12.081529: | free_event_entry: release EVENT_NULL-pe@0x5596586889b0 Sep 21 07:25:12.081535: | libevent_free: release ptr-libevent@0x5596586958a0 Sep 21 07:25:12.081539: | free_event_entry: release EVENT_NULL-pe@0x559658688bf0 Sep 21 07:25:12.081544: | libevent_free: release ptr-libevent@0x559658695810 Sep 21 07:25:12.081547: | free_event_entry: release EVENT_NULL-pe@0x55965868e740 Sep 21 07:25:12.081552: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:12.081556: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:12.081559: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:12.081562: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:12.081566: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:12.081569: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:12.081572: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:12.081576: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:12.081580: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:12.081587: | libevent_free: release ptr-libevent@0x5596586a0000 Sep 21 07:25:12.081591: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:12.081595: | libevent_free: release ptr-libevent@0x5596586a00e0 Sep 21 07:25:12.081598: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:12.081603: | libevent_free: release ptr-libevent@0x5596586a01a0 Sep 21 07:25:12.081606: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:12.081610: | libevent_free: release ptr-libevent@0x559658694b10 Sep 21 07:25:12.081614: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:12.081617: | releasing event base Sep 21 07:25:12.081637: | libevent_free: release ptr-libevent@0x5596586a0260 Sep 21 07:25:12.081641: | libevent_free: release ptr-libevent@0x55965863d330 Sep 21 07:25:12.081646: | libevent_free: release ptr-libevent@0x559658683da0 Sep 21 07:25:12.081649: | libevent_free: release ptr-libevent@0x5596586cfaf0 Sep 21 07:25:12.081653: | libevent_free: release ptr-libevent@0x559658683dc0 Sep 21 07:25:12.081657: | libevent_free: release ptr-libevent@0x55965869feb0 Sep 21 07:25:12.081660: | libevent_free: release ptr-libevent@0x5596586a00a0 Sep 21 07:25:12.081664: | libevent_free: release ptr-libevent@0x559658683f60 Sep 21 07:25:12.081667: | libevent_free: release ptr-libevent@0x55965868e6a0 Sep 21 07:25:12.081670: | libevent_free: release ptr-libevent@0x55965868e680 Sep 21 07:25:12.081674: | libevent_free: release ptr-libevent@0x5596586a0b80 Sep 21 07:25:12.081677: | libevent_free: release ptr-libevent@0x5596586a0a90 Sep 21 07:25:12.081680: | libevent_free: release ptr-libevent@0x5596586a09a0 Sep 21 07:25:12.081683: | libevent_free: release ptr-libevent@0x5596586a08b0 Sep 21 07:25:12.081687: | libevent_free: release ptr-libevent@0x5596586a07c0 Sep 21 07:25:12.081690: | libevent_free: release ptr-libevent@0x5596586a06d0 Sep 21 07:25:12.081693: | libevent_free: release ptr-libevent@0x559658683e50 Sep 21 07:25:12.081697: | libevent_free: release ptr-libevent@0x5596586a0180 Sep 21 07:25:12.081700: | libevent_free: release ptr-libevent@0x5596586a00c0 Sep 21 07:25:12.081703: | libevent_free: release ptr-libevent@0x55965869ffe0 Sep 21 07:25:12.081707: | libevent_free: release ptr-libevent@0x5596586a0240 Sep 21 07:25:12.081714: | libevent_free: release ptr-libevent@0x55965869fed0 Sep 21 07:25:12.081718: | libevent_free: release ptr-libevent@0x559658683de0 Sep 21 07:25:12.081721: | libevent_free: release ptr-libevent@0x559658683e10 Sep 21 07:25:12.081724: | libevent_free: release ptr-libevent@0x559658683b00 Sep 21 07:25:12.081728: | releasing global libevent data Sep 21 07:25:12.081732: | libevent_free: release ptr-libevent@0x5596586822f0 Sep 21 07:25:12.081736: | libevent_free: release ptr-libevent@0x559658682320 Sep 21 07:25:12.081740: | libevent_free: release ptr-libevent@0x559658683ad0