Sep 21 07:25:02.518912: FIPS Product: YES Sep 21 07:25:02.518953: FIPS Kernel: NO Sep 21 07:25:02.518956: FIPS Mode: NO Sep 21 07:25:02.518958: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:02.519153: Initializing NSS Sep 21 07:25:02.519158: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:02.577918: NSS initialized Sep 21 07:25:02.577932: NSS crypto library initialized Sep 21 07:25:02.577935: FIPS HMAC integrity support [enabled] Sep 21 07:25:02.577937: FIPS mode disabled for pluto daemon Sep 21 07:25:02.663973: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:02.664077: libcap-ng support [enabled] Sep 21 07:25:02.664088: Linux audit support [enabled] Sep 21 07:25:02.664115: Linux audit activated Sep 21 07:25:02.664119: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17842 Sep 21 07:25:02.664121: core dump dir: /tmp Sep 21 07:25:02.664123: secrets file: /etc/ipsec.secrets Sep 21 07:25:02.664126: leak-detective disabled Sep 21 07:25:02.664127: NSS crypto [enabled] Sep 21 07:25:02.664129: XAUTH PAM support [enabled] Sep 21 07:25:02.664205: | libevent is using pluto's memory allocator Sep 21 07:25:02.664212: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:02.664227: | libevent_malloc: new ptr-libevent@0x55f7d3f9e440 size 40 Sep 21 07:25:02.664230: | libevent_malloc: new ptr-libevent@0x55f7d3f9e470 size 40 Sep 21 07:25:02.664233: | libevent_malloc: new ptr-libevent@0x55f7d3f9fc20 size 40 Sep 21 07:25:02.664235: | creating event base Sep 21 07:25:02.664238: | libevent_malloc: new ptr-libevent@0x55f7d3f9fbe0 size 56 Sep 21 07:25:02.664241: | libevent_malloc: new ptr-libevent@0x55f7d3f9fc50 size 664 Sep 21 07:25:02.664253: | libevent_malloc: new ptr-libevent@0x55f7d3f9fef0 size 24 Sep 21 07:25:02.664257: | libevent_malloc: new ptr-libevent@0x55f7d3f59480 size 384 Sep 21 07:25:02.664266: | libevent_malloc: new ptr-libevent@0x55f7d3f9ff10 size 16 Sep 21 07:25:02.664268: | libevent_malloc: new ptr-libevent@0x55f7d3f9ff30 size 40 Sep 21 07:25:02.664271: | libevent_malloc: new ptr-libevent@0x55f7d3f9ff60 size 48 Sep 21 07:25:02.664278: | libevent_realloc: new ptr-libevent@0x55f7d3f9ffa0 size 256 Sep 21 07:25:02.664280: | libevent_malloc: new ptr-libevent@0x55f7d3fa00b0 size 16 Sep 21 07:25:02.664286: | libevent_free: release ptr-libevent@0x55f7d3f9fbe0 Sep 21 07:25:02.664290: | libevent initialized Sep 21 07:25:02.664294: | libevent_realloc: new ptr-libevent@0x55f7d3fa00d0 size 64 Sep 21 07:25:02.664297: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:02.664312: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:02.664314: NAT-Traversal support [enabled] Sep 21 07:25:02.664317: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:02.664323: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:02.664329: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:02.664363: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:02.664366: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:02.664369: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:02.664419: Encryption algorithms: Sep 21 07:25:02.664429: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:02.664433: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:02.664436: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:02.664440: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:02.664443: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:02.664452: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:02.664457: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:02.664460: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:02.664464: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:02.664467: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:02.664471: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:02.664474: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:02.664478: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:02.664481: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:02.664485: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:02.664488: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:02.664491: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:02.664498: Hash algorithms: Sep 21 07:25:02.664501: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:02.664504: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:02.664507: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:02.664510: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:02.664513: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:02.664525: PRF algorithms: Sep 21 07:25:02.664528: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:02.664531: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:02.664535: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:02.664538: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:02.664541: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:02.664544: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:02.664569: Integrity algorithms: Sep 21 07:25:02.664572: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:02.664576: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:02.664580: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:02.664583: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:02.664587: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:02.664590: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:02.664594: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:02.664597: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:02.664599: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:02.664612: DH algorithms: Sep 21 07:25:02.664615: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:02.664618: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:02.664621: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:02.664626: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:02.664629: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:02.664631: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:02.664634: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:02.664637: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:02.664640: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:02.664643: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:02.664646: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:02.664648: testing CAMELLIA_CBC: Sep 21 07:25:02.664651: Camellia: 16 bytes with 128-bit key Sep 21 07:25:02.664775: Camellia: 16 bytes with 128-bit key Sep 21 07:25:02.664811: Camellia: 16 bytes with 256-bit key Sep 21 07:25:02.664844: Camellia: 16 bytes with 256-bit key Sep 21 07:25:02.664872: testing AES_GCM_16: Sep 21 07:25:02.664875: empty string Sep 21 07:25:02.664903: one block Sep 21 07:25:02.664928: two blocks Sep 21 07:25:02.664953: two blocks with associated data Sep 21 07:25:02.664979: testing AES_CTR: Sep 21 07:25:02.664982: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:02.665010: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:02.665038: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:02.665066: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:02.665092: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:02.665119: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:02.665147: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:02.665173: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:02.665200: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:02.665228: testing AES_CBC: Sep 21 07:25:02.665231: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:02.665257: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:02.665286: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:02.665314: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:02.665350: testing AES_XCBC: Sep 21 07:25:02.665353: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:02.665474: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:02.665607: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:02.665734: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:02.665869: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:02.666000: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:02.666133: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:02.666432: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:02.666563: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:02.666702: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:02.666949: testing HMAC_MD5: Sep 21 07:25:02.666955: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:02.667131: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:02.667288: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:02.667472: 8 CPU cores online Sep 21 07:25:02.667475: starting up 7 crypto helpers Sep 21 07:25:02.667511: started thread for crypto helper 0 Sep 21 07:25:02.667535: started thread for crypto helper 1 Sep 21 07:25:02.667554: started thread for crypto helper 2 Sep 21 07:25:02.667571: started thread for crypto helper 3 Sep 21 07:25:02.667590: started thread for crypto helper 4 Sep 21 07:25:02.667607: started thread for crypto helper 5 Sep 21 07:25:02.667630: started thread for crypto helper 6 Sep 21 07:25:02.667635: | checking IKEv1 state table Sep 21 07:25:02.667642: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667645: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:02.667647: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667650: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:02.667652: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:02.667655: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:02.667657: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:02.667659: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:02.667662: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:02.667664: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:02.667667: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:02.667669: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:02.667671: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:02.667674: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:02.667676: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:02.667678: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:02.667681: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:02.667683: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:02.667685: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:02.667687: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:02.667690: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:02.667692: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667695: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:02.667697: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667700: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667702: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:02.667705: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667707: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:02.667709: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:02.667712: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:02.667714: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:02.667716: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:02.667719: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:02.667721: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667724: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:02.667726: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667729: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:02.667731: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:02.667734: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:02.667736: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:02.667738: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:02.667741: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:02.667743: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:02.667746: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667748: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:02.667751: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667753: | INFO: category: informational flags: 0: Sep 21 07:25:02.667755: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667758: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:02.667760: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667763: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:02.667765: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:02.667768: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:02.667770: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:02.667773: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:02.667775: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:02.667778: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:02.667780: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:02.667803: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:02.667807: | -> UNDEFINED EVENT_NULL Sep 21 07:25:02.667810: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:02.667815: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:02.667818: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:02.667820: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:02.667822: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:02.667825: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:02.667831: | checking IKEv2 state table Sep 21 07:25:02.667836: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:02.667839: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:02.667842: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667845: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:02.667848: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:02.667850: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:02.667854: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:02.667856: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:02.667859: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:02.667861: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:02.667864: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:02.667867: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:02.667869: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:02.667872: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:02.667874: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:02.667877: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:02.667880: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667882: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:02.667885: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:02.667888: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:02.667890: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:02.667893: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:02.667895: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:02.667898: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:02.667900: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:02.667903: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:02.667906: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:02.667908: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:02.667911: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:02.667913: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:02.667916: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:02.667919: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:02.667922: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:02.667925: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:02.667928: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:02.667930: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:02.667933: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:02.667936: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:02.667939: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:02.667944: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:02.667946: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:02.667949: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:02.667952: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:02.667955: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:02.667958: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:02.667960: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:02.667963: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:02.668022: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:02.668078: | Hard-wiring algorithms Sep 21 07:25:02.668081: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:02.668085: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:02.668088: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:02.668090: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:02.668092: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:02.668095: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:02.668097: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:02.668099: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:02.668101: | adding AES_CTR to kernel algorithm db Sep 21 07:25:02.668104: | adding AES_CBC to kernel algorithm db Sep 21 07:25:02.668106: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:02.668108: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:02.668111: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:02.668113: | adding NULL to kernel algorithm db Sep 21 07:25:02.668116: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:02.668118: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:02.668120: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:02.668123: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:02.668125: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:02.668127: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:02.668130: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:02.668132: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:02.668134: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:02.668137: | adding NONE to kernel algorithm db Sep 21 07:25:02.668157: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:02.668163: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:02.668166: | setup kernel fd callback Sep 21 07:25:02.668168: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55f7d3faa890 Sep 21 07:25:02.668172: | libevent_malloc: new ptr-libevent@0x55f7d3fb1960 size 128 Sep 21 07:25:02.668175: | libevent_malloc: new ptr-libevent@0x55f7d3faa7f0 size 16 Sep 21 07:25:02.668181: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55f7d3fa4d40 Sep 21 07:25:02.668183: | libevent_malloc: new ptr-libevent@0x55f7d3fb19f0 size 128 Sep 21 07:25:02.668186: | libevent_malloc: new ptr-libevent@0x55f7d3faa7d0 size 16 Sep 21 07:25:02.668419: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:02.668427: selinux support is enabled. Sep 21 07:25:02.668638: | starting up helper thread 1 Sep 21 07:25:02.668652: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:02.668655: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:02.668670: | starting up helper thread 3 Sep 21 07:25:02.668676: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:02.668678: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:02.668687: | starting up helper thread 5 Sep 21 07:25:02.668692: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:02.668694: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:02.668706: | starting up helper thread 0 Sep 21 07:25:02.668712: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:02.668715: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:02.668722: | starting up helper thread 2 Sep 21 07:25:02.668728: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:02.668730: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:02.668795: | starting up helper thread 6 Sep 21 07:25:02.668806: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:02.668809: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:02.668902: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:02.669075: | unbound context created - setting debug level to 5 Sep 21 07:25:02.669109: | /etc/hosts lookups activated Sep 21 07:25:02.669124: | /etc/resolv.conf usage activated Sep 21 07:25:02.669189: | outgoing-port-avoid set 0-65535 Sep 21 07:25:02.669218: | outgoing-port-permit set 32768-60999 Sep 21 07:25:02.669221: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:02.669224: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:02.669227: | Setting up events, loop start Sep 21 07:25:02.669230: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55f7d3fa4b00 Sep 21 07:25:02.669233: | libevent_malloc: new ptr-libevent@0x55f7d3fbbf70 size 128 Sep 21 07:25:02.669237: | libevent_malloc: new ptr-libevent@0x55f7d3fbc000 size 16 Sep 21 07:25:02.669243: | libevent_realloc: new ptr-libevent@0x55f7d3fbc020 size 256 Sep 21 07:25:02.669246: | libevent_malloc: new ptr-libevent@0x55f7d3fbc130 size 8 Sep 21 07:25:02.669248: | libevent_realloc: new ptr-libevent@0x55f7d3fb0c60 size 144 Sep 21 07:25:02.669251: | libevent_malloc: new ptr-libevent@0x55f7d3fbc150 size 152 Sep 21 07:25:02.669255: | libevent_malloc: new ptr-libevent@0x55f7d3fbc1f0 size 16 Sep 21 07:25:02.669258: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:02.669261: | libevent_malloc: new ptr-libevent@0x55f7d3fbc210 size 8 Sep 21 07:25:02.669263: | libevent_malloc: new ptr-libevent@0x55f7d3fbc230 size 152 Sep 21 07:25:02.669266: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:02.669269: | libevent_malloc: new ptr-libevent@0x55f7d3fbc2d0 size 8 Sep 21 07:25:02.669271: | libevent_malloc: new ptr-libevent@0x55f7d3fbc2f0 size 152 Sep 21 07:25:02.669274: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:02.669277: | libevent_malloc: new ptr-libevent@0x55f7d3fbc390 size 8 Sep 21 07:25:02.669279: | libevent_realloc: release ptr-libevent@0x55f7d3fb0c60 Sep 21 07:25:02.669282: | libevent_realloc: new ptr-libevent@0x55f7d3fbc3b0 size 256 Sep 21 07:25:02.669285: | libevent_malloc: new ptr-libevent@0x55f7d3fb0c60 size 152 Sep 21 07:25:02.669287: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:02.669675: | created addconn helper (pid:17962) using fork+execve Sep 21 07:25:02.669691: | forked child 17962 Sep 21 07:25:02.669733: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:02.669757: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:02.669764: listening for IKE messages Sep 21 07:25:02.670080: | starting up helper thread 4 Sep 21 07:25:02.670091: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:02.670098: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:02.673698: | Inspecting interface lo Sep 21 07:25:02.673718: | found lo with address 127.0.0.1 Sep 21 07:25:02.673722: | Inspecting interface eth0 Sep 21 07:25:02.673726: | found eth0 with address 192.0.2.254 Sep 21 07:25:02.673730: | Inspecting interface eth1 Sep 21 07:25:02.673734: | found eth1 with address 192.1.2.23 Sep 21 07:25:02.674233: Kernel supports NIC esp-hw-offload Sep 21 07:25:02.674596: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:25:02.674678: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:02.674689: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:02.674693: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:02.674870: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:25:02.674895: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:02.674899: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:02.674903: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:02.675145: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:02.675166: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:02.675169: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:02.675173: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:02.675248: | no interfaces to sort Sep 21 07:25:02.675252: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:02.675261: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fa5c00 Sep 21 07:25:02.675265: | libevent_malloc: new ptr-libevent@0x55f7d3fbc790 size 128 Sep 21 07:25:02.675269: | libevent_malloc: new ptr-libevent@0x55f7d3fbc820 size 16 Sep 21 07:25:02.675278: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:02.675280: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbc840 Sep 21 07:25:02.675283: | libevent_malloc: new ptr-libevent@0x55f7d3fbc880 size 128 Sep 21 07:25:02.675285: | libevent_malloc: new ptr-libevent@0x55f7d3fbc910 size 16 Sep 21 07:25:02.675290: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:02.675292: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbc930 Sep 21 07:25:02.675295: | libevent_malloc: new ptr-libevent@0x55f7d3fbc970 size 128 Sep 21 07:25:02.675298: | libevent_malloc: new ptr-libevent@0x55f7d3fbca00 size 16 Sep 21 07:25:02.675302: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:02.675305: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbca20 Sep 21 07:25:02.675307: | libevent_malloc: new ptr-libevent@0x55f7d3fbca60 size 128 Sep 21 07:25:02.675310: | libevent_malloc: new ptr-libevent@0x55f7d3fbcaf0 size 16 Sep 21 07:25:02.675314: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:02.675316: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbcb10 Sep 21 07:25:02.675319: | libevent_malloc: new ptr-libevent@0x55f7d3fbcb50 size 128 Sep 21 07:25:02.675321: | libevent_malloc: new ptr-libevent@0x55f7d3fbcbe0 size 16 Sep 21 07:25:02.675326: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:02.675328: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbcc00 Sep 21 07:25:02.675331: | libevent_malloc: new ptr-libevent@0x55f7d3fbcc40 size 128 Sep 21 07:25:02.675333: | libevent_malloc: new ptr-libevent@0x55f7d3fbccd0 size 16 Sep 21 07:25:02.675338: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:02.675343: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:02.675345: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:02.675367: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:02.675383: | saving Modulus Sep 21 07:25:02.675387: | saving PublicExponent Sep 21 07:25:02.675390: | ignoring PrivateExponent Sep 21 07:25:02.675393: | ignoring Prime1 Sep 21 07:25:02.675396: | ignoring Prime2 Sep 21 07:25:02.675400: | ignoring Exponent1 Sep 21 07:25:02.675403: | ignoring Exponent2 Sep 21 07:25:02.675406: | ignoring Coefficient Sep 21 07:25:02.675409: | ignoring CKAIDNSS Sep 21 07:25:02.675448: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:02.675450: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:02.675454: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:02.675459: | certs and keys locked by 'process_secret' Sep 21 07:25:02.675461: | certs and keys unlocked by 'process_secret' Sep 21 07:25:02.675466: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:02.675475: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:02.675485: | spent 2.13 milliseconds in whack Sep 21 07:25:02.715615: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:02.715645: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:02.715651: listening for IKE messages Sep 21 07:25:02.715712: | Inspecting interface lo Sep 21 07:25:02.715718: | found lo with address 127.0.0.1 Sep 21 07:25:02.715721: | Inspecting interface eth0 Sep 21 07:25:02.715725: | found eth0 with address 192.0.2.254 Sep 21 07:25:02.715727: | Inspecting interface eth1 Sep 21 07:25:02.715731: | found eth1 with address 192.1.2.23 Sep 21 07:25:02.716112: | no interfaces to sort Sep 21 07:25:02.716127: | libevent_free: release ptr-libevent@0x55f7d3fbc790 Sep 21 07:25:02.716132: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fa5c00 Sep 21 07:25:02.716136: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fa5c00 Sep 21 07:25:02.716139: | libevent_malloc: new ptr-libevent@0x55f7d3fbc790 size 128 Sep 21 07:25:02.716147: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:02.716152: | libevent_free: release ptr-libevent@0x55f7d3fbc880 Sep 21 07:25:02.716155: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbc840 Sep 21 07:25:02.716157: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbc840 Sep 21 07:25:02.716160: | libevent_malloc: new ptr-libevent@0x55f7d3fbc880 size 128 Sep 21 07:25:02.716166: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:02.716170: | libevent_free: release ptr-libevent@0x55f7d3fbc970 Sep 21 07:25:02.716173: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbc930 Sep 21 07:25:02.716175: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbc930 Sep 21 07:25:02.716178: | libevent_malloc: new ptr-libevent@0x55f7d3fbc970 size 128 Sep 21 07:25:02.716184: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:02.716187: | libevent_free: release ptr-libevent@0x55f7d3fbca60 Sep 21 07:25:02.716190: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbca20 Sep 21 07:25:02.716193: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbca20 Sep 21 07:25:02.716195: | libevent_malloc: new ptr-libevent@0x55f7d3fbca60 size 128 Sep 21 07:25:02.716201: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:02.716205: | libevent_free: release ptr-libevent@0x55f7d3fbcb50 Sep 21 07:25:02.716208: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbcb10 Sep 21 07:25:02.716210: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbcb10 Sep 21 07:25:02.716213: | libevent_malloc: new ptr-libevent@0x55f7d3fbcb50 size 128 Sep 21 07:25:02.716218: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:02.716222: | libevent_free: release ptr-libevent@0x55f7d3fbcc40 Sep 21 07:25:02.716224: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbcc00 Sep 21 07:25:02.716227: | add_fd_read_event_handler: new ethX-pe@0x55f7d3fbcc00 Sep 21 07:25:02.716229: | libevent_malloc: new ptr-libevent@0x55f7d3fbcc40 size 128 Sep 21 07:25:02.716234: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:02.716237: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:02.716240: forgetting secrets Sep 21 07:25:02.716248: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:02.716263: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:02.716277: | saving Modulus Sep 21 07:25:02.716281: | saving PublicExponent Sep 21 07:25:02.716284: | ignoring PrivateExponent Sep 21 07:25:02.716287: | ignoring Prime1 Sep 21 07:25:02.716291: | ignoring Prime2 Sep 21 07:25:02.716294: | ignoring Exponent1 Sep 21 07:25:02.716297: | ignoring Exponent2 Sep 21 07:25:02.716299: | ignoring Coefficient Sep 21 07:25:02.716302: | ignoring CKAIDNSS Sep 21 07:25:02.716329: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:02.716332: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:02.716335: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:02.716340: | certs and keys locked by 'process_secret' Sep 21 07:25:02.716349: | certs and keys unlocked by 'process_secret' Sep 21 07:25:02.716354: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:02.716362: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:02.716369: | spent 0.467 milliseconds in whack Sep 21 07:25:02.716921: | processing signal PLUTO_SIGCHLD Sep 21 07:25:02.716933: | waitpid returned pid 17962 (exited with status 0) Sep 21 07:25:02.716936: | reaped addconn helper child (status 0) Sep 21 07:25:02.716939: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:02.716943: | spent 0.0127 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:02.834979: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:02.835005: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:02.835009: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:02.835012: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:02.835014: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:02.835018: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:02.835026: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:02.835029: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:02.835085: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:02.835089: | from whack: got --esp= Sep 21 07:25:02.835128: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:02.835983: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:02.835999: | loading left certificate 'north' pubkey Sep 21 07:25:02.836095: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf5e0 Sep 21 07:25:02.836100: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf0b0 Sep 21 07:25:02.836103: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbefc0 Sep 21 07:25:02.836226: | unreference key: 0x55f7d3fbec90 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:02.836328: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:25:02.836339: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:25:02.836645: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:02.836651: | loading right certificate 'east' pubkey Sep 21 07:25:02.836731: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf5e0 Sep 21 07:25:02.836735: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf0b0 Sep 21 07:25:02.836738: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbefc0 Sep 21 07:25:02.836740: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fc0150 Sep 21 07:25:02.836743: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf6d0 Sep 21 07:25:02.836946: | unreference key: 0x55f7d3fc6ec0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:02.837109: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:25:02.837113: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:25:02.837129: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:25:02.837139: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:25:02.837142: | new hp@0x55f7d3fc33d0 Sep 21 07:25:02.837146: added connection description "northnet-eastnets/0x1" Sep 21 07:25:02.837155: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:02.837177: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:25:02.837184: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:02.837190: | spent 2.21 milliseconds in whack Sep 21 07:25:02.837250: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:02.837263: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:02.837266: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:02.837269: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:02.837271: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:02.837275: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:02.837280: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:02.837283: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:02.837331: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:02.837334: | from whack: got --esp= Sep 21 07:25:02.837369: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:02.837458: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:02.837464: | loading left certificate 'north' pubkey Sep 21 07:25:02.837515: | unreference key: 0x55f7d3fc3210 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:02.837526: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fc7d70 Sep 21 07:25:02.837529: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fc8790 Sep 21 07:25:02.837531: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf5e0 Sep 21 07:25:02.837575: | unreference key: 0x55f7d3fbf130 @north.testing.libreswan.org cnt 1-- Sep 21 07:25:02.837618: | unreference key: 0x55f7d3fc2e30 user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:02.837666: | unreference key: 0x55f7d3fc8030 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:02.837767: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:25:02.837778: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:25:02.837860: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:25:02.837870: | loading right certificate 'east' pubkey Sep 21 07:25:02.837922: | unreference key: 0x55f7d3fc90f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:02.837934: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fc7d70 Sep 21 07:25:02.837936: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fc8790 Sep 21 07:25:02.837939: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf5e0 Sep 21 07:25:02.837941: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf0b0 Sep 21 07:25:02.837944: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbefc0 Sep 21 07:25:02.837987: | unreference key: 0x55f7d3fc81d0 192.1.2.23 cnt 1-- Sep 21 07:25:02.838029: | unreference key: 0x55f7d3fc85f0 east@testing.libreswan.org cnt 1-- Sep 21 07:25:02.838072: | unreference key: 0x55f7d3fc89b0 @east.testing.libreswan.org cnt 1-- Sep 21 07:25:02.838121: | unreference key: 0x55f7d3fc8ce0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:02.838169: | unreference key: 0x55f7d3fc9ff0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:02.838212: | secrets entry for east already exists Sep 21 07:25:02.838223: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:25:02.838230: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:02.838235: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55f7d3fc33d0: northnet-eastnets/0x1 Sep 21 07:25:02.838237: added connection description "northnet-eastnets/0x2" Sep 21 07:25:02.838244: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:02.838265: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:25:02.838271: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:02.838276: | spent 1.02 milliseconds in whack Sep 21 07:25:02.911064: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:02.911274: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:02.911281: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:02.911471: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:02.911484: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:02.911493: | spent 0.436 milliseconds in whack Sep 21 07:25:03.005315: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:03.005341: | old debugging base+cpu-usage + none Sep 21 07:25:03.005346: | base debugging = base+cpu-usage Sep 21 07:25:03.005349: | old impairing none + suppress-retransmits Sep 21 07:25:03.005351: | base impairing = suppress-retransmits Sep 21 07:25:03.005358: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:03.005365: | spent 0.0558 milliseconds in whack Sep 21 07:25:06.248954: | spent 0.00342 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.248984: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.248988: | 62 7f 63 f5 15 4b b5 62 00 00 00 00 00 00 00 00 Sep 21 07:25:06.248990: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:06.248992: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:06.248998: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:06.249001: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:06.249003: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:06.249005: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:06.249008: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:06.249010: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:06.249012: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:06.249014: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:06.249016: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:06.249019: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:06.249021: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:06.249023: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:06.249025: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:06.249028: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:06.249030: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:06.249032: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:06.249034: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:06.249037: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:06.249039: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:06.249041: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:06.249043: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:06.249231: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:06.249235: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:06.249237: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:06.249239: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:06.249241: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:06.249244: | 28 00 01 08 00 0e 00 00 f3 54 43 c0 e0 87 97 ac Sep 21 07:25:06.249246: | b1 23 94 0e a3 dd f0 bd 6d 23 0b 9d f8 d5 fc 91 Sep 21 07:25:06.249248: | cf dc 3f 92 07 62 5c d2 22 5a 28 bb e9 23 0b 08 Sep 21 07:25:06.249250: | 9c ae bf 11 fc 57 4e 90 6d 0f 05 d4 57 4e b3 cc Sep 21 07:25:06.249253: | cb b8 10 85 57 4a 3f a9 f6 b9 c2 9a 7c 35 1c 2a Sep 21 07:25:06.249255: | 7e dc 7c ff 54 c5 f2 44 e5 9a 8c 36 f3 9a 90 63 Sep 21 07:25:06.249257: | ad e4 78 3e dd f5 5b 7c 33 5c 92 65 2f 2c 8b 0c Sep 21 07:25:06.249259: | 0e b8 8d 88 7a 6a a7 47 dc 22 60 ee 48 fd 01 8e Sep 21 07:25:06.249262: | 91 3f 77 e8 e8 7b c7 81 a8 98 78 c7 bb f9 11 4c Sep 21 07:25:06.249264: | 74 05 3e c4 41 f6 19 65 87 f4 c5 e2 77 bb 2f 11 Sep 21 07:25:06.249266: | 08 9c fb e5 ff a6 cc 76 f8 2c 78 a5 97 75 5e 16 Sep 21 07:25:06.249268: | 2b 31 b0 2f 13 d1 71 c7 10 0b 6e 5b 69 22 c3 9e Sep 21 07:25:06.249271: | 5a 81 30 81 27 cc ff a6 f0 8e 1b f9 fe 2f fc a7 Sep 21 07:25:06.249273: | 4f d8 dd a8 28 a1 58 d5 a6 86 71 1f 18 16 79 bd Sep 21 07:25:06.249275: | 40 6c b8 25 65 56 83 8b 6f ca 14 cb f4 88 ee 01 Sep 21 07:25:06.249278: | c9 25 13 41 21 a3 3e 0c 87 dd b6 b1 3d 6c 89 4e Sep 21 07:25:06.249280: | 7d 81 01 a7 b1 32 0d 8b 29 00 00 24 27 43 6b bd Sep 21 07:25:06.249282: | 5b 2b 36 a8 21 20 1a 1a c3 44 4b 3e 90 a3 e9 2c Sep 21 07:25:06.249284: | df 32 f2 db eb f0 3e 42 5c 09 5a 14 29 00 00 08 Sep 21 07:25:06.249287: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ed f9 f6 ed Sep 21 07:25:06.249289: | a2 80 d9 49 88 31 b4 05 56 5d e5 3a 39 ac b8 16 Sep 21 07:25:06.249291: | 00 00 00 1c 00 00 40 05 ec 82 63 a9 7b f7 87 b3 Sep 21 07:25:06.249293: | 8e e5 24 a4 16 1c 83 a6 0f 6c fc ed Sep 21 07:25:06.249301: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.249305: | **parse ISAKMP Message: Sep 21 07:25:06.249308: | initiator cookie: Sep 21 07:25:06.249310: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.249315: | responder cookie: Sep 21 07:25:06.249317: | 00 00 00 00 00 00 00 00 Sep 21 07:25:06.249320: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:06.249323: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.249325: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:06.249328: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.249330: | Message ID: 0 (0x0) Sep 21 07:25:06.249333: | length: 828 (0x33c) Sep 21 07:25:06.249336: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:06.249339: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:06.249343: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:06.249346: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:06.249349: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:06.249351: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:06.249354: | flags: none (0x0) Sep 21 07:25:06.249356: | length: 436 (0x1b4) Sep 21 07:25:06.249358: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:25:06.249361: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:06.249364: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:06.249366: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:06.249368: | flags: none (0x0) Sep 21 07:25:06.249370: | length: 264 (0x108) Sep 21 07:25:06.249376: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.249379: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:06.249381: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:06.249384: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:06.249386: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:06.249388: | flags: none (0x0) Sep 21 07:25:06.249391: | length: 36 (0x24) Sep 21 07:25:06.249393: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:06.249395: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:06.249398: | ***parse IKEv2 Notify Payload: Sep 21 07:25:06.249400: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:06.249402: | flags: none (0x0) Sep 21 07:25:06.249405: | length: 8 (0x8) Sep 21 07:25:06.249407: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:06.249410: | SPI size: 0 (0x0) Sep 21 07:25:06.249412: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:06.249415: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:06.249417: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:06.249419: | ***parse IKEv2 Notify Payload: Sep 21 07:25:06.249422: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:06.249424: | flags: none (0x0) Sep 21 07:25:06.249426: | length: 28 (0x1c) Sep 21 07:25:06.249429: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:06.249431: | SPI size: 0 (0x0) Sep 21 07:25:06.249433: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:06.249436: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:06.249438: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:06.249440: | ***parse IKEv2 Notify Payload: Sep 21 07:25:06.249443: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.249445: | flags: none (0x0) Sep 21 07:25:06.249447: | length: 28 (0x1c) Sep 21 07:25:06.249449: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:06.249452: | SPI size: 0 (0x0) Sep 21 07:25:06.249454: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:06.249456: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:06.249459: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:06.249465: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:06.249470: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:06.249473: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:06.249479: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Sep 21 07:25:06.249482: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Sep 21 07:25:06.249485: | find_next_host_connection returns empty Sep 21 07:25:06.249489: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:06.249492: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:06.249494: | find_next_host_connection returns empty Sep 21 07:25:06.249498: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:06.249503: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:06.249507: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:06.249510: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:06.249512: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Sep 21 07:25:06.249515: | find_next_host_connection returns northnet-eastnets/0x2 Sep 21 07:25:06.249517: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:06.249520: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Sep 21 07:25:06.249523: | find_next_host_connection returns northnet-eastnets/0x1 Sep 21 07:25:06.249525: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:06.249527: | find_next_host_connection returns empty Sep 21 07:25:06.249530: | found connection: northnet-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:06.249554: | creating state object #1 at 0x55f7d3fca4c0 Sep 21 07:25:06.249557: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:06.249565: | pstats #1 ikev2.ike started Sep 21 07:25:06.249569: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:06.249572: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:06.249577: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:06.249587: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.249590: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:06.249595: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:06.249598: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:06.249602: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:06.249606: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:06.249609: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:06.249612: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:06.249614: | Now let's proceed with state specific processing Sep 21 07:25:06.249616: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:06.249622: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:06.249626: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Sep 21 07:25:06.249634: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:06.249642: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:06.249649: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:06.249654: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:06.249658: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:06.249663: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:06.249667: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:06.249672: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:06.249683: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:06.249687: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:25:06.249690: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:06.249693: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:06.249695: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:06.249698: | local proposal 1 type DH has 8 transforms Sep 21 07:25:06.249700: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:06.249704: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:06.249706: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:06.249708: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:06.249711: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:06.249713: | local proposal 2 type DH has 8 transforms Sep 21 07:25:06.249716: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:06.249718: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:06.249721: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:06.249723: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:06.249726: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:06.249728: | local proposal 3 type DH has 8 transforms Sep 21 07:25:06.249730: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:06.249733: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:06.249736: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:06.249738: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:06.249741: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:06.249743: | local proposal 4 type DH has 8 transforms Sep 21 07:25:06.249745: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:06.249748: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:06.249751: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.249754: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.249756: | length: 100 (0x64) Sep 21 07:25:06.249759: | prop #: 1 (0x1) Sep 21 07:25:06.249761: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:06.249768: | spi size: 0 (0x0) Sep 21 07:25:06.249771: | # transforms: 11 (0xb) Sep 21 07:25:06.249774: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:06.249777: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249780: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249782: | length: 12 (0xc) Sep 21 07:25:06.249816: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.249819: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.249821: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.249824: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.249826: | length/value: 256 (0x100) Sep 21 07:25:06.249831: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:06.249833: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249838: | length: 8 (0x8) Sep 21 07:25:06.249840: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.249843: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:06.249846: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:06.249849: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:25:06.249853: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:25:06.249856: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:25:06.249858: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249863: | length: 8 (0x8) Sep 21 07:25:06.249865: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.249867: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:06.249870: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249875: | length: 8 (0x8) Sep 21 07:25:06.249877: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249879: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.249883: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:06.249886: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:25:06.249889: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:25:06.249892: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:25:06.249895: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249899: | length: 8 (0x8) Sep 21 07:25:06.249902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249904: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:06.249907: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249911: | length: 8 (0x8) Sep 21 07:25:06.249914: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249916: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:06.249919: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249923: | length: 8 (0x8) Sep 21 07:25:06.249926: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249928: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:06.249931: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249935: | length: 8 (0x8) Sep 21 07:25:06.249939: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249942: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:06.249944: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249947: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249949: | length: 8 (0x8) Sep 21 07:25:06.249951: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249954: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:06.249956: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.249961: | length: 8 (0x8) Sep 21 07:25:06.249963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249966: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:06.249968: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.249971: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.249973: | length: 8 (0x8) Sep 21 07:25:06.249975: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.249978: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:06.249981: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:06.249986: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:06.249988: | remote proposal 1 matches local proposal 1 Sep 21 07:25:06.249991: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.249993: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.249996: | length: 100 (0x64) Sep 21 07:25:06.249998: | prop #: 2 (0x2) Sep 21 07:25:06.250000: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:06.250003: | spi size: 0 (0x0) Sep 21 07:25:06.250005: | # transforms: 11 (0xb) Sep 21 07:25:06.250008: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.250011: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250013: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250015: | length: 12 (0xc) Sep 21 07:25:06.250017: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.250020: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.250022: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.250025: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.250027: | length/value: 128 (0x80) Sep 21 07:25:06.250030: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250035: | length: 8 (0x8) Sep 21 07:25:06.250037: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.250040: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:06.250042: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250047: | length: 8 (0x8) Sep 21 07:25:06.250049: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.250052: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:06.250054: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250059: | length: 8 (0x8) Sep 21 07:25:06.250062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250064: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.250067: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250069: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250071: | length: 8 (0x8) Sep 21 07:25:06.250074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250076: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:06.250079: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250081: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250085: | length: 8 (0x8) Sep 21 07:25:06.250087: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250090: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:06.250092: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250097: | length: 8 (0x8) Sep 21 07:25:06.250099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250101: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:06.250104: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250109: | length: 8 (0x8) Sep 21 07:25:06.250111: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250113: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:06.250116: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250120: | length: 8 (0x8) Sep 21 07:25:06.250123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250125: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:06.250128: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250132: | length: 8 (0x8) Sep 21 07:25:06.250135: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250137: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:06.250140: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250142: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.250144: | length: 8 (0x8) Sep 21 07:25:06.250147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250149: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:06.250152: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:25:06.250156: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:25:06.250158: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.250160: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.250163: | length: 116 (0x74) Sep 21 07:25:06.250165: | prop #: 3 (0x3) Sep 21 07:25:06.250167: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:06.250169: | spi size: 0 (0x0) Sep 21 07:25:06.250172: | # transforms: 13 (0xd) Sep 21 07:25:06.250175: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.250177: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250182: | length: 12 (0xc) Sep 21 07:25:06.250184: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.250187: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:06.250189: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.250191: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.250194: | length/value: 256 (0x100) Sep 21 07:25:06.250196: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250201: | length: 8 (0x8) Sep 21 07:25:06.250203: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.250206: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:06.250208: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250211: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250213: | length: 8 (0x8) Sep 21 07:25:06.250215: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.250218: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:06.250220: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250225: | length: 8 (0x8) Sep 21 07:25:06.250227: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.250231: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:06.250234: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250239: | length: 8 (0x8) Sep 21 07:25:06.250241: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.250243: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:06.250246: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250249: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250251: | length: 8 (0x8) Sep 21 07:25:06.250253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250255: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.250258: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250263: | length: 8 (0x8) Sep 21 07:25:06.250265: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250267: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:06.250270: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250274: | length: 8 (0x8) Sep 21 07:25:06.250276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250279: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:06.250284: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250290: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250293: | length: 8 (0x8) Sep 21 07:25:06.250296: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250298: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:06.250301: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250304: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250306: | length: 8 (0x8) Sep 21 07:25:06.250308: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250310: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:06.250313: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250321: | length: 8 (0x8) Sep 21 07:25:06.250325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250328: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:06.250331: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250340: | length: 8 (0x8) Sep 21 07:25:06.250343: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250346: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:06.250349: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250351: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.250353: | length: 8 (0x8) Sep 21 07:25:06.250356: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250359: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:06.250363: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:06.250366: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:06.250369: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.250371: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:06.250374: | length: 116 (0x74) Sep 21 07:25:06.250376: | prop #: 4 (0x4) Sep 21 07:25:06.250378: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:06.250381: | spi size: 0 (0x0) Sep 21 07:25:06.250383: | # transforms: 13 (0xd) Sep 21 07:25:06.250387: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.250389: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250396: | length: 12 (0xc) Sep 21 07:25:06.250399: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.250402: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:06.250404: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.250407: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.250409: | length/value: 128 (0x80) Sep 21 07:25:06.250412: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250417: | length: 8 (0x8) Sep 21 07:25:06.250420: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.250422: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:06.250425: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250430: | length: 8 (0x8) Sep 21 07:25:06.250433: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.250435: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:06.250438: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250443: | length: 8 (0x8) Sep 21 07:25:06.250445: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.250448: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:06.250450: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250455: | length: 8 (0x8) Sep 21 07:25:06.250458: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.250460: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:06.250463: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250468: | length: 8 (0x8) Sep 21 07:25:06.250470: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250472: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.250475: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250478: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250480: | length: 8 (0x8) Sep 21 07:25:06.250482: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250484: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:06.250487: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250492: | length: 8 (0x8) Sep 21 07:25:06.250494: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250497: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:06.250499: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250504: | length: 8 (0x8) Sep 21 07:25:06.250507: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250509: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:06.250512: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250517: | length: 8 (0x8) Sep 21 07:25:06.250519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250522: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:06.250524: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250529: | length: 8 (0x8) Sep 21 07:25:06.250532: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250534: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:06.250537: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.250541: | length: 8 (0x8) Sep 21 07:25:06.250544: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250546: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:06.250553: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.250555: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.250558: | length: 8 (0x8) Sep 21 07:25:06.250560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.250562: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:06.250566: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:06.250569: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:06.250574: "northnet-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:25:06.250580: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:25:06.250582: | converting proposal to internal trans attrs Sep 21 07:25:06.250587: | natd_hash: rcookie is zero Sep 21 07:25:06.250600: | natd_hash: hasher=0x55f7d3c427a0(20) Sep 21 07:25:06.250603: | natd_hash: icookie= 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.250606: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:06.250608: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:06.250611: | natd_hash: port= 01 f4 Sep 21 07:25:06.250613: | natd_hash: hash= ec 82 63 a9 7b f7 87 b3 8e e5 24 a4 16 1c 83 a6 Sep 21 07:25:06.250615: | natd_hash: hash= 0f 6c fc ed Sep 21 07:25:06.250618: | natd_hash: rcookie is zero Sep 21 07:25:06.250623: | natd_hash: hasher=0x55f7d3c427a0(20) Sep 21 07:25:06.250626: | natd_hash: icookie= 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.250628: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:06.250630: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:06.250632: | natd_hash: port= 01 f4 Sep 21 07:25:06.250635: | natd_hash: hash= ed f9 f6 ed a2 80 d9 49 88 31 b4 05 56 5d e5 3a Sep 21 07:25:06.250637: | natd_hash: hash= 39 ac b8 16 Sep 21 07:25:06.250639: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:06.250641: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:06.250644: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:06.250647: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:25:06.250653: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:25:06.250656: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.250660: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:06.250664: | libevent_malloc: new ptr-libevent@0x55f7d3fbf020 size 128 Sep 21 07:25:06.250677: | #1 spent 1.03 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:06.250684: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.250688: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:06.250691: | suspending state #1 and saving MD Sep 21 07:25:06.250693: | #1 is busy; has a suspended MD Sep 21 07:25:06.250697: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:06.250701: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:06.250707: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.250711: | #1 spent 1.54 milliseconds in ikev2_process_packet() Sep 21 07:25:06.250715: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.250718: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.250721: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.250724: | spent 1.55 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.250847: | crypto helper 1 resuming Sep 21 07:25:06.250856: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:25:06.250860: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:25:06.251849: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000987 seconds Sep 21 07:25:06.251862: | (#1) spent 0.995 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:06.251865: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:06.251868: | scheduling resume sending helper answer for #1 Sep 21 07:25:06.251871: | libevent_malloc: new ptr-libevent@0x7f71f8006900 size 128 Sep 21 07:25:06.251880: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:06.251891: | processing resume sending helper answer for #1 Sep 21 07:25:06.251902: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:06.251906: | crypto helper 1 replies to request ID 1 Sep 21 07:25:06.251908: | calling continuation function 0x55f7d3b6c630 Sep 21 07:25:06.251910: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:25:06.251935: | **emit ISAKMP Message: Sep 21 07:25:06.251937: | initiator cookie: Sep 21 07:25:06.251939: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.251940: | responder cookie: Sep 21 07:25:06.251942: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.251944: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.251945: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.251947: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:06.251949: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.251951: | Message ID: 0 (0x0) Sep 21 07:25:06.251953: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.251955: | Emitting ikev2_proposal ... Sep 21 07:25:06.251957: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:06.251958: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.251960: | flags: none (0x0) Sep 21 07:25:06.251962: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:06.251964: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.251966: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.251968: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:06.251969: | prop #: 1 (0x1) Sep 21 07:25:06.251971: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:06.251972: | spi size: 0 (0x0) Sep 21 07:25:06.251974: | # transforms: 3 (0x3) Sep 21 07:25:06.251976: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:06.251978: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.251980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.251981: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.251983: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.251985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.251989: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.251991: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.251993: | length/value: 256 (0x100) Sep 21 07:25:06.251994: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:06.251996: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.251998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.251999: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:06.252001: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:06.252004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.252007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.252009: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:06.252012: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.252014: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.252015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.252017: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.252019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.252020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.252022: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:06.252024: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:25:06.252025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:06.252027: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:25:06.252028: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:06.252031: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:06.252032: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.252034: | flags: none (0x0) Sep 21 07:25:06.252035: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.252037: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:06.252040: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.252043: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:06.252046: | ikev2 g^x ce 4d 59 a0 eb cd 94 78 ec be e7 e3 21 30 45 e6 Sep 21 07:25:06.252048: | ikev2 g^x e8 c2 49 d3 c7 df 73 a4 67 86 ef c0 f6 da e3 b1 Sep 21 07:25:06.252050: | ikev2 g^x c6 8e dd e6 c6 a5 68 fc 05 a4 77 1d 23 52 15 45 Sep 21 07:25:06.252052: | ikev2 g^x 80 2a 03 40 95 f6 09 e4 86 76 9a 99 eb 73 d4 d0 Sep 21 07:25:06.252054: | ikev2 g^x 4a 06 66 af 9f d1 74 14 a2 66 6f 1b a5 43 cf b3 Sep 21 07:25:06.252056: | ikev2 g^x 11 63 f4 52 a0 df eb 22 1e 25 3e 15 1b 49 e9 d1 Sep 21 07:25:06.252058: | ikev2 g^x f5 c2 36 c0 d1 8f 91 a3 39 37 89 a7 52 33 fe 79 Sep 21 07:25:06.252059: | ikev2 g^x 46 a7 ea 88 fb f7 3e 7d 91 5d f8 b3 4b d0 a5 a8 Sep 21 07:25:06.252061: | ikev2 g^x 2d 50 cc a3 ef 1f ac 8d b2 86 26 60 09 44 df de Sep 21 07:25:06.252063: | ikev2 g^x 6b 9c b7 34 79 1b 87 8f ac 4e b5 c3 8f a6 d9 7d Sep 21 07:25:06.252065: | ikev2 g^x 48 57 c2 f9 40 a7 06 34 71 ab 84 12 62 72 51 d3 Sep 21 07:25:06.252067: | ikev2 g^x 70 3e d7 d7 e1 73 68 de 37 47 8a e7 b3 21 2a 15 Sep 21 07:25:06.252069: | ikev2 g^x 13 8b 29 8a 4b a8 0a 53 48 71 05 f8 d2 36 05 fc Sep 21 07:25:06.252071: | ikev2 g^x 7a 63 3c f5 36 44 5f e6 c0 98 b6 e8 10 37 f0 22 Sep 21 07:25:06.252073: | ikev2 g^x 56 fe 77 9a ad 3f 3a d6 84 74 71 82 0a 9f 76 90 Sep 21 07:25:06.252077: | ikev2 g^x 18 70 c2 b1 4b 80 7d 7d 07 a4 1d 27 08 0f 31 bc Sep 21 07:25:06.252080: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:06.252082: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:06.252084: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:06.252086: | flags: none (0x0) Sep 21 07:25:06.252089: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:06.252091: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:06.252094: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.252096: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:06.252099: | IKEv2 nonce bb f7 06 e7 91 d9 1c cc 96 e4 1a bb 42 01 68 6f Sep 21 07:25:06.252100: | IKEv2 nonce 6f d1 5d 4a e7 ec 05 9b 7e 8a 74 29 b3 d3 8a 29 Sep 21 07:25:06.252103: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:06.252107: | Adding a v2N Payload Sep 21 07:25:06.252109: | ***emit IKEv2 Notify Payload: Sep 21 07:25:06.252111: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.252113: | flags: none (0x0) Sep 21 07:25:06.252116: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:06.252118: | SPI size: 0 (0x0) Sep 21 07:25:06.252121: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:06.252124: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:06.252126: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.252128: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:06.252131: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:06.252143: | natd_hash: hasher=0x55f7d3c427a0(20) Sep 21 07:25:06.252146: | natd_hash: icookie= 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.252148: | natd_hash: rcookie= 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.252150: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:06.252152: | natd_hash: port= 01 f4 Sep 21 07:25:06.252154: | natd_hash: hash= ed af 0f 62 a1 cb f0 62 d5 2c 03 c9 36 9e 20 5e Sep 21 07:25:06.252156: | natd_hash: hash= 28 13 9c cc Sep 21 07:25:06.252158: | Adding a v2N Payload Sep 21 07:25:06.252160: | ***emit IKEv2 Notify Payload: Sep 21 07:25:06.252163: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.252165: | flags: none (0x0) Sep 21 07:25:06.252167: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:06.252169: | SPI size: 0 (0x0) Sep 21 07:25:06.252172: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:06.252174: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:06.252176: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.252179: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:06.252181: | Notify data ed af 0f 62 a1 cb f0 62 d5 2c 03 c9 36 9e 20 5e Sep 21 07:25:06.252183: | Notify data 28 13 9c cc Sep 21 07:25:06.252186: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:06.252192: | natd_hash: hasher=0x55f7d3c427a0(20) Sep 21 07:25:06.252194: | natd_hash: icookie= 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.252196: | natd_hash: rcookie= 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.252198: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:06.252200: | natd_hash: port= 01 f4 Sep 21 07:25:06.252202: | natd_hash: hash= 93 69 96 74 be 7b 08 c2 67 7d 39 c2 1b 98 96 84 Sep 21 07:25:06.252204: | natd_hash: hash= 11 db 6b be Sep 21 07:25:06.252206: | Adding a v2N Payload Sep 21 07:25:06.252208: | ***emit IKEv2 Notify Payload: Sep 21 07:25:06.252209: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.252212: | flags: none (0x0) Sep 21 07:25:06.252214: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:06.252215: | SPI size: 0 (0x0) Sep 21 07:25:06.252217: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:06.252219: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:06.252222: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.252224: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:06.252226: | Notify data 93 69 96 74 be 7b 08 c2 67 7d 39 c2 1b 98 96 84 Sep 21 07:25:06.252228: | Notify data 11 db 6b be Sep 21 07:25:06.252230: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:06.252233: | going to send a certreq Sep 21 07:25:06.252235: | connection->kind is CK_PERMANENT so send CERTREQ Sep 21 07:25:06.252237: | ***emit IKEv2 Certificate Request Payload: Sep 21 07:25:06.252239: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.252241: | flags: none (0x0) Sep 21 07:25:06.252244: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:06.252246: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:06.252248: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.252893: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Sep 21 07:25:06.252911: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Sep 21 07:25:06.252915: | CA cert public key hash Sep 21 07:25:06.252918: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:25:06.252921: | 8e eb 22 c0 Sep 21 07:25:06.252925: | emitting length of IKEv2 Certificate Request Payload: 25 Sep 21 07:25:06.252928: | emitting length of ISAKMP Message: 457 Sep 21 07:25:06.252938: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.252943: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:06.252947: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:06.252951: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:06.252955: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:06.252962: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:06.252968: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:06.252973: "northnet-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:06.252979: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:06.252987: | sending 457 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.252990: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.252993: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Sep 21 07:25:06.252996: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:06.252999: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:06.253002: | 04 00 00 0e 28 00 01 08 00 0e 00 00 ce 4d 59 a0 Sep 21 07:25:06.253005: | eb cd 94 78 ec be e7 e3 21 30 45 e6 e8 c2 49 d3 Sep 21 07:25:06.253008: | c7 df 73 a4 67 86 ef c0 f6 da e3 b1 c6 8e dd e6 Sep 21 07:25:06.253010: | c6 a5 68 fc 05 a4 77 1d 23 52 15 45 80 2a 03 40 Sep 21 07:25:06.253016: | 95 f6 09 e4 86 76 9a 99 eb 73 d4 d0 4a 06 66 af Sep 21 07:25:06.253019: | 9f d1 74 14 a2 66 6f 1b a5 43 cf b3 11 63 f4 52 Sep 21 07:25:06.253022: | a0 df eb 22 1e 25 3e 15 1b 49 e9 d1 f5 c2 36 c0 Sep 21 07:25:06.253025: | d1 8f 91 a3 39 37 89 a7 52 33 fe 79 46 a7 ea 88 Sep 21 07:25:06.253028: | fb f7 3e 7d 91 5d f8 b3 4b d0 a5 a8 2d 50 cc a3 Sep 21 07:25:06.253031: | ef 1f ac 8d b2 86 26 60 09 44 df de 6b 9c b7 34 Sep 21 07:25:06.253034: | 79 1b 87 8f ac 4e b5 c3 8f a6 d9 7d 48 57 c2 f9 Sep 21 07:25:06.253037: | 40 a7 06 34 71 ab 84 12 62 72 51 d3 70 3e d7 d7 Sep 21 07:25:06.253040: | e1 73 68 de 37 47 8a e7 b3 21 2a 15 13 8b 29 8a Sep 21 07:25:06.253043: | 4b a8 0a 53 48 71 05 f8 d2 36 05 fc 7a 63 3c f5 Sep 21 07:25:06.253045: | 36 44 5f e6 c0 98 b6 e8 10 37 f0 22 56 fe 77 9a Sep 21 07:25:06.253048: | ad 3f 3a d6 84 74 71 82 0a 9f 76 90 18 70 c2 b1 Sep 21 07:25:06.253051: | 4b 80 7d 7d 07 a4 1d 27 08 0f 31 bc 29 00 00 24 Sep 21 07:25:06.253054: | bb f7 06 e7 91 d9 1c cc 96 e4 1a bb 42 01 68 6f Sep 21 07:25:06.253057: | 6f d1 5d 4a e7 ec 05 9b 7e 8a 74 29 b3 d3 8a 29 Sep 21 07:25:06.253060: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:06.253064: | ed af 0f 62 a1 cb f0 62 d5 2c 03 c9 36 9e 20 5e Sep 21 07:25:06.253067: | 28 13 9c cc 26 00 00 1c 00 00 40 05 93 69 96 74 Sep 21 07:25:06.253070: | be 7b 08 c2 67 7d 39 c2 1b 98 96 84 11 db 6b be Sep 21 07:25:06.253072: | 00 00 00 19 04 4e cf af 8c 44 87 de 90 be 28 67 Sep 21 07:25:06.253075: | b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:25:06.253136: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:06.253143: | libevent_free: release ptr-libevent@0x55f7d3fbf020 Sep 21 07:25:06.253148: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.253151: | event_schedule: new EVENT_SO_DISCARD-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.253156: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:25:06.253160: | libevent_malloc: new ptr-libevent@0x55f7d3fbf020 size 128 Sep 21 07:25:06.253165: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:06.253173: | #1 spent 1.23 milliseconds in resume sending helper answer Sep 21 07:25:06.253180: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:06.253184: | libevent_free: release ptr-libevent@0x7f71f8006900 Sep 21 07:25:06.265668: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.265690: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.265693: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.265696: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:06.265698: | 00 01 00 05 bb 3b 85 1a db a8 8a fe a9 87 ff 11 Sep 21 07:25:06.265700: | 29 5e 07 45 df 62 fc 19 ef c8 ad d7 b3 a7 45 96 Sep 21 07:25:06.265702: | 12 eb 69 65 16 ff 28 b3 ad 5b 88 9a cb 9c 61 4a Sep 21 07:25:06.265705: | d5 7e 64 b0 f1 eb f1 9d e6 19 5b 20 ac 5c 7a ad Sep 21 07:25:06.265707: | 0c 97 e0 79 69 b8 b2 65 ad 7e 0a a3 3c 9b a9 05 Sep 21 07:25:06.265709: | cb 14 44 23 1c 84 1f bf 62 5b 11 a3 c8 6c 5d c3 Sep 21 07:25:06.265711: | d1 9e d6 ee 75 d1 ea ab b1 e2 44 3c df 3a 7d 62 Sep 21 07:25:06.265714: | 06 46 f3 8b f6 ef db 8e 9e 5e 16 f7 68 d0 7e 11 Sep 21 07:25:06.265716: | e9 39 fa a7 ac c3 6f 7a 81 9f 38 24 b4 72 bf 3a Sep 21 07:25:06.265718: | 06 5a aa 7e ef 7a 26 b8 88 ca 50 bf b8 ca ff 40 Sep 21 07:25:06.265720: | f0 9b 86 10 b9 48 11 3f dc aa 49 0b 53 15 25 f7 Sep 21 07:25:06.265723: | 67 94 09 bc 60 be 1a 06 50 b7 59 16 50 52 5c b8 Sep 21 07:25:06.265725: | cf 04 b9 61 de a9 77 6d 51 05 8d de 94 40 b1 4e Sep 21 07:25:06.265727: | 23 12 72 b6 e3 31 42 b6 f2 f6 17 00 7f 0f 83 58 Sep 21 07:25:06.265729: | 91 8d 21 28 41 f8 5f 25 fb e6 13 e4 c1 26 9a 7d Sep 21 07:25:06.265731: | a3 dc d8 79 ac 55 d9 b2 9b 19 08 13 ac a5 02 2f Sep 21 07:25:06.265736: | 31 82 4c 88 b2 23 d5 41 5e 1a 7c cb 79 64 2e 84 Sep 21 07:25:06.265738: | 04 94 45 b3 12 16 e3 a0 23 80 d1 07 ff 2c c8 58 Sep 21 07:25:06.265740: | e7 40 8f 8c 66 a4 dd d6 c8 0e fe 0c 05 c4 4d eb Sep 21 07:25:06.265742: | 31 f8 2c cd a7 e6 e8 5f 2c 79 3b 6a ec a0 db 77 Sep 21 07:25:06.265745: | 6c cf ff 9e c9 31 bf 07 d9 1a f0 9c 26 04 ac 54 Sep 21 07:25:06.265747: | bf d5 37 97 e3 e4 10 98 68 dd bc b5 11 b4 cc f3 Sep 21 07:25:06.265749: | 5c 39 06 32 18 25 eb 72 db e1 ad 08 66 0c 45 1e Sep 21 07:25:06.265751: | 98 30 2b 6e 39 4e 4f c7 1b c2 03 b5 db 21 7b 88 Sep 21 07:25:06.265754: | be 50 42 9f 63 55 ac ec 34 6a d0 f0 5d 0e 90 a9 Sep 21 07:25:06.265756: | 6e 4a 39 c6 bd 63 75 75 26 99 4f 28 75 99 b1 a0 Sep 21 07:25:06.265758: | f6 34 12 29 ca a0 8f d9 6b 48 21 70 c3 f8 b5 c2 Sep 21 07:25:06.265760: | b8 ae 81 94 7a fd 94 e5 e9 66 7b 19 2d b9 ad 23 Sep 21 07:25:06.265763: | d4 aa 70 0f 72 87 6d 9a cb ac b7 f1 3d 46 5a 03 Sep 21 07:25:06.265765: | a4 3d 94 61 33 07 3c c5 6e 57 36 86 19 87 5c d7 Sep 21 07:25:06.265767: | 01 0f da ae f0 d4 f3 5a 43 2f 31 28 a0 40 5f c6 Sep 21 07:25:06.265769: | bc 83 88 a3 51 6a 18 e9 0b 85 c0 Sep 21 07:25:06.265774: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.265778: | **parse ISAKMP Message: Sep 21 07:25:06.265780: | initiator cookie: Sep 21 07:25:06.265790: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.265794: | responder cookie: Sep 21 07:25:06.265796: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.265799: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:06.265802: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.265804: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.265806: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.265809: | Message ID: 1 (0x1) Sep 21 07:25:06.265811: | length: 539 (0x21b) Sep 21 07:25:06.265814: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:06.265817: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:06.265821: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:06.265827: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.265830: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:06.265834: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:06.265837: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:06.265841: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:25:06.265843: | unpacking clear payload Sep 21 07:25:06.265845: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.265848: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:06.265851: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:06.265853: | flags: none (0x0) Sep 21 07:25:06.265855: | length: 511 (0x1ff) Sep 21 07:25:06.265857: | fragment number: 1 (0x1) Sep 21 07:25:06.265859: | total fragments: 5 (0x5) Sep 21 07:25:06.265862: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:06.265867: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:06.265869: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:06.265872: | received IKE encrypted fragment number '1', total number '5', next payload '35' Sep 21 07:25:06.265875: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:25:06.265880: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.265888: | #1 spent 0.201 milliseconds in ikev2_process_packet() Sep 21 07:25:06.265893: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.265896: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.265899: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.265902: | spent 0.216 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.266035: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.266046: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.266049: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266051: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:06.266053: | 00 02 00 05 27 46 55 8c 3c 24 37 64 33 9c f0 04 Sep 21 07:25:06.266056: | 33 a6 23 97 15 ca ac 0b 8f 35 4f 21 1d 6b 05 bf Sep 21 07:25:06.266058: | 3b 43 f0 26 0f 14 ed ac 4b 00 90 59 24 33 5a 1d Sep 21 07:25:06.266060: | 2f af d5 25 09 99 7d 9d 5a 04 a4 09 bb 84 9f e0 Sep 21 07:25:06.266062: | bf c6 90 a6 69 d3 bb cd 47 4a 52 87 b0 ce b9 11 Sep 21 07:25:06.266065: | 2e 1f dd f2 2e 1a 53 f6 2d e5 a8 8c 15 24 b7 94 Sep 21 07:25:06.266067: | 2c f7 8b 89 13 a5 84 a8 19 81 95 de 05 43 da 00 Sep 21 07:25:06.266069: | eb 6a 69 c5 4a 4f 26 25 ff 31 bb a3 61 43 d6 bc Sep 21 07:25:06.266071: | 62 1f 6a ec 1d a5 2b 67 05 84 c0 1e 4a ea 45 de Sep 21 07:25:06.266073: | 40 07 58 be 76 6b ce f5 64 06 b1 3c a7 70 74 ab Sep 21 07:25:06.266076: | 6e 2c 42 a8 bb 69 ef f6 cf bb a1 02 0e 42 22 be Sep 21 07:25:06.266078: | 82 9d 20 cc 7d e9 a5 db 8f 75 09 ac 2c a8 5b 43 Sep 21 07:25:06.266080: | aa 0f b6 03 d0 fe 6a 25 82 20 03 bf 44 ed 2d 47 Sep 21 07:25:06.266082: | 7a 87 0d 0a 66 b9 7c 8a a5 60 b7 70 42 9d e5 fd Sep 21 07:25:06.266084: | 28 95 81 62 16 e0 ae 9a f4 67 d0 88 c9 9e d4 d6 Sep 21 07:25:06.266086: | 2e a3 96 36 38 1e a5 f9 bf 19 00 bd 00 00 12 5b Sep 21 07:25:06.266088: | 04 c1 35 a4 b4 a6 39 4b 53 03 12 1e f8 10 62 c0 Sep 21 07:25:06.266090: | 1d e1 95 57 31 e1 77 c8 aa fd 14 90 ec 29 40 2c Sep 21 07:25:06.266091: | 8c 3a 65 60 02 2a a9 ba b1 61 ca 0b a3 86 6c f2 Sep 21 07:25:06.266093: | cf 2f d2 c2 b9 90 ce a1 a6 41 ab 2a 37 88 70 c1 Sep 21 07:25:06.266095: | 50 1e 8b 8f 11 cc 13 fb e3 28 a6 c2 03 50 81 29 Sep 21 07:25:06.266097: | 18 ac fa d4 d9 95 22 70 10 b0 67 4c ae 18 fc b0 Sep 21 07:25:06.266099: | 94 d1 6d 32 c0 9a 32 0d 3e d9 38 49 ec af 84 d7 Sep 21 07:25:06.266101: | dd 79 1d 80 af 76 1d 4e 82 02 e7 dc ed 7d 84 66 Sep 21 07:25:06.266102: | 77 4e 17 f9 43 a2 ba c2 99 47 31 d5 6c f9 67 c1 Sep 21 07:25:06.266104: | f8 2f e8 5c 39 2a 9e 45 8a b6 e7 28 3d 25 95 da Sep 21 07:25:06.266107: | 4f c0 1c c3 d5 fc 54 0f 32 b0 75 fc 7f 75 60 35 Sep 21 07:25:06.266109: | b0 b9 4b d8 37 51 85 1d 68 69 7d 4e c7 bf ef 36 Sep 21 07:25:06.266111: | c4 2a f8 db b9 42 e0 7f 25 99 6b e1 02 41 55 b1 Sep 21 07:25:06.266113: | 10 95 9d 01 9b 80 4a b1 a4 86 2c 2a eb 51 71 ba Sep 21 07:25:06.266115: | 9e ed ea ae a0 37 02 b5 8f b2 10 bd dc ce 3b 55 Sep 21 07:25:06.266117: | 3d 32 5c 50 b2 2c 38 29 ce fb a3 Sep 21 07:25:06.266121: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.266124: | **parse ISAKMP Message: Sep 21 07:25:06.266127: | initiator cookie: Sep 21 07:25:06.266129: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.266131: | responder cookie: Sep 21 07:25:06.266133: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266136: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:06.266138: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.266141: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.266143: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.266145: | Message ID: 1 (0x1) Sep 21 07:25:06.266147: | length: 539 (0x21b) Sep 21 07:25:06.266152: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:06.266155: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:06.266158: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:06.266163: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.266168: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:06.266170: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:06.266173: | #1 is idle Sep 21 07:25:06.266175: | #1 idle Sep 21 07:25:06.266179: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:06.266181: | unpacking clear payload Sep 21 07:25:06.266183: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.266186: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:06.266188: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.266190: | flags: none (0x0) Sep 21 07:25:06.266192: | length: 511 (0x1ff) Sep 21 07:25:06.266194: | fragment number: 2 (0x2) Sep 21 07:25:06.266196: | total fragments: 5 (0x5) Sep 21 07:25:06.266198: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:06.266200: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:06.266202: | received IKE encrypted fragment number '2', total number '5', next payload '0' Sep 21 07:25:06.266206: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.266210: | #1 spent 0.169 milliseconds in ikev2_process_packet() Sep 21 07:25:06.266214: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.266216: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.266218: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.266222: | spent 0.181 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.266367: | spent 0.000356 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.266379: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.266382: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266384: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:06.266387: | 00 03 00 05 55 41 75 59 63 98 fe 29 67 11 20 d1 Sep 21 07:25:06.266389: | 08 8d 0f 99 61 aa a3 91 bc 2b fd 6f e4 a9 28 70 Sep 21 07:25:06.266391: | f5 20 fb 10 ec e3 08 37 aa 2b 4b d8 56 b9 b7 e0 Sep 21 07:25:06.266394: | ae 4d 2f fd a1 39 15 9d 0e a4 35 f3 5a 75 4c d3 Sep 21 07:25:06.266396: | b6 c2 21 f9 66 8e 60 f5 71 23 a3 6a 41 f1 fc 3e Sep 21 07:25:06.266398: | 6f d8 14 b3 d5 db 43 a8 ed ec e8 a6 1c 66 90 df Sep 21 07:25:06.266400: | 47 2e e4 4b 6a 1a a8 3f 78 2a 6d dd de d5 b4 af Sep 21 07:25:06.266403: | 12 86 e1 da 03 bd c2 e4 34 1d 24 0b c0 3a bb a4 Sep 21 07:25:06.266405: | e6 e6 25 25 8e 8b f0 ab dc 7b 48 c5 74 36 9b 76 Sep 21 07:25:06.266407: | 38 5c 0c 02 79 2b 8d c3 d0 5f d7 43 d9 72 ad 4d Sep 21 07:25:06.266410: | ed 79 7a 4f 98 2f c0 ac a0 6e 1e 9c 3d bd cd a2 Sep 21 07:25:06.266412: | 06 e5 9e d7 3f 31 29 66 ae 1d 0c f6 44 1b 4b 7f Sep 21 07:25:06.266414: | 8e 53 2c 02 12 9e 14 a9 12 9b c3 39 26 64 8b c7 Sep 21 07:25:06.266416: | 32 46 11 9d 0e d1 1f 91 b7 37 9a 87 e9 92 d9 72 Sep 21 07:25:06.266418: | fa 5f 01 e5 1f 5b d4 31 ed 67 28 a0 d9 20 46 4c Sep 21 07:25:06.266420: | be 87 4e 93 3e d6 cd 2b 5f cc 6c e9 ba 54 14 de Sep 21 07:25:06.266422: | ee 6e 2b d5 0a c9 5b c7 3f 50 3e 17 80 69 96 c0 Sep 21 07:25:06.266424: | 91 9f 6a c6 9b 5e d2 98 7b 12 f7 2d 66 be 81 19 Sep 21 07:25:06.266426: | 3d 70 1a a1 ca 88 52 d9 a4 94 1a 7c f9 41 c1 51 Sep 21 07:25:06.266429: | ec 8f e7 81 ec ec ab ec b6 db 27 e8 63 fa a3 a2 Sep 21 07:25:06.266432: | da 6a a4 11 39 ce ec 46 2b 37 b5 fe 43 bb 16 f0 Sep 21 07:25:06.266434: | 20 02 40 0e 35 af 9b 8e 78 5c 00 cf c8 ae bf 3e Sep 21 07:25:06.266436: | d8 af ab c4 af a6 00 59 02 de be 3a b9 c4 e1 ea Sep 21 07:25:06.266438: | ff ee a7 48 bc a4 ec c6 9a cc 8d 16 bf 96 8a 78 Sep 21 07:25:06.266439: | 76 df 11 11 43 aa 71 df 6c a7 12 1e 52 62 f9 6b Sep 21 07:25:06.266442: | 63 2a 5f 61 7c 8a df af d7 70 db 0a c6 d5 b5 bd Sep 21 07:25:06.266444: | 7c a7 ca c3 3d e1 21 14 59 d0 b9 93 de 7a 78 d3 Sep 21 07:25:06.266445: | 91 41 bb bd 09 0c 36 b8 a8 55 f3 56 25 15 80 9b Sep 21 07:25:06.266448: | 20 ce 5e f0 88 58 35 03 e4 a0 3f b2 16 47 1d a5 Sep 21 07:25:06.266450: | ae 0c ea 7f a0 11 0d a5 6d 87 07 17 74 57 c9 41 Sep 21 07:25:06.266452: | 34 13 ef ae 2a 16 30 17 0b 7b 10 f6 5d 17 2d 52 Sep 21 07:25:06.266454: | 90 13 a8 28 56 cd ae 53 2e 34 44 Sep 21 07:25:06.266458: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.266461: | **parse ISAKMP Message: Sep 21 07:25:06.266464: | initiator cookie: Sep 21 07:25:06.266466: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.266469: | responder cookie: Sep 21 07:25:06.266471: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266473: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:06.266475: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.266478: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.266480: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.266483: | Message ID: 1 (0x1) Sep 21 07:25:06.266485: | length: 539 (0x21b) Sep 21 07:25:06.266488: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:06.266490: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:06.266493: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:06.266499: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.266504: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:06.266507: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:06.266509: | #1 is idle Sep 21 07:25:06.266511: | #1 idle Sep 21 07:25:06.266515: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:06.266517: | unpacking clear payload Sep 21 07:25:06.266520: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.266522: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:06.266525: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.266527: | flags: none (0x0) Sep 21 07:25:06.266530: | length: 511 (0x1ff) Sep 21 07:25:06.266532: | fragment number: 3 (0x3) Sep 21 07:25:06.266534: | total fragments: 5 (0x5) Sep 21 07:25:06.266536: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:06.266538: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:06.266541: | received IKE encrypted fragment number '3', total number '5', next payload '0' Sep 21 07:25:06.266546: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.266551: | #1 spent 0.177 milliseconds in ikev2_process_packet() Sep 21 07:25:06.266555: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.266558: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.266560: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.266564: | spent 0.191 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.266675: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.266689: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.266692: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266694: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:06.266696: | 00 04 00 05 12 63 3b 36 50 10 b9 d6 59 69 27 02 Sep 21 07:25:06.266698: | e5 d1 95 75 42 a5 9a 52 90 e4 93 97 28 02 8c 35 Sep 21 07:25:06.266701: | 24 b8 71 68 cb ee d4 71 67 75 fa 81 20 5e 76 e8 Sep 21 07:25:06.266703: | fb 3b 48 32 98 4c 17 23 9d 5b 0a aa 45 2b 80 13 Sep 21 07:25:06.266705: | d0 31 5a d4 d6 81 a1 91 07 f3 34 ac a6 79 5d 42 Sep 21 07:25:06.266707: | 74 c9 49 74 03 47 4e b7 a9 54 d5 48 6c e7 96 21 Sep 21 07:25:06.266709: | 35 83 c4 46 01 04 62 cf b5 42 ba 88 40 3d 6f 0e Sep 21 07:25:06.266711: | 85 ff 3b bf ea 39 3b 4c 11 80 bf 0b 4c 77 2a 93 Sep 21 07:25:06.266714: | c1 1f 07 3d 16 fb 00 49 46 bb e6 a5 2b c5 5a 31 Sep 21 07:25:06.266716: | a1 77 af e6 bd b2 39 e0 26 e1 d2 62 4d 04 c6 ff Sep 21 07:25:06.266718: | d1 52 f0 32 7c 38 8e 6d 52 6d fd a9 16 c8 ba b2 Sep 21 07:25:06.266720: | 70 71 e7 90 85 ed b0 97 94 ec e7 04 cb 2f 37 9b Sep 21 07:25:06.266722: | 59 54 f2 f1 02 c5 20 b8 d9 1e d9 5f 9f 9d c1 b0 Sep 21 07:25:06.266724: | 1e 4d d4 73 1d b3 5e e4 e9 c0 b9 d8 70 d3 d4 ba Sep 21 07:25:06.266726: | 11 ae 4f ad ab 58 83 de c8 a4 1f ee 40 c7 7d 27 Sep 21 07:25:06.266729: | ff 4c 99 13 83 c5 1b 59 c4 e6 2f 86 29 ce 02 f1 Sep 21 07:25:06.266731: | 09 ed 46 cf 97 6f 8b 4b 44 34 57 e1 9d bc c2 65 Sep 21 07:25:06.266733: | 1a 37 1f 34 14 6e 34 f4 98 91 65 71 a5 b3 5d 33 Sep 21 07:25:06.266735: | 65 55 1a da 4a da 13 fa aa 69 bc 34 f1 21 44 ed Sep 21 07:25:06.266737: | 38 78 a7 04 cd bc 6e be 96 92 98 ec c8 7e a5 15 Sep 21 07:25:06.266739: | 45 ec d2 b5 f6 31 fb e5 7b dd a8 51 c5 e2 ac 19 Sep 21 07:25:06.266741: | 43 a3 67 5d a2 67 46 73 2b 61 88 7f 37 3d 3a a7 Sep 21 07:25:06.266743: | 5d 7c 25 60 2a a3 c2 ba ca 73 04 40 4c c2 67 dd Sep 21 07:25:06.266745: | 1b 64 d2 87 de c4 36 ed 74 13 e9 4f b4 21 85 ee Sep 21 07:25:06.266747: | 70 ea ea ce 92 4b 9c 4e 65 92 f6 9c 01 0a 90 a6 Sep 21 07:25:06.266749: | 25 d4 68 ea 9b 85 a0 2e 5b 52 b1 c3 09 92 46 fc Sep 21 07:25:06.266752: | 36 de 25 8d 13 79 2a a6 3b 70 8c d3 10 83 dc 57 Sep 21 07:25:06.266753: | 61 fb ca 89 be 83 be 00 b3 d3 43 91 15 a2 1b 52 Sep 21 07:25:06.266755: | 79 35 46 3f 24 da df 88 43 52 34 f7 c6 37 c9 af Sep 21 07:25:06.266758: | 98 af e6 43 85 c0 55 87 27 4c cc d0 8c 15 36 aa Sep 21 07:25:06.266760: | b4 cd 5f bf f2 61 4d af 79 99 2a 17 76 cb 3d 57 Sep 21 07:25:06.266762: | d9 a4 a6 d8 d1 9a f8 ad 9d 90 06 Sep 21 07:25:06.266766: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.266769: | **parse ISAKMP Message: Sep 21 07:25:06.266772: | initiator cookie: Sep 21 07:25:06.266774: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.266776: | responder cookie: Sep 21 07:25:06.266778: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266781: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:06.266787: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.266792: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.266794: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.266796: | Message ID: 1 (0x1) Sep 21 07:25:06.266798: | length: 539 (0x21b) Sep 21 07:25:06.266801: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:06.266804: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:06.266806: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:06.266812: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.266817: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:06.266823: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:06.266825: | #1 is idle Sep 21 07:25:06.266827: | #1 idle Sep 21 07:25:06.266831: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:06.266834: | unpacking clear payload Sep 21 07:25:06.266836: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.266838: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:06.266841: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.266843: | flags: none (0x0) Sep 21 07:25:06.266846: | length: 511 (0x1ff) Sep 21 07:25:06.266848: | fragment number: 4 (0x4) Sep 21 07:25:06.266851: | total fragments: 5 (0x5) Sep 21 07:25:06.266853: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:06.266856: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:06.266859: | received IKE encrypted fragment number '4', total number '5', next payload '0' Sep 21 07:25:06.266864: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.266869: | #1 spent 0.182 milliseconds in ikev2_process_packet() Sep 21 07:25:06.266873: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.266876: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.266879: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.266882: | spent 0.196 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.266973: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.266983: | *received 394 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.266986: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.266988: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Sep 21 07:25:06.266990: | 00 05 00 05 47 db e9 6f c9 53 50 bc 4f 6f 92 d2 Sep 21 07:25:06.266992: | 88 79 dc be 2a 54 11 06 67 be 78 f9 68 2e 1c cd Sep 21 07:25:06.266993: | f3 30 27 e9 d3 4f a5 ea a8 ee bf 3e db fd 28 35 Sep 21 07:25:06.266995: | 70 3f 86 5a 57 59 6b 00 a7 02 55 6a af 34 fb 4d Sep 21 07:25:06.266997: | 55 48 9e 69 9a 53 33 d6 4e 7d 0e 37 4b c2 a3 4d Sep 21 07:25:06.266999: | 96 41 1f e7 16 a1 bd 20 d4 03 f5 ea 51 1b a7 dc Sep 21 07:25:06.267001: | 58 c0 fe c1 75 6c 0a 82 4d a8 02 cd 93 83 9d 9b Sep 21 07:25:06.267004: | 31 ff e8 cf a8 3b b2 39 3f 22 85 bb 07 74 c5 e5 Sep 21 07:25:06.267005: | 52 79 44 ce d9 92 d3 a3 f3 cf e0 85 46 e2 0d f9 Sep 21 07:25:06.267007: | 74 ec 43 ad fd 9a 4f 23 dc 35 1d f4 51 6a d0 4c Sep 21 07:25:06.267009: | 5a 48 2d 6a 64 da 31 05 f4 c7 54 22 97 fc 82 e0 Sep 21 07:25:06.267011: | 75 3a 4a 68 1c 70 7d b5 8a df bd 0e c2 29 4f e9 Sep 21 07:25:06.267013: | 59 ba 68 78 d1 24 5f 83 66 f7 fc 21 71 99 09 8d Sep 21 07:25:06.267015: | 8f 77 12 c0 d1 a0 87 72 4f 3b 2b bc 5b 42 90 30 Sep 21 07:25:06.267016: | c4 9f 48 5e f1 e1 5e 17 21 4e ad e7 d3 ca 06 ca Sep 21 07:25:06.267018: | d1 79 e4 05 09 6b ea 81 94 0f 7e e8 f8 99 2f 16 Sep 21 07:25:06.267020: | db ed fa ad 44 97 1d 58 f6 92 9f 15 71 d1 3d 5e Sep 21 07:25:06.267022: | c3 b3 be 95 11 35 e4 f1 c5 5a f8 79 f0 98 39 15 Sep 21 07:25:06.267024: | e6 ca f0 3a 89 74 8d ca 70 34 ea b8 71 d9 89 99 Sep 21 07:25:06.267026: | 66 a7 9f 7c 7f dc 07 6f 20 83 17 dd 8e 8f 5e 76 Sep 21 07:25:06.267027: | 16 c4 42 20 c4 88 06 c2 75 01 94 39 dc 81 3c 4d Sep 21 07:25:06.267030: | 4f 61 11 04 f3 1e d3 a8 8e d1 47 08 c7 5a d7 29 Sep 21 07:25:06.267032: | b4 67 41 6c b6 2e 9b b1 b9 bc Sep 21 07:25:06.267036: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.267039: | **parse ISAKMP Message: Sep 21 07:25:06.267041: | initiator cookie: Sep 21 07:25:06.267043: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.267047: | responder cookie: Sep 21 07:25:06.267049: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.267051: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:06.267054: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.267057: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.267059: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.267061: | Message ID: 1 (0x1) Sep 21 07:25:06.267063: | length: 394 (0x18a) Sep 21 07:25:06.267065: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:06.267068: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:06.267070: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:06.267074: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.267078: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:06.267080: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:06.267082: | #1 is idle Sep 21 07:25:06.267084: | #1 idle Sep 21 07:25:06.267088: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:06.267090: | unpacking clear payload Sep 21 07:25:06.267093: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.267095: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:06.267097: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.267099: | flags: none (0x0) Sep 21 07:25:06.267102: | length: 366 (0x16e) Sep 21 07:25:06.267104: | fragment number: 5 (0x5) Sep 21 07:25:06.267106: | total fragments: 5 (0x5) Sep 21 07:25:06.267108: | processing payload: ISAKMP_NEXT_v2SKF (len=358) Sep 21 07:25:06.267110: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:06.267112: | received IKE encrypted fragment number '5', total number '5', next payload '0' Sep 21 07:25:06.267117: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:06.267120: | Now let's proceed with state specific processing Sep 21 07:25:06.267121: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:06.267124: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:25:06.267129: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:06.267132: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:25:06.267135: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:25:06.267138: | libevent_free: release ptr-libevent@0x55f7d3fbf020 Sep 21 07:25:06.267141: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.267144: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.267148: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:06.267151: | libevent_malloc: new ptr-libevent@0x55f7d3fbf020 size 128 Sep 21 07:25:06.267162: | #1 spent 0.0358 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:25:06.267168: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.267170: | crypto helper 3 resuming Sep 21 07:25:06.267185: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:25:06.267191: | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:25:06.268139: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:06.268599: | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001406 seconds Sep 21 07:25:06.268608: | (#1) spent 1.41 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:25:06.268614: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:06.268618: | scheduling resume sending helper answer for #1 Sep 21 07:25:06.268622: | libevent_malloc: new ptr-libevent@0x7f71f0006b90 size 128 Sep 21 07:25:06.268629: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:06.267172: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:06.268797: | suspending state #1 and saving MD Sep 21 07:25:06.268800: | #1 is busy; has a suspended MD Sep 21 07:25:06.268808: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:06.268813: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:06.268820: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.268827: | #1 spent 0.238 milliseconds in ikev2_process_packet() Sep 21 07:25:06.268832: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.268836: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.268839: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.268844: | spent 0.256 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.268854: | processing resume sending helper answer for #1 Sep 21 07:25:06.268860: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:06.268864: | crypto helper 3 replies to request ID 2 Sep 21 07:25:06.268867: | calling continuation function 0x55f7d3b6c630 Sep 21 07:25:06.268871: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:25:06.268874: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:06.268878: | already have all fragments, skipping fragment collection Sep 21 07:25:06.268881: | already have all fragments, skipping fragment collection Sep 21 07:25:06.268904: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:06.268908: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:25:06.268913: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:25:06.268916: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Sep 21 07:25:06.268919: | flags: none (0x0) Sep 21 07:25:06.268922: | length: 193 (0xc1) Sep 21 07:25:06.268925: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:25:06.268932: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Sep 21 07:25:06.268935: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Sep 21 07:25:06.268938: | **parse IKEv2 Certificate Payload: Sep 21 07:25:06.268942: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:25:06.268944: | flags: none (0x0) Sep 21 07:25:06.268947: | length: 1232 (0x4d0) Sep 21 07:25:06.268950: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:06.268953: | processing payload: ISAKMP_NEXT_v2CERT (len=1227) Sep 21 07:25:06.268956: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:06.268959: | **parse IKEv2 Certificate Request Payload: Sep 21 07:25:06.268962: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:06.268965: | flags: none (0x0) Sep 21 07:25:06.268968: | length: 25 (0x19) Sep 21 07:25:06.268971: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:06.268974: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Sep 21 07:25:06.268977: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:06.268980: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:06.268983: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:06.268986: | flags: none (0x0) Sep 21 07:25:06.268988: | length: 191 (0xbf) Sep 21 07:25:06.268991: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:25:06.268994: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Sep 21 07:25:06.269002: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:06.269005: | **parse IKEv2 Authentication Payload: Sep 21 07:25:06.269008: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:06.269011: | flags: none (0x0) Sep 21 07:25:06.269013: | length: 392 (0x188) Sep 21 07:25:06.269016: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:06.269019: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Sep 21 07:25:06.269022: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:06.269025: | **parse IKEv2 Security Association Payload: Sep 21 07:25:06.269028: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:06.269031: | flags: none (0x0) Sep 21 07:25:06.269034: | length: 164 (0xa4) Sep 21 07:25:06.269037: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:25:06.269040: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:06.269043: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:06.269046: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:06.269049: | flags: none (0x0) Sep 21 07:25:06.269051: | length: 24 (0x18) Sep 21 07:25:06.269054: | number of TS: 1 (0x1) Sep 21 07:25:06.269057: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:06.269060: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:06.269063: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:06.269066: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.269069: | flags: none (0x0) Sep 21 07:25:06.269072: | length: 24 (0x18) Sep 21 07:25:06.269074: | number of TS: 1 (0x1) Sep 21 07:25:06.269077: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:06.269080: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:25:06.269083: | Now let's proceed with state specific processing Sep 21 07:25:06.269086: | calling processor Responder: process IKE_AUTH request Sep 21 07:25:06.269093: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Sep 21 07:25:06.269101: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:06.269107: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:25:06.269110: loading root certificate cache Sep 21 07:25:06.272520: | spent 3.11 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:25:06.272570: | spent 0.0306 milliseconds in get_root_certs() filtering CAs Sep 21 07:25:06.272578: | #1 spent 3.19 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:25:06.272582: | checking for known CERT payloads Sep 21 07:25:06.272586: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:25:06.272626: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:06.272634: | #1 spent 0.0498 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:25:06.272640: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:06.272687: | #1 spent 0.0458 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:25:06.272691: | missing or expired CRL Sep 21 07:25:06.272695: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:25:06.272699: | verify_end_cert trying profile IPsec Sep 21 07:25:06.272860: | certificate is valid (profile IPsec) Sep 21 07:25:06.272873: | #1 spent 0.142 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:25:06.272879: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:06.272953: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf5e0 Sep 21 07:25:06.272963: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbf0b0 Sep 21 07:25:06.272966: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55f7d3fbcf00 Sep 21 07:25:06.273109: | unreference key: 0x55f7d3fca0b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:06.273120: | #1 spent 0.233 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:25:06.273124: | #1 spent 3.7 milliseconds in decode_certs() Sep 21 07:25:06.273129: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:25:06.273132: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:25:06.273135: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:25:06.273138: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:25:06.273141: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:25:06.273144: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:25:06.273147: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:25:06.273150: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:25:06.273153: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:25:06.273156: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:25:06.273159: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:25:06.273162: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:25:06.273165: | received IDr payload - extracting our alleged ID Sep 21 07:25:06.273168: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:25:06.273171: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:25:06.273174: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:25:06.273177: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:25:06.273180: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:25:06.273183: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:25:06.273186: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:25:06.273189: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:06.273192: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:25:06.273195: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:25:06.273198: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:06.273201: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:25:06.273220: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:25:06.273228: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:25:06.273232: | X509: CERT and ID matches current connection Sep 21 07:25:06.273234: | CERT_X509_SIGNATURE CR: Sep 21 07:25:06.273237: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:25:06.273240: | 8e eb 22 c0 Sep 21 07:25:06.273243: | cert blob content is not binary ASN.1 Sep 21 07:25:06.273247: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Sep 21 07:25:06.273258: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273269: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273274: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Sep 21 07:25:06.273286: "northnet-eastnets/0x2" #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:25:06.273291: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Sep 21 07:25:06.273295: | The remote specified our ID in its IDr payload Sep 21 07:25:06.273305: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273315: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:25:06.273344: | received CERTREQ payload; going to decode it Sep 21 07:25:06.273348: | CERT_X509_SIGNATURE CR: Sep 21 07:25:06.273351: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:25:06.273354: | 8e eb 22 c0 Sep 21 07:25:06.273357: | cert blob content is not binary ASN.1 Sep 21 07:25:06.273359: | verifying AUTH payload Sep 21 07:25:06.273381: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273400: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:25:06.273410: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273420: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273431: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.273600: | an RSA Sig check passed with *AwEAAbrCE [remote certificates] Sep 21 07:25:06.273607: | #1 spent 0.17 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:06.273610: "northnet-eastnets/0x2" #1: Authenticated using RSA Sep 21 07:25:06.273615: | #1 spent 0.25 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:06.273620: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:25:06.273625: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:06.273629: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:06.273635: | libevent_free: release ptr-libevent@0x55f7d3fbf020 Sep 21 07:25:06.273639: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.273642: | event_schedule: new EVENT_SA_REKEY-pe@0x55f7d3fd5180 Sep 21 07:25:06.273646: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:25:06.273650: | libevent_malloc: new ptr-libevent@0x55f7d3fbf020 size 128 Sep 21 07:25:06.274250: | pstats #1 ikev2.ike established Sep 21 07:25:06.274262: | **emit ISAKMP Message: Sep 21 07:25:06.274265: | initiator cookie: Sep 21 07:25:06.274268: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.274271: | responder cookie: Sep 21 07:25:06.274273: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.274276: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.274280: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.274287: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.274293: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.274299: | Message ID: 1 (0x1) Sep 21 07:25:06.274302: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.274306: | IKEv2 CERT: send a certificate? Sep 21 07:25:06.274308: | IKEv2 CERT: OK to send a certificate (always) Sep 21 07:25:06.274311: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:06.274314: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.274318: | flags: none (0x0) Sep 21 07:25:06.274325: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:06.274328: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.274332: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:06.274345: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:06.274364: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:06.274368: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.274370: | flags: none (0x0) Sep 21 07:25:06.274373: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:25:06.274376: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:06.274378: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.274381: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:25:06.274384: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:25:06.274386: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:25:06.274388: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:25:06.274390: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:25:06.274392: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:25:06.274395: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:25:06.274397: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:25:06.274399: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:06.274401: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:25:06.274403: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:25:06.274405: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:25:06.274407: | my identity 77 61 6e 2e 6f 72 67 Sep 21 07:25:06.274410: | emitting length of IKEv2 Identification - Responder - Payload: 191 Sep 21 07:25:06.274418: | assembled IDr payload Sep 21 07:25:06.274422: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:25:06.274425: | ****emit IKEv2 Certificate Payload: Sep 21 07:25:06.274427: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.274430: | flags: none (0x0) Sep 21 07:25:06.274432: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:06.274435: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Sep 21 07:25:06.274438: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.274441: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Sep 21 07:25:06.274443: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Sep 21 07:25:06.274446: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:25:06.274448: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:25:06.274450: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:25:06.274452: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:25:06.274454: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:25:06.274459: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:25:06.274461: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:25:06.274463: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:25:06.274465: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:25:06.274467: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:25:06.274469: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:25:06.274472: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:25:06.274474: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:25:06.274476: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:25:06.274478: | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:25:06.274480: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:25:06.274482: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:25:06.274484: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:25:06.274487: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:25:06.274489: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:25:06.274491: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Sep 21 07:25:06.274493: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:25:06.274495: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Sep 21 07:25:06.274497: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Sep 21 07:25:06.274500: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:25:06.274502: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Sep 21 07:25:06.274504: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Sep 21 07:25:06.274506: | CERT 00 30 82 01 8a 02 82 01 81 00 b0 0d 9e ca 2d 55 Sep 21 07:25:06.274508: | CERT 24 59 06 37 09 58 0d 06 ab 90 5e 98 7c 00 0b 66 Sep 21 07:25:06.274511: | CERT 73 f4 12 27 69 75 6e d4 8d 13 e9 c6 e9 4f c4 b1 Sep 21 07:25:06.274513: | CERT 19 1a 1a 4f e6 4e 06 da 29 ec cf 8d 4c c3 c3 57 Sep 21 07:25:06.274515: | CERT c0 24 57 83 7a 1b 7f 96 a3 21 66 67 52 68 8e 77 Sep 21 07:25:06.274517: | CERT b9 bb f6 9b d2 43 11 57 c9 d6 ca e2 39 73 93 ea Sep 21 07:25:06.274519: | CERT 99 99 f7 52 38 4d 58 69 7f a5 18 9b ff 66 72 6c Sep 21 07:25:06.274521: | CERT df 6d df 18 50 cf 10 98 a3 f5 f9 69 27 5b 3f bd Sep 21 07:25:06.274524: | CERT 0f 34 18 93 99 1a be 8a 46 84 37 69 71 7f a7 df Sep 21 07:25:06.274526: | CERT d0 9d b2 9d ad 80 0f d0 1a 40 cb ff 37 20 ac ac Sep 21 07:25:06.274528: | CERT 3d a9 8e 56 56 cf 25 c0 5e 55 52 86 5a c5 b4 ce Sep 21 07:25:06.274530: | CERT a8 dd 95 cf ab 38 91 f6 1f 9f 83 36 d5 3f 8c d3 Sep 21 07:25:06.274532: | CERT 1d f5 3f 23 3c d2 5c 87 23 bc 6a 67 f7 00 c3 96 Sep 21 07:25:06.274534: | CERT 3f 76 5c b9 8e 6f 2b 16 90 2c 00 c0 05 a0 e2 8d Sep 21 07:25:06.274537: | CERT 57 d5 76 34 7f 6f be e8 48 79 08 91 a8 17 72 1f Sep 21 07:25:06.274539: | CERT c0 1c 8a 52 a8 18 aa 32 3c 9a e4 d9 90 58 25 5e Sep 21 07:25:06.274541: | CERT 4c 49 8e cb 7a 33 19 d2 87 1a 2a 8e b5 04 f7 f9 Sep 21 07:25:06.274543: | CERT cd 80 8c 59 ae 34 61 c5 1d de 53 65 fe 4f f3 f4 Sep 21 07:25:06.274545: | CERT 09 f2 b4 21 7a 2b eb 1f 4a f2 5f 85 3a f0 f8 2b Sep 21 07:25:06.274547: | CERT 3b 42 5b da 89 c1 ef b2 81 18 2a 4b 57 a2 ca 63 Sep 21 07:25:06.274549: | CERT 8b a7 60 8e 54 95 c3 20 5c e5 53 f0 4a 57 df 41 Sep 21 07:25:06.274551: | CERT fa 06 e6 ab 4e 0b 46 49 14 0d db b0 dc 10 2e 6d Sep 21 07:25:06.274554: | CERT 5f 52 cb 75 36 1b e2 1d 9d 77 0f 73 9d 0a 64 07 Sep 21 07:25:06.274556: | CERT 84 f4 0e 0a 98 97 58 c4 40 f6 1b ac a3 be 21 aa Sep 21 07:25:06.274558: | CERT 67 3a 2b b1 0e b7 9a 36 ff 67 02 03 01 00 01 a3 Sep 21 07:25:06.274561: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Sep 21 07:25:06.274563: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Sep 21 07:25:06.274567: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:25:06.274570: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Sep 21 07:25:06.274572: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:25:06.274575: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Sep 21 07:25:06.274577: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Sep 21 07:25:06.274579: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Sep 21 07:25:06.274582: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Sep 21 07:25:06.274584: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Sep 21 07:25:06.274587: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:25:06.274589: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:25:06.274592: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Sep 21 07:25:06.274594: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Sep 21 07:25:06.274597: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:25:06.274599: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Sep 21 07:25:06.274602: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Sep 21 07:25:06.274604: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 bf 3c 12 c5 Sep 21 07:25:06.274607: | CERT 00 3e 71 2a 2b 2b 60 83 b9 b9 f2 4d b1 ca 0e fd Sep 21 07:25:06.274609: | CERT b4 e0 0b 6a ad 54 d7 c9 98 57 e0 5c 26 4d bf 11 Sep 21 07:25:06.274612: | CERT 23 20 79 05 b6 1b 9b 09 ed 4f 2e fd 7e da 55 53 Sep 21 07:25:06.274617: | CERT b6 8c 88 fa f3 9b ce ec ef 95 37 11 70 ce 1c 98 Sep 21 07:25:06.274621: | CERT d3 d5 cf f6 30 71 44 78 fb 45 03 69 50 d5 a5 c3 Sep 21 07:25:06.274624: | CERT de 00 4c f7 0a 7d 00 cb 3a ab 11 74 6b 57 67 4d Sep 21 07:25:06.274627: | CERT e7 c0 3a 97 98 44 e2 15 9d f2 6f 1b c7 b1 15 d0 Sep 21 07:25:06.274630: | CERT 88 c4 dc 32 b7 72 1d 9c ac 1b 37 63 Sep 21 07:25:06.274633: | emitting length of IKEv2 Certificate Payload: 1265 Sep 21 07:25:06.274636: | CHILD SA proposals received Sep 21 07:25:06.274639: | going to assemble AUTH payload Sep 21 07:25:06.274642: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:06.274646: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:06.274648: | flags: none (0x0) Sep 21 07:25:06.274652: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:06.274656: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:25:06.274660: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:06.274664: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.274685: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Sep 21 07:25:06.274771: | searching for certificate PKK_RSA:AwEAAbANn vs PKK_RSA:AwEAAbANn Sep 21 07:25:06.295898: | #1 spent 9.71 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:06.295918: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:06.295922: | rsa signature 56 b9 1a 24 f2 64 52 3f 4c 8b b9 33 f8 60 d5 ca Sep 21 07:25:06.295925: | rsa signature 0e 68 fe db e5 14 5b 9c ed 84 a9 b9 14 b1 69 16 Sep 21 07:25:06.295928: | rsa signature e6 26 a2 0c 18 26 cf e0 1c f8 06 49 d7 8e 36 19 Sep 21 07:25:06.295931: | rsa signature a7 83 fa 90 a5 29 59 da 1f 06 97 b8 39 24 ab 00 Sep 21 07:25:06.295934: | rsa signature d0 7e 8e 3f 70 e3 bb 87 3b 28 ad b0 32 6c 50 b6 Sep 21 07:25:06.295937: | rsa signature b3 6f d3 ab 7e 78 10 3d 8d 00 d6 30 02 a5 66 10 Sep 21 07:25:06.295940: | rsa signature 85 f6 a8 9d e8 9c 08 96 b3 7b ad 07 64 64 88 d4 Sep 21 07:25:06.295947: | rsa signature bd d1 94 4b 99 f8 77 12 bb 64 5f 42 f8 a7 1d 85 Sep 21 07:25:06.295950: | rsa signature c5 49 df 87 34 da 72 34 61 41 b1 a3 98 26 21 b6 Sep 21 07:25:06.295953: | rsa signature 1f 0c 60 1b ba 41 43 78 30 aa 61 d3 bd b5 95 da Sep 21 07:25:06.295957: | rsa signature c4 f9 d6 54 64 99 a6 92 91 e9 00 c1 06 1a 58 59 Sep 21 07:25:06.295960: | rsa signature a4 1b df 85 ab f9 21 70 23 01 e8 67 be 53 40 34 Sep 21 07:25:06.295963: | rsa signature f6 7b 2e cb b0 71 0f bd 00 02 9a c2 32 75 eb 30 Sep 21 07:25:06.295966: | rsa signature 8e fd 46 ae 03 cc 59 0b fb 2b 10 c8 0a 7f dc 58 Sep 21 07:25:06.295969: | rsa signature 62 5a 5a ed 8f d7 db 10 09 99 67 cb a1 4c 70 1b Sep 21 07:25:06.295972: | rsa signature d4 cd 4d dc 10 58 c9 62 ca 87 b9 be 11 98 b8 9d Sep 21 07:25:06.295975: | rsa signature 0d 87 ba 63 af c1 b9 b8 21 79 a8 11 79 9c ad bf Sep 21 07:25:06.295977: | rsa signature bc 4e a2 aa ae 51 53 4e c1 7c d7 e8 ee f4 0a a0 Sep 21 07:25:06.295980: | rsa signature 89 c8 d2 94 5c 46 7f f4 ca 46 66 08 31 c8 5e fa Sep 21 07:25:06.295983: | rsa signature a0 c6 f1 c9 68 45 82 bc 90 95 49 c0 39 2d c0 9e Sep 21 07:25:06.295986: | rsa signature 45 c4 44 e9 09 bf 23 3c 3d 75 7b 50 9d f5 74 ba Sep 21 07:25:06.295989: | rsa signature 3a 8e 11 aa fa 28 64 62 98 90 79 1e 0b bc 4c 5e Sep 21 07:25:06.295992: | rsa signature 40 b1 04 0a 88 66 e0 46 18 d1 3e 7b 06 9b 09 35 Sep 21 07:25:06.295995: | rsa signature 7b b0 8a 51 f7 b6 60 b7 1c 1d 36 3a 3e 35 c6 1f Sep 21 07:25:06.296000: | #1 spent 9.94 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:06.296004: | emitting length of IKEv2 Authentication Payload: 392 Sep 21 07:25:06.296010: | creating state object #2 at 0x55f7d3fd7a70 Sep 21 07:25:06.296014: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:06.296019: | pstats #2 ikev2.child started Sep 21 07:25:06.296030: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:25:06.296038: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:06.296047: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:06.296054: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:06.296060: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:06.296063: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:25:06.296066: | TSi: parsing 1 traffic selectors Sep 21 07:25:06.296070: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:06.296074: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.296077: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.296080: | length: 16 (0x10) Sep 21 07:25:06.296082: | start port: 0 (0x0) Sep 21 07:25:06.296085: | end port: 65535 (0xffff) Sep 21 07:25:06.296089: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:06.296091: | TS low c0 00 03 00 Sep 21 07:25:06.296095: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:06.296097: | TS high c0 00 03 ff Sep 21 07:25:06.296100: | TSi: parsed 1 traffic selectors Sep 21 07:25:06.296103: | TSr: parsing 1 traffic selectors Sep 21 07:25:06.296106: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:06.296109: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.296112: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.296114: | length: 16 (0x10) Sep 21 07:25:06.296117: | start port: 0 (0x0) Sep 21 07:25:06.296120: | end port: 65535 (0xffff) Sep 21 07:25:06.296123: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:06.296125: | TS low c0 00 02 00 Sep 21 07:25:06.296130: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:06.296133: | TS high c0 00 02 ff Sep 21 07:25:06.296136: | TSr: parsed 1 traffic selectors Sep 21 07:25:06.296138: | looking for best SPD in current connection Sep 21 07:25:06.296146: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:06.296153: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.296161: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:06.296165: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:06.296168: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:06.296171: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:06.296175: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.296181: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.296188: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:25:06.296190: | looking for better host pair Sep 21 07:25:06.296196: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:06.296202: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Sep 21 07:25:06.296206: | investigating connection "northnet-eastnets/0x2" as a better match Sep 21 07:25:06.296220: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.296231: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.296233: | results matched Sep 21 07:25:06.296244: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.296261: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.296268: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:06.296273: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.296281: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:06.296284: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:06.296287: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:06.296291: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:06.296294: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.296300: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.296306: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:25:06.296310: | investigating connection "northnet-eastnets/0x1" as a better match Sep 21 07:25:06.296321: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.296331: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.296334: | results matched Sep 21 07:25:06.296344: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.296354: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.296361: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:06.296366: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.296375: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:06.296378: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:06.296381: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:06.296384: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:06.296388: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.296393: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.296400: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:06.296404: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:06.296407: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:06.296410: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:06.296413: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.296416: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:06.296420: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Sep 21 07:25:06.296423: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:06.296426: | printing contents struct traffic_selector Sep 21 07:25:06.296429: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:06.296432: | ipprotoid: 0 Sep 21 07:25:06.296434: | port range: 0-65535 Sep 21 07:25:06.296439: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:06.296442: | printing contents struct traffic_selector Sep 21 07:25:06.296444: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:06.296447: | ipprotoid: 0 Sep 21 07:25:06.296449: | port range: 0-65535 Sep 21 07:25:06.296454: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:06.296459: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:25:06.296465: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:06.296472: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:06.296476: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:06.296481: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:06.296485: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:06.296491: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:06.296494: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:06.296500: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:06.296510: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:06.296515: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:25:06.296519: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:06.296522: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:06.296525: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:06.296528: | local proposal 1 type DH has 1 transforms Sep 21 07:25:06.296531: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:06.296535: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:06.296538: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:06.296541: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:06.296544: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:06.296549: | local proposal 2 type DH has 1 transforms Sep 21 07:25:06.296552: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:06.296556: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:06.296559: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:06.296562: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:06.296565: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:06.296568: | local proposal 3 type DH has 1 transforms Sep 21 07:25:06.296571: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:06.296574: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:06.296577: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:06.296580: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:06.296583: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:06.296586: | local proposal 4 type DH has 1 transforms Sep 21 07:25:06.297384: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:06.297390: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:06.297394: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.297398: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.297401: | length: 32 (0x20) Sep 21 07:25:06.297404: | prop #: 1 (0x1) Sep 21 07:25:06.297407: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.297409: | spi size: 4 (0x4) Sep 21 07:25:06.297412: | # transforms: 2 (0x2) Sep 21 07:25:06.297416: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.297419: | remote SPI 9f 90 04 e2 Sep 21 07:25:06.297423: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:06.297427: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.297430: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.297433: | length: 12 (0xc) Sep 21 07:25:06.297436: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.297439: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.297442: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.297445: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.297448: | length/value: 256 (0x100) Sep 21 07:25:06.297454: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:06.297457: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.297467: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.297470: | length: 8 (0x8) Sep 21 07:25:06.297473: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.297476: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.297480: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:06.297485: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:25:06.297489: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:25:06.297493: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:25:06.297498: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:06.297504: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:06.297507: | remote proposal 1 matches local proposal 1 Sep 21 07:25:06.297510: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.297513: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.297516: | length: 32 (0x20) Sep 21 07:25:06.297519: | prop #: 2 (0x2) Sep 21 07:25:06.297522: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.297524: | spi size: 4 (0x4) Sep 21 07:25:06.297527: | # transforms: 2 (0x2) Sep 21 07:25:06.297531: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.297536: | remote SPI 9f 90 04 e2 Sep 21 07:25:06.297540: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.297543: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.297546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.297549: | length: 12 (0xc) Sep 21 07:25:06.297552: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.297555: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.297558: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.297561: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.297564: | length/value: 128 (0x80) Sep 21 07:25:06.297568: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.297571: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.298796: | length: 8 (0x8) Sep 21 07:25:06.298808: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.298811: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.298817: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:25:06.298821: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:25:06.298825: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.298828: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.298831: | length: 48 (0x30) Sep 21 07:25:06.298834: | prop #: 3 (0x3) Sep 21 07:25:06.298837: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.298840: | spi size: 4 (0x4) Sep 21 07:25:06.298842: | # transforms: 4 (0x4) Sep 21 07:25:06.298847: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.298849: | remote SPI 9f 90 04 e2 Sep 21 07:25:06.298853: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.298857: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.298860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.298863: | length: 12 (0xc) Sep 21 07:25:06.298866: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.298869: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:06.298872: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.298875: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.298878: | length/value: 256 (0x100) Sep 21 07:25:06.298882: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.298885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.298887: | length: 8 (0x8) Sep 21 07:25:06.298890: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.298893: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:06.298897: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.298900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.298903: | length: 8 (0x8) Sep 21 07:25:06.298906: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.298909: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:06.298912: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.298915: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.298918: | length: 8 (0x8) Sep 21 07:25:06.298921: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.298924: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.298929: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:06.298933: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:06.298936: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.298939: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:06.298941: | length: 48 (0x30) Sep 21 07:25:06.298944: | prop #: 4 (0x4) Sep 21 07:25:06.298947: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.298950: | spi size: 4 (0x4) Sep 21 07:25:06.298952: | # transforms: 4 (0x4) Sep 21 07:25:06.298961: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.298964: | remote SPI 9f 90 04 e2 Sep 21 07:25:06.298968: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.298971: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.298974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.298977: | length: 12 (0xc) Sep 21 07:25:06.298980: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.298983: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:06.298986: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.298989: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.298991: | length/value: 128 (0x80) Sep 21 07:25:06.298995: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.298998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.299001: | length: 8 (0x8) Sep 21 07:25:06.299004: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.299007: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:06.299010: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.299013: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.299016: | length: 8 (0x8) Sep 21 07:25:06.299019: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.299022: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:06.299025: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.299028: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.299031: | length: 8 (0x8) Sep 21 07:25:06.299034: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.299037: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.299042: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:06.299045: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:06.299053: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=9f9004e2;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:25:06.299060: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=9f9004e2;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:06.299063: | converting proposal to internal trans attrs Sep 21 07:25:06.299089: | netlink_get_spi: allocated 0x9460eb3c for esp.0@192.1.2.23 Sep 21 07:25:06.299093: | Emitting ikev2_proposal ... Sep 21 07:25:06.299096: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:06.299099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.299102: | flags: none (0x0) Sep 21 07:25:06.299108: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:06.299112: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.299115: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.299118: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:06.299121: | prop #: 1 (0x1) Sep 21 07:25:06.299124: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.299127: | spi size: 4 (0x4) Sep 21 07:25:06.299129: | # transforms: 2 (0x2) Sep 21 07:25:06.299133: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:06.299137: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:06.299140: | our spi 94 60 eb 3c Sep 21 07:25:06.299143: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.299146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.299151: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.299154: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.299158: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.299162: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.299165: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.299168: | length/value: 256 (0x100) Sep 21 07:25:06.299171: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:06.299174: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.299177: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.299180: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.299183: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.299187: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.299191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.299195: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:06.299198: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:06.299202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:06.299205: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:25:06.299209: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:06.299213: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:06.299216: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.299219: | flags: none (0x0) Sep 21 07:25:06.299221: | number of TS: 1 (0x1) Sep 21 07:25:06.299226: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:06.299230: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.299233: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:06.299236: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.299239: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.299242: | start port: 0 (0x0) Sep 21 07:25:06.299245: | end port: 65535 (0xffff) Sep 21 07:25:06.299249: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:06.299251: | IP start c0 00 03 00 Sep 21 07:25:06.299254: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:06.299257: | IP end c0 00 03 ff Sep 21 07:25:06.299260: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:06.299263: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:06.299266: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:06.299269: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.299272: | flags: none (0x0) Sep 21 07:25:06.299275: | number of TS: 1 (0x1) Sep 21 07:25:06.299280: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:06.299283: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.299286: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:06.299289: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.299292: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.299295: | start port: 0 (0x0) Sep 21 07:25:06.299298: | end port: 65535 (0xffff) Sep 21 07:25:06.299301: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:06.299304: | IP start c0 00 02 00 Sep 21 07:25:06.299311: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:06.299314: | IP end c0 00 02 ff Sep 21 07:25:06.299317: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:06.299320: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:06.299324: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:06.299328: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:06.299518: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:25:06.299528: | #1 spent 1.51 milliseconds Sep 21 07:25:06.299531: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:06.299535: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:25:06.299538: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:06.299542: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.299545: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:06.299548: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.299552: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:06.299559: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:06.299564: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:06.299568: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:06.299571: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:06.299574: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:06.299579: | setting IPsec SA replay-window to 32 Sep 21 07:25:06.299582: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:25:06.299586: | netlink: enabling tunnel mode Sep 21 07:25:06.299589: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:06.299592: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:06.299869: | netlink response for Add SA esp.9f9004e2@192.1.3.33 included non-error error Sep 21 07:25:06.299879: | set up outgoing SA, ref=0/0 Sep 21 07:25:06.299884: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:06.299887: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:06.299891: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:06.299894: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:06.299898: | setting IPsec SA replay-window to 32 Sep 21 07:25:06.299902: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:25:06.299905: | netlink: enabling tunnel mode Sep 21 07:25:06.299909: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:06.299912: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:06.300079: | netlink response for Add SA esp.9460eb3c@192.1.2.23 included non-error error Sep 21 07:25:06.300086: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:06.300095: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:06.300099: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:06.300351: | raw_eroute result=success Sep 21 07:25:06.300357: | set up incoming SA, ref=0/0 Sep 21 07:25:06.300360: | sr for #2: unrouted Sep 21 07:25:06.300363: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:06.300367: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:06.300370: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.300374: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:06.300377: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.300381: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:06.300385: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:06.300392: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:06.300397: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:06.300406: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:25:06.300409: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:06.300529: | raw_eroute result=success Sep 21 07:25:06.300535: | running updown command "ipsec _updown" for verb up Sep 21 07:25:06.300539: | command executing up-client Sep 21 07:25:06.300581: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.300592: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.300622: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:25:06.300625: | popen cmd is 1403 chars long Sep 21 07:25:06.300629: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:25:06.300633: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:25:06.300636: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:25:06.300640: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:25:06.300643: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Sep 21 07:25:06.300647: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Sep 21 07:25:06.300651: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Sep 21 07:25:06.300654: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Sep 21 07:25:06.300658: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Sep 21 07:25:06.300661: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:25:06.300664: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:06.300668: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:25:06.300671: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TR: Sep 21 07:25:06.300675: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:25:06.300678: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:25:06.300682: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:25:06.300685: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f9: Sep 21 07:25:06.300688: | cmd(1360):004e2 SPI_OUT=0x9460eb3c ipsec _updown 2>&1: Sep 21 07:25:06.344656: | route_and_eroute: firewall_notified: true Sep 21 07:25:06.344669: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:06.344674: | command executing prepare-client Sep 21 07:25:06.344713: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.344723: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.344745: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Sep 21 07:25:06.344750: | popen cmd is 1408 chars long Sep 21 07:25:06.344753: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:06.344756: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Sep 21 07:25:06.344758: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:06.344761: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:25:06.344764: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:25:06.344766: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:25:06.344769: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:25:06.344771: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Sep 21 07:25:06.344774: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Sep 21 07:25:06.344776: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:25:06.344779: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:25:06.344782: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:25:06.344790: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAR: Sep 21 07:25:06.344793: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:25:06.344795: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:25:06.344797: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:25:06.344800: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:25:06.344802: | cmd(1360):0x9f9004e2 SPI_OUT=0x9460eb3c ipsec _updown 2>&1: Sep 21 07:25:06.363338: | running updown command "ipsec _updown" for verb route Sep 21 07:25:06.363356: | command executing route-client Sep 21 07:25:06.363399: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.363413: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.363437: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Sep 21 07:25:06.363440: | popen cmd is 1406 chars long Sep 21 07:25:06.363444: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:25:06.363447: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Sep 21 07:25:06.363449: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Sep 21 07:25:06.363452: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Sep 21 07:25:06.363455: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Sep 21 07:25:06.363458: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Sep 21 07:25:06.363461: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Sep 21 07:25:06.363463: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Sep 21 07:25:06.363466: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Sep 21 07:25:06.363469: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:25:06.363472: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Sep 21 07:25:06.363474: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Sep 21 07:25:06.363477: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF: Sep 21 07:25:06.363480: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:25:06.363483: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:25:06.363485: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:25:06.363488: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:25:06.363491: | cmd(1360):9f9004e2 SPI_OUT=0x9460eb3c ipsec _updown 2>&1: Sep 21 07:25:06.507116: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55f7d3fbd580,sr=0x55f7d3fbd580} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:06.507461: | #1 spent 1.22 milliseconds in install_ipsec_sa() Sep 21 07:25:06.507471: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:06.507475: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.507479: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:06.507482: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:06.507488: | emitting length of IKEv2 Encryption Payload: 1961 Sep 21 07:25:06.507493: | emitting length of ISAKMP Message: 1989 Sep 21 07:25:06.507498: | **parse ISAKMP Message: Sep 21 07:25:06.507501: | initiator cookie: Sep 21 07:25:06.507503: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.507505: | responder cookie: Sep 21 07:25:06.507506: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.507509: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:06.507512: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.507514: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.507517: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.507519: | Message ID: 1 (0x1) Sep 21 07:25:06.507521: | length: 1989 (0x7c5) Sep 21 07:25:06.507524: | **parse IKEv2 Encryption Payload: Sep 21 07:25:06.507526: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:06.507529: | flags: none (0x0) Sep 21 07:25:06.507531: | length: 1961 (0x7a9) Sep 21 07:25:06.507534: | **emit ISAKMP Message: Sep 21 07:25:06.507536: | initiator cookie: Sep 21 07:25:06.507538: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.507540: | responder cookie: Sep 21 07:25:06.507542: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.507545: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.507547: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.507550: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.507552: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.507555: | Message ID: 1 (0x1) Sep 21 07:25:06.507558: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.507561: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:06.507564: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:06.507566: | flags: none (0x0) Sep 21 07:25:06.507568: | fragment number: 1 (0x1) Sep 21 07:25:06.507571: | total fragments: 5 (0x5) Sep 21 07:25:06.507574: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Sep 21 07:25:06.507577: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.507580: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:06.507583: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:06.507594: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:06.507596: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Sep 21 07:25:06.507599: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:25:06.507601: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:25:06.507604: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:25:06.507606: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:25:06.507609: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:25:06.507611: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:25:06.507613: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:25:06.507616: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:25:06.507618: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:25:06.507621: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:25:06.507623: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Sep 21 07:25:06.507625: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Sep 21 07:25:06.507628: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Sep 21 07:25:06.507630: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Sep 21 07:25:06.507632: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Sep 21 07:25:06.507636: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Sep 21 07:25:06.507639: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Sep 21 07:25:06.507641: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Sep 21 07:25:06.507643: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Sep 21 07:25:06.507646: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Sep 21 07:25:06.507648: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Sep 21 07:25:06.507651: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Sep 21 07:25:06.507653: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Sep 21 07:25:06.507655: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Sep 21 07:25:06.507658: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 Sep 21 07:25:06.507660: | cleartext fragment 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 Sep 21 07:25:06.507663: | cleartext fragment 39 34 34 35 39 5a 30 81 b4 31 0b 30 09 06 03 55 Sep 21 07:25:06.507665: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Sep 21 07:25:06.507667: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:25:06.507670: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.507673: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:06.507676: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:06.507679: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:06.507681: | emitting length of ISAKMP Message: 539 Sep 21 07:25:06.507699: | **emit ISAKMP Message: Sep 21 07:25:06.507702: | initiator cookie: Sep 21 07:25:06.507704: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.507707: | responder cookie: Sep 21 07:25:06.507709: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.507711: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.507714: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.507717: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.507719: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.507721: | Message ID: 1 (0x1) Sep 21 07:25:06.507724: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.507727: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:06.507730: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.507732: | flags: none (0x0) Sep 21 07:25:06.507734: | fragment number: 2 (0x2) Sep 21 07:25:06.507737: | total fragments: 5 (0x5) Sep 21 07:25:06.507740: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:06.507743: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.507746: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:06.507749: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:06.507752: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:06.507755: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:25:06.507758: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:25:06.507760: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:25:06.507762: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:25:06.507765: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:25:06.507767: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:25:06.507770: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:25:06.507773: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:25:06.507776: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Sep 21 07:25:06.507778: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Sep 21 07:25:06.507780: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Sep 21 07:25:06.507782: | cleartext fragment b0 0d 9e ca 2d 55 24 59 06 37 09 58 0d 06 ab 90 Sep 21 07:25:06.507799: | cleartext fragment 5e 98 7c 00 0b 66 73 f4 12 27 69 75 6e d4 8d 13 Sep 21 07:25:06.507802: | cleartext fragment e9 c6 e9 4f c4 b1 19 1a 1a 4f e6 4e 06 da 29 ec Sep 21 07:25:06.507804: | cleartext fragment cf 8d 4c c3 c3 57 c0 24 57 83 7a 1b 7f 96 a3 21 Sep 21 07:25:06.507806: | cleartext fragment 66 67 52 68 8e 77 b9 bb f6 9b d2 43 11 57 c9 d6 Sep 21 07:25:06.507809: | cleartext fragment ca e2 39 73 93 ea 99 99 f7 52 38 4d 58 69 7f a5 Sep 21 07:25:06.507811: | cleartext fragment 18 9b ff 66 72 6c df 6d df 18 50 cf 10 98 a3 f5 Sep 21 07:25:06.507813: | cleartext fragment f9 69 27 5b 3f bd 0f 34 18 93 99 1a be 8a 46 84 Sep 21 07:25:06.507815: | cleartext fragment 37 69 71 7f a7 df d0 9d b2 9d ad 80 0f d0 1a 40 Sep 21 07:25:06.507818: | cleartext fragment cb ff 37 20 ac ac 3d a9 8e 56 56 cf 25 c0 5e 55 Sep 21 07:25:06.507820: | cleartext fragment 52 86 5a c5 b4 ce a8 dd 95 cf ab 38 91 f6 1f 9f Sep 21 07:25:06.507822: | cleartext fragment 83 36 d5 3f 8c d3 1d f5 3f 23 3c d2 5c 87 23 bc Sep 21 07:25:06.507824: | cleartext fragment 6a 67 f7 00 c3 96 3f 76 5c b9 8e 6f 2b 16 90 2c Sep 21 07:25:06.507827: | cleartext fragment 00 c0 05 a0 e2 8d 57 d5 76 34 7f 6f be e8 48 79 Sep 21 07:25:06.507829: | cleartext fragment 08 91 a8 17 72 1f c0 1c 8a 52 a8 18 aa 32 3c 9a Sep 21 07:25:06.507831: | cleartext fragment e4 d9 90 58 25 5e 4c 49 8e cb 7a 33 19 d2 87 1a Sep 21 07:25:06.507834: | cleartext fragment 2a 8e b5 04 f7 f9 cd 80 8c 59 ae 34 61 c5 1d de Sep 21 07:25:06.507836: | cleartext fragment 53 65 fe 4f f3 f4 09 f2 b4 21 7a 2b eb 1f 4a f2 Sep 21 07:25:06.507838: | cleartext fragment 5f 85 3a f0 f8 2b 3b 42 5b da 89 c1 ef b2 Sep 21 07:25:06.507841: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.507844: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:06.507846: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:06.507849: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:06.507851: | emitting length of ISAKMP Message: 539 Sep 21 07:25:06.507859: | **emit ISAKMP Message: Sep 21 07:25:06.507862: | initiator cookie: Sep 21 07:25:06.507864: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.507867: | responder cookie: Sep 21 07:25:06.507869: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.507872: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.507874: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.507876: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.507879: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.507881: | Message ID: 1 (0x1) Sep 21 07:25:06.507884: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.507887: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:06.507889: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.507892: | flags: none (0x0) Sep 21 07:25:06.507894: | fragment number: 3 (0x3) Sep 21 07:25:06.507896: | total fragments: 5 (0x5) Sep 21 07:25:06.507899: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:06.507902: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.507904: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:06.507909: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:06.507913: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:06.507916: | cleartext fragment 81 18 2a 4b 57 a2 ca 63 8b a7 60 8e 54 95 c3 20 Sep 21 07:25:06.507918: | cleartext fragment 5c e5 53 f0 4a 57 df 41 fa 06 e6 ab 4e 0b 46 49 Sep 21 07:25:06.507921: | cleartext fragment 14 0d db b0 dc 10 2e 6d 5f 52 cb 75 36 1b e2 1d Sep 21 07:25:06.507923: | cleartext fragment 9d 77 0f 73 9d 0a 64 07 84 f4 0e 0a 98 97 58 c4 Sep 21 07:25:06.507925: | cleartext fragment 40 f6 1b ac a3 be 21 aa 67 3a 2b b1 0e b7 9a 36 Sep 21 07:25:06.507928: | cleartext fragment ff 67 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Sep 21 07:25:06.507930: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Sep 21 07:25:06.507932: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Sep 21 07:25:06.507935: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Sep 21 07:25:06.507937: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Sep 21 07:25:06.507939: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Sep 21 07:25:06.507941: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Sep 21 07:25:06.507944: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Sep 21 07:25:06.507946: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Sep 21 07:25:06.507948: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Sep 21 07:25:06.507951: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Sep 21 07:25:06.507953: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:25:06.507955: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Sep 21 07:25:06.507958: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Sep 21 07:25:06.507960: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:25:06.507962: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:25:06.507964: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Sep 21 07:25:06.507967: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Sep 21 07:25:06.507969: | cleartext fragment 03 81 81 00 bf 3c 12 c5 00 3e 71 2a 2b 2b 60 83 Sep 21 07:25:06.507971: | cleartext fragment b9 b9 f2 4d b1 ca 0e fd b4 e0 0b 6a ad 54 d7 c9 Sep 21 07:25:06.507974: | cleartext fragment 98 57 e0 5c 26 4d bf 11 23 20 79 05 b6 1b 9b 09 Sep 21 07:25:06.507976: | cleartext fragment ed 4f 2e fd 7e da 55 53 b6 8c 88 fa f3 9b ce ec Sep 21 07:25:06.507979: | cleartext fragment ef 95 37 11 70 ce 1c 98 d3 d5 cf f6 30 71 44 78 Sep 21 07:25:06.507981: | cleartext fragment fb 45 03 69 50 d5 a5 c3 de 00 4c f7 0a 7d 00 cb Sep 21 07:25:06.507983: | cleartext fragment 3a ab 11 74 6b 57 67 4d e7 c0 3a 97 98 44 Sep 21 07:25:06.507986: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.507989: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:06.507991: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:06.507994: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:06.507996: | emitting length of ISAKMP Message: 539 Sep 21 07:25:06.508002: | **emit ISAKMP Message: Sep 21 07:25:06.508005: | initiator cookie: Sep 21 07:25:06.508007: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.508010: | responder cookie: Sep 21 07:25:06.508012: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508014: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.508017: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.508019: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.508023: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.508026: | Message ID: 1 (0x1) Sep 21 07:25:06.508028: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.508031: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:06.508033: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.508036: | flags: none (0x0) Sep 21 07:25:06.508038: | fragment number: 4 (0x4) Sep 21 07:25:06.508040: | total fragments: 5 (0x5) Sep 21 07:25:06.508043: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:06.508046: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.508049: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:06.508052: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:06.508059: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:06.508062: | cleartext fragment e2 15 9d f2 6f 1b c7 b1 15 d0 88 c4 dc 32 b7 72 Sep 21 07:25:06.508065: | cleartext fragment 1d 9c ac 1b 37 63 21 00 01 88 01 00 00 00 56 b9 Sep 21 07:25:06.508067: | cleartext fragment 1a 24 f2 64 52 3f 4c 8b b9 33 f8 60 d5 ca 0e 68 Sep 21 07:25:06.508069: | cleartext fragment fe db e5 14 5b 9c ed 84 a9 b9 14 b1 69 16 e6 26 Sep 21 07:25:06.508071: | cleartext fragment a2 0c 18 26 cf e0 1c f8 06 49 d7 8e 36 19 a7 83 Sep 21 07:25:06.508074: | cleartext fragment fa 90 a5 29 59 da 1f 06 97 b8 39 24 ab 00 d0 7e Sep 21 07:25:06.508076: | cleartext fragment 8e 3f 70 e3 bb 87 3b 28 ad b0 32 6c 50 b6 b3 6f Sep 21 07:25:06.508078: | cleartext fragment d3 ab 7e 78 10 3d 8d 00 d6 30 02 a5 66 10 85 f6 Sep 21 07:25:06.508081: | cleartext fragment a8 9d e8 9c 08 96 b3 7b ad 07 64 64 88 d4 bd d1 Sep 21 07:25:06.508083: | cleartext fragment 94 4b 99 f8 77 12 bb 64 5f 42 f8 a7 1d 85 c5 49 Sep 21 07:25:06.508086: | cleartext fragment df 87 34 da 72 34 61 41 b1 a3 98 26 21 b6 1f 0c Sep 21 07:25:06.508088: | cleartext fragment 60 1b ba 41 43 78 30 aa 61 d3 bd b5 95 da c4 f9 Sep 21 07:25:06.508090: | cleartext fragment d6 54 64 99 a6 92 91 e9 00 c1 06 1a 58 59 a4 1b Sep 21 07:25:06.508092: | cleartext fragment df 85 ab f9 21 70 23 01 e8 67 be 53 40 34 f6 7b Sep 21 07:25:06.508095: | cleartext fragment 2e cb b0 71 0f bd 00 02 9a c2 32 75 eb 30 8e fd Sep 21 07:25:06.508097: | cleartext fragment 46 ae 03 cc 59 0b fb 2b 10 c8 0a 7f dc 58 62 5a Sep 21 07:25:06.508100: | cleartext fragment 5a ed 8f d7 db 10 09 99 67 cb a1 4c 70 1b d4 cd Sep 21 07:25:06.508102: | cleartext fragment 4d dc 10 58 c9 62 ca 87 b9 be 11 98 b8 9d 0d 87 Sep 21 07:25:06.508104: | cleartext fragment ba 63 af c1 b9 b8 21 79 a8 11 79 9c ad bf bc 4e Sep 21 07:25:06.508107: | cleartext fragment a2 aa ae 51 53 4e c1 7c d7 e8 ee f4 0a a0 89 c8 Sep 21 07:25:06.508109: | cleartext fragment d2 94 5c 46 7f f4 ca 46 66 08 31 c8 5e fa a0 c6 Sep 21 07:25:06.508112: | cleartext fragment f1 c9 68 45 82 bc 90 95 49 c0 39 2d c0 9e 45 c4 Sep 21 07:25:06.508114: | cleartext fragment 44 e9 09 bf 23 3c 3d 75 7b 50 9d f5 74 ba 3a 8e Sep 21 07:25:06.508116: | cleartext fragment 11 aa fa 28 64 62 98 90 79 1e 0b bc 4c 5e 40 b1 Sep 21 07:25:06.508118: | cleartext fragment 04 0a 88 66 e0 46 18 d1 3e 7b 06 9b 09 35 7b b0 Sep 21 07:25:06.508120: | cleartext fragment 8a 51 f7 b6 60 b7 1c 1d 36 3a 3e 35 c6 1f 2c 00 Sep 21 07:25:06.508123: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 94 60 eb 3c 03 00 Sep 21 07:25:06.508125: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Sep 21 07:25:06.508128: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 Sep 21 07:25:06.508130: | cleartext fragment ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Sep 21 07:25:06.508132: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.508137: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:06.508140: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:06.508143: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:06.508145: | emitting length of ISAKMP Message: 539 Sep 21 07:25:06.508151: | **emit ISAKMP Message: Sep 21 07:25:06.508154: | initiator cookie: Sep 21 07:25:06.508156: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.508158: | responder cookie: Sep 21 07:25:06.508160: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508163: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.508166: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.508168: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:06.508171: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.508173: | Message ID: 1 (0x1) Sep 21 07:25:06.508175: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.508178: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:06.508181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.508183: | flags: none (0x0) Sep 21 07:25:06.508185: | fragment number: 5 (0x5) Sep 21 07:25:06.508188: | total fragments: 5 (0x5) Sep 21 07:25:06.508190: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:06.508193: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:06.508196: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:06.508199: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:06.508203: | emitting 20 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:06.508205: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Sep 21 07:25:06.508207: | cleartext fragment c0 00 02 ff Sep 21 07:25:06.508210: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.508213: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:06.508216: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:06.508218: | emitting length of IKEv2 Encrypted Fragment: 53 Sep 21 07:25:06.508221: | emitting length of ISAKMP Message: 81 Sep 21 07:25:06.508230: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:25:06.508238: | #1 spent 18.6 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:25:06.508245: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.508251: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.508255: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:25:06.508259: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:25:06.508262: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:06.508265: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:06.508271: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:06.508276: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:06.508280: | pstats #2 ikev2.child established Sep 21 07:25:06.508288: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:25:06.508294: | NAT-T: encaps is 'auto' Sep 21 07:25:06.508299: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x9f9004e2 <0x9460eb3c xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:06.508305: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:06.508307: | sending fragments ... Sep 21 07:25:06.508317: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.508319: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508322: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Sep 21 07:25:06.508324: | 00 01 00 05 81 b0 66 b5 70 6c 57 72 d9 a2 7a 1c Sep 21 07:25:06.508326: | 11 d3 38 11 8f 14 3d dc e7 3e 38 24 c6 e4 28 fb Sep 21 07:25:06.508328: | dd 4a 49 33 d8 3b 5e 4d 08 12 67 c9 53 84 1e b9 Sep 21 07:25:06.508331: | eb ee d5 c7 77 37 78 55 22 78 7e 9d 32 e9 17 50 Sep 21 07:25:06.508332: | e9 69 8e 2f 42 1a 36 5d b4 36 b0 e1 1d bd 9f 2f Sep 21 07:25:06.508334: | ae a5 e2 26 a3 d7 6f 4f 34 3c 3f f4 1a f1 24 f7 Sep 21 07:25:06.508336: | fc ae 1c 96 59 c6 b9 77 03 71 e1 8a b2 90 e6 79 Sep 21 07:25:06.508338: | 30 87 7a 7c fa 76 e3 f9 71 5f cf 1d b3 12 1a a1 Sep 21 07:25:06.508340: | 6d b5 e1 63 da b2 fe ba 2e eb c7 2a 43 67 0f 53 Sep 21 07:25:06.508342: | 90 7a 0a 5e 3e 44 8e b6 a3 93 e0 d1 16 be 30 7e Sep 21 07:25:06.508344: | 85 6d 00 0c 11 75 dd b0 a4 11 0e 6a a3 43 fd 0a Sep 21 07:25:06.508346: | c2 da e4 1f c9 f8 26 b6 18 91 53 c4 20 8b 99 67 Sep 21 07:25:06.508349: | c6 d0 52 ed ff e0 eb ed f7 ff c5 70 89 09 62 06 Sep 21 07:25:06.508351: | c5 c0 ca b1 38 b4 74 8a 0f cb 22 a3 57 90 ca 35 Sep 21 07:25:06.508352: | e0 88 e9 0e 3d 8b 9e d6 3b cf 07 cc 6d fa 3b 57 Sep 21 07:25:06.508354: | ba 8d ab 2f 69 a6 41 9f 7e 89 61 98 af d7 08 38 Sep 21 07:25:06.508356: | 8c b1 17 fc 63 78 cb 3f 57 d9 49 73 7c 8e f4 5a Sep 21 07:25:06.508358: | 83 9e 45 43 bf 51 da 9c 28 70 0b 29 2a 95 b9 58 Sep 21 07:25:06.508361: | 96 5c 34 80 aa 50 e2 94 03 ff 26 3d 0f 41 a1 8e Sep 21 07:25:06.508363: | 63 84 2a 20 10 33 fe c6 fa 0b d1 c3 b4 7a 58 aa Sep 21 07:25:06.508365: | 5e 14 a5 4e 11 d0 83 3d 90 7a 1d 2e 0c c3 bc e5 Sep 21 07:25:06.508367: | 6b 71 4f cf 09 cc f2 1b 3a 3c d5 e4 ad 88 4f 5a Sep 21 07:25:06.508370: | e6 75 13 ab e2 0e dd 6e be 85 77 dd b7 32 a0 07 Sep 21 07:25:06.508372: | f4 b2 81 d0 53 9a 64 c4 51 e9 f1 ba 1b ac 3d 9d Sep 21 07:25:06.508374: | 4a 4a 2f bb 50 40 48 1f fe d8 c9 d6 ae 2a 84 2f Sep 21 07:25:06.508376: | 6b 73 61 44 6e 7c 8c bd d8 a2 f3 7e 54 35 57 93 Sep 21 07:25:06.508379: | 95 0e 73 b8 a7 d1 bc ce 2f bd 67 c1 fb 1a 85 a2 Sep 21 07:25:06.508381: | ac 6b 30 43 85 53 4a ea 64 65 96 11 e1 fb f6 81 Sep 21 07:25:06.508383: | f6 81 6c 6b 75 79 79 4a 31 dd 41 ce 93 2a f5 c8 Sep 21 07:25:06.508386: | be 8b a9 5b de ac 45 5a 90 a4 d5 b7 9e 2b 27 23 Sep 21 07:25:06.508388: | 42 30 03 e2 ba 68 1b 6b 95 e4 be ba a8 1d cc 0f Sep 21 07:25:06.508390: | 7a 1e af 3b e4 05 c0 d4 9c f7 16 Sep 21 07:25:06.508450: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.508454: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508456: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:06.508459: | 00 02 00 05 50 ff ec 6a be 0e 9e ca 78 03 c3 d2 Sep 21 07:25:06.508461: | e2 4d 2b 3d 36 77 9d e1 54 c3 14 f3 01 7c 43 66 Sep 21 07:25:06.508463: | 13 49 0c 68 9c d3 21 6f fc ac 2b da 18 df ec 15 Sep 21 07:25:06.508465: | 37 a4 32 37 9b 87 84 6f df 13 4a 86 9d c9 a8 58 Sep 21 07:25:06.508467: | 63 2a b1 1d 4c 74 fe ad b6 89 64 91 6f 02 c8 78 Sep 21 07:25:06.508470: | 79 2f 00 bd 90 ee a6 0e 48 70 85 b0 60 08 e9 71 Sep 21 07:25:06.508472: | e2 d3 ff d3 8f 4d 90 c7 78 42 99 d1 1e 8f 08 b7 Sep 21 07:25:06.508474: | 96 f8 30 b2 e1 78 0f b1 f1 92 ea 8d 86 5c fa 4f Sep 21 07:25:06.508478: | 3d 08 0f 4c 88 c4 8e 1a 9e cf 18 df f9 3f 7b c7 Sep 21 07:25:06.508480: | f1 73 b3 cd 4e 55 7e 2d 4e 19 5e bb 07 4a e1 98 Sep 21 07:25:06.508482: | 1b e3 bc 5f 59 51 57 66 1a be 47 42 44 11 ca 69 Sep 21 07:25:06.508484: | fb 33 43 7a 27 0f 88 80 b3 68 dc 23 30 78 34 e7 Sep 21 07:25:06.508486: | 74 ff 29 e7 02 30 f3 e3 a3 ad 09 8e 57 fe 2f 00 Sep 21 07:25:06.508489: | 9c 8e 0e a1 7b 89 eb 21 b2 42 48 5c fe 00 76 3d Sep 21 07:25:06.508491: | aa 81 d6 08 0c e5 3f f8 a5 fb 7f ad 8f d6 02 d4 Sep 21 07:25:06.508493: | ba e1 ba ac ee 32 59 24 f2 87 60 30 cc 63 71 c2 Sep 21 07:25:06.508496: | 82 18 2f 64 23 ba 34 38 f2 18 6f 5d 98 d0 88 7a Sep 21 07:25:06.508498: | 8b db 78 aa 9b 50 55 d2 1f 7b 70 6e fd 52 a6 f3 Sep 21 07:25:06.508500: | ac e2 67 78 17 7c 61 b0 52 e9 74 29 e2 9c 56 04 Sep 21 07:25:06.508502: | 23 c9 e1 45 f0 58 54 14 3c b6 42 3d ed fc ab 73 Sep 21 07:25:06.508504: | 0b 3c 93 9f e4 19 bc b9 3c d0 3a b9 79 67 6f 2f Sep 21 07:25:06.508506: | c5 d2 32 fa 6f 2f 29 13 b8 c5 26 53 f5 1b 5b bf Sep 21 07:25:06.508508: | b8 2c 20 e8 c0 bb f8 14 d4 72 65 4e 64 e7 e8 28 Sep 21 07:25:06.508510: | d7 38 5a 79 20 a8 f8 82 29 cb 10 6f ca d2 49 23 Sep 21 07:25:06.508512: | c7 4d 18 dd 8d 91 bf 3f 09 0c 78 21 51 13 a8 aa Sep 21 07:25:06.508514: | 82 39 89 2c fe b5 6d 9a e9 54 2d 8e 12 2e 50 4e Sep 21 07:25:06.508517: | 8d cf 10 82 3c ba 70 dd 76 38 49 e7 3b 2d b7 d1 Sep 21 07:25:06.508519: | c7 19 19 71 43 dd a5 59 3c 67 61 de a3 36 4e f1 Sep 21 07:25:06.508521: | e3 ef c3 78 4e a9 d2 05 10 b0 9e 83 86 9c 90 10 Sep 21 07:25:06.508523: | 80 d6 c4 9b 26 16 7a 5d 36 0e da 7b 41 ef 6d 5f Sep 21 07:25:06.508525: | 7b 3d d0 f0 32 e2 4e 2e 78 3f 6d 5f 59 c9 c4 b7 Sep 21 07:25:06.508527: | 08 90 ea 66 d4 e8 95 fb fe 46 7c Sep 21 07:25:06.508549: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.508552: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508554: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:06.508556: | 00 03 00 05 23 be f8 d7 07 8b 42 52 79 9a f4 58 Sep 21 07:25:06.508558: | 77 ce ac 17 75 48 60 c4 d7 24 8a b2 ed a3 98 5e Sep 21 07:25:06.508560: | 9b 52 6e 5c 12 3e 1f 69 ef 20 45 cd 17 84 cb 2f Sep 21 07:25:06.508562: | 89 28 22 55 e0 d2 fe 79 49 d1 7c 17 8d ca 34 ac Sep 21 07:25:06.508564: | ee 62 6e 8c 39 30 49 66 ad e8 78 a7 b4 ee d3 bc Sep 21 07:25:06.508566: | 6b af 7c eb 95 57 38 91 04 93 91 3a c5 c4 5d 45 Sep 21 07:25:06.508569: | 57 bf 8f e9 d2 15 4a 10 3c ab 55 cc ab 8e 08 03 Sep 21 07:25:06.508571: | 6a a8 b2 a1 58 eb e6 aa c8 51 0b 32 c4 58 0a 1e Sep 21 07:25:06.508573: | af 6b be 01 35 7e f5 3e d5 af da 92 a8 99 fb 56 Sep 21 07:25:06.508575: | dc d1 ed 9d c0 a8 b6 e3 35 6b 2f f0 5e 6a 01 ad Sep 21 07:25:06.508577: | 1a 54 e1 76 d4 73 b3 5e 66 6a 0c a4 75 c2 53 e0 Sep 21 07:25:06.508579: | 3d 52 68 f4 ef ed 0c 4b d0 6d 58 a6 31 d9 2d dd Sep 21 07:25:06.508581: | cf 14 46 63 46 af 23 a4 b0 8f c3 8e 82 fe 11 2d Sep 21 07:25:06.508583: | ab be 37 0a 74 be 15 55 38 c2 92 1b 97 19 71 e7 Sep 21 07:25:06.508585: | dd b0 15 fa 3c 09 bd 79 f9 89 ce 7a 49 83 89 ef Sep 21 07:25:06.508587: | 3d 42 7a 4a a5 e6 74 f9 7d e8 64 f0 4e 34 e8 57 Sep 21 07:25:06.508589: | 57 03 2a f6 16 ea 48 66 68 50 50 bc 4c 9e 6a b1 Sep 21 07:25:06.508592: | 47 e9 78 9b 14 c7 3c 67 8e 5b 21 5c 34 fe 4e 99 Sep 21 07:25:06.508594: | 49 97 45 52 90 37 9d ac 12 c4 a8 94 9d 7a 53 8e Sep 21 07:25:06.508596: | f0 81 e4 d8 36 1b 8a 6e d7 89 05 bb 4c cb 75 34 Sep 21 07:25:06.508598: | 3f 4d 5e 7e 3f a9 fd 23 e8 b6 03 9b a3 5b d1 5c Sep 21 07:25:06.508600: | 44 f8 ca 08 16 85 d5 58 c8 24 2e dc 7e 1a 6e 08 Sep 21 07:25:06.508602: | e3 68 f6 83 6e 24 2f 6e 4b 29 52 91 b0 02 b5 78 Sep 21 07:25:06.508604: | aa 8f 57 ef 2d ad ad 71 0a 79 d7 15 c8 3e d8 79 Sep 21 07:25:06.508608: | 38 9b bd 90 fc da 83 7f 7f 1c ce 8d dd b0 15 16 Sep 21 07:25:06.508610: | c6 4d 48 39 b2 fd 87 23 50 1d f4 04 7a 6f a7 e7 Sep 21 07:25:06.508613: | 25 3d 02 88 ae 06 c2 c1 d4 11 9d 11 3e 31 83 52 Sep 21 07:25:06.508615: | 3a 5a 25 55 2f f8 e0 5f 9c 19 c4 b8 16 a2 64 81 Sep 21 07:25:06.508617: | 42 b0 0c 23 f1 73 3f a5 84 84 35 df 78 22 89 37 Sep 21 07:25:06.508619: | 47 10 ea 32 45 48 13 33 a0 38 d8 e8 fe 7b b8 19 Sep 21 07:25:06.508621: | 4f cf 64 2c 70 66 f8 67 94 77 85 91 6b 13 79 23 Sep 21 07:25:06.508623: | 2b eb 08 f4 47 30 32 f6 ea f8 46 Sep 21 07:25:06.508638: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.508642: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508644: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:25:06.508646: | 00 04 00 05 ca ad 67 63 0e a0 f7 ea 10 1c ae fc Sep 21 07:25:06.508648: | 66 50 a6 6e 88 34 0c 76 ee a1 db 59 38 33 6b 3f Sep 21 07:25:06.508650: | e5 cf 0c d1 f5 b4 01 b5 8a 3c 33 28 40 5f 84 1e Sep 21 07:25:06.508652: | 94 6d e6 7a cb 39 0c 01 9e 7b 93 56 1c 93 a4 42 Sep 21 07:25:06.508654: | b2 fe 4d 91 7f 67 a5 f2 d0 6d 82 0b 7c c8 60 e7 Sep 21 07:25:06.508656: | 39 73 38 5f 08 4c 64 29 68 ac b5 a9 07 93 7f 2b Sep 21 07:25:06.508658: | d7 df 85 51 4f de 28 a9 3f 97 20 e5 f6 01 65 98 Sep 21 07:25:06.508660: | 65 6b 82 47 bf 15 1d 72 46 0e 5c 93 e6 47 8d 5f Sep 21 07:25:06.508662: | 18 1d c2 b4 c5 32 fe d7 00 bb dc 3e 0f b7 fe 37 Sep 21 07:25:06.508664: | dc f8 f0 73 71 96 44 b5 a6 4f 60 7f d3 a7 4c 18 Sep 21 07:25:06.508666: | 43 1a b9 d7 8e 7f 9e f6 87 bb 14 d6 39 fc 62 bf Sep 21 07:25:06.508668: | 4d b3 b1 09 eb 10 57 0c ac 7d 73 92 52 ea 8d 6b Sep 21 07:25:06.508670: | 27 70 50 ec 83 2f 0e 53 d4 0f dd 12 0e 43 46 ac Sep 21 07:25:06.508672: | 8e 68 68 bf ba fc 5f 69 73 05 71 a9 02 df 94 ea Sep 21 07:25:06.508674: | 19 1a ce 9f a6 27 fb 65 ac 56 68 b7 89 1b fb 84 Sep 21 07:25:06.508676: | 76 8b 26 20 13 94 5b d1 9a f3 19 34 3c 02 d4 6a Sep 21 07:25:06.508678: | bf 26 f1 8c 68 00 2d 32 ce 1c be 99 a1 cd 34 4a Sep 21 07:25:06.508680: | 4d fd 66 89 27 ba e5 b6 25 98 d1 55 47 27 6b 73 Sep 21 07:25:06.508682: | 82 83 20 34 c2 d6 30 91 e7 9b 06 91 bf f0 d6 e5 Sep 21 07:25:06.508684: | c3 77 76 ed 24 2f 27 7e d8 3f 63 0b b1 1f 39 db Sep 21 07:25:06.508686: | 19 aa 96 48 26 15 e6 5d f9 10 99 c3 d0 9f dc 59 Sep 21 07:25:06.508688: | 7e 9f 65 5e b5 32 f0 49 48 5b 63 13 ce 45 f7 f8 Sep 21 07:25:06.508690: | 86 b8 15 4b 5b 7d f4 6e e8 fd 2e 9f 45 de ba 2d Sep 21 07:25:06.508692: | c9 94 82 0a ae b5 3f b0 3d c4 1c 19 51 2d dc b5 Sep 21 07:25:06.508694: | 14 b8 bb 96 7b 5f 5e 8d f2 4f fe 2c 9a ff 2f d0 Sep 21 07:25:06.508696: | 5b 2e d6 af b2 fa 0b d9 ac ff 3e eb 14 d4 d5 b1 Sep 21 07:25:06.508698: | b2 b4 17 d9 35 f8 df f3 37 1e 5c 62 d3 1d 92 bb Sep 21 07:25:06.508700: | c6 c4 ce 6d 0d e3 b3 de 70 13 92 2b ae 70 b0 55 Sep 21 07:25:06.508702: | f0 6a 0d 1d 77 38 de c8 95 5d d3 00 3f 3a f3 ca Sep 21 07:25:06.508704: | ab f7 ee c4 e1 d3 e9 9a 1f b0 c0 f2 1a 9b 31 5d Sep 21 07:25:06.508706: | ff 15 27 60 5b 6a 82 f3 3e ee 58 d7 c8 63 bc fc Sep 21 07:25:06.508708: | a9 3e cb 05 cd 2f 74 76 ee c6 9c Sep 21 07:25:06.508721: | sending 81 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.508724: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.508726: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Sep 21 07:25:06.508728: | 00 05 00 05 71 21 96 09 0e e1 fb 26 3d af 90 8e Sep 21 07:25:06.508731: | ba 9d 69 7f 30 8b 3d 40 2f d6 f3 72 ba ec 6f 52 Sep 21 07:25:06.508733: | 78 6f 3e 85 83 ab c0 89 1d e1 74 53 f4 bc 3e b2 Sep 21 07:25:06.508735: | 4e Sep 21 07:25:06.508745: | sent 5 fragments Sep 21 07:25:06.508748: | releasing whack for #2 (sock=fd@-1) Sep 21 07:25:06.508751: | releasing whack and unpending for parent #1 Sep 21 07:25:06.508755: | unpending state #1 connection "northnet-eastnets/0x1" Sep 21 07:25:06.508759: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:06.508763: | event_schedule: new EVENT_SA_REKEY-pe@0x55f7d3fcb1d0 Sep 21 07:25:06.508766: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:25:06.508770: | libevent_malloc: new ptr-libevent@0x55f7d3fd5280 size 128 Sep 21 07:25:06.508776: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:06.508798: | #1 spent 19.3 milliseconds in resume sending helper answer Sep 21 07:25:06.508806: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:06.508811: | libevent_free: release ptr-libevent@0x7f71f0006b90 Sep 21 07:25:06.508822: | processing signal PLUTO_SIGCHLD Sep 21 07:25:06.508827: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:06.508832: | spent 0.00554 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:06.508834: | processing signal PLUTO_SIGCHLD Sep 21 07:25:06.508837: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:06.508841: | spent 0.00331 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:06.508843: | processing signal PLUTO_SIGCHLD Sep 21 07:25:06.508846: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:06.508850: | spent 0.00337 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:06.732348: | spent 0.00252 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:06.732369: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:06.732372: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.732374: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:25:06.732377: | 15 11 76 03 47 ea 95 e1 4f d3 d1 9d cf 38 b5 d3 Sep 21 07:25:06.732379: | 1d 7f b2 c7 46 a3 71 98 ae c9 f5 c8 a6 d2 55 2e Sep 21 07:25:06.732381: | a1 aa 5e 2b 7e 97 9f c6 cd 79 76 36 d3 fc 62 1c Sep 21 07:25:06.732383: | 32 14 e3 d6 79 59 ce 57 16 c0 57 5f 99 c9 5a 45 Sep 21 07:25:06.732385: | d2 34 4d e6 6a 4c c5 61 03 a1 40 22 af 0a 59 a5 Sep 21 07:25:06.732387: | 5a 4b cf 6c a4 0d 36 55 16 3a eb be 27 e4 3c c0 Sep 21 07:25:06.732390: | 7c 90 08 ad c0 4d d6 06 28 df 4a a4 ac a9 fd d1 Sep 21 07:25:06.732392: | 33 81 b2 a2 6b a9 69 1e 2d f2 fd 82 22 d0 03 f0 Sep 21 07:25:06.732394: | a8 9d e6 85 f3 3c e6 5c 80 dd 9f 24 2b 88 d7 b0 Sep 21 07:25:06.732396: | d9 68 6e cf 47 e9 79 33 c7 b4 4d 78 9f 50 62 de Sep 21 07:25:06.732398: | 22 aa c6 b5 03 7e 4a e2 a7 2c 78 b7 81 a0 8f e3 Sep 21 07:25:06.732401: | 97 f6 9f 2f 07 ce 47 20 1c 23 44 39 b5 8f 88 0c Sep 21 07:25:06.732403: | ce 35 d0 f6 d8 28 91 de 62 ca 29 36 3e 2f 29 f0 Sep 21 07:25:06.732405: | 57 ff 05 1d d0 d3 b5 49 46 74 44 02 7f d2 39 2f Sep 21 07:25:06.732407: | c4 0b 7d ff 27 70 c7 ea 13 7a 91 b4 85 7a 38 b0 Sep 21 07:25:06.732410: | f8 3a dd af e4 f3 92 6e ff 1d e2 8d 29 4e 1c f8 Sep 21 07:25:06.732412: | 41 dc 59 70 45 9b 6e c5 28 d8 2b 85 69 99 7a 7a Sep 21 07:25:06.732414: | 1e c5 13 cd a3 e5 ac 04 be 8f 74 fe 50 00 7a 48 Sep 21 07:25:06.732416: | 7c 98 12 28 fc 54 5a 92 48 72 74 8d 46 46 f5 57 Sep 21 07:25:06.732419: | 7f 7e 83 3c 6b 26 20 d9 d8 b1 10 60 da 06 ab ed Sep 21 07:25:06.732421: | 88 2d da 53 51 d2 d5 93 ec 0f 6d 78 3c ad 27 27 Sep 21 07:25:06.732423: | bc a9 a8 f2 c2 be 4a 9e 0b 63 bd 07 f8 4c 07 3f Sep 21 07:25:06.732425: | 51 36 ce 7c cb 20 ce 73 e4 2b 5c 3b a4 ce c6 ec Sep 21 07:25:06.732427: | c2 40 8c 3f 2a 45 16 91 76 c1 92 be 14 6e 8e 6a Sep 21 07:25:06.732429: | 85 3d f9 13 8d 0a 42 75 30 d1 a9 c0 fe 12 a5 eb Sep 21 07:25:06.732431: | 4f 29 93 d6 e2 a1 0d 38 d9 9e 0a 57 a5 e2 3e 44 Sep 21 07:25:06.732434: | f3 25 c5 4f b4 d4 8a d3 60 97 d4 65 43 3f c6 95 Sep 21 07:25:06.732436: | ae 5d ac 98 bb 45 49 7b d3 04 04 b6 67 bd 45 3e Sep 21 07:25:06.732440: | 3d 59 33 6f 9a 2d 22 76 33 b7 ce 88 16 dd b3 dc Sep 21 07:25:06.732443: | cd c6 a2 11 b5 61 69 bc 9d f0 ff fa 15 81 48 99 Sep 21 07:25:06.732445: | d7 d7 87 1e 25 48 25 e2 7e a8 26 72 d7 c6 5b 69 Sep 21 07:25:06.732447: | 82 c2 88 85 e7 3c bb 88 f1 35 43 43 0e b2 8e a0 Sep 21 07:25:06.732449: | e7 93 5d ba 80 fd 09 a5 3d 6a 46 07 a5 70 e0 53 Sep 21 07:25:06.732452: | e5 f5 59 9d eb 03 3a 26 0f 56 80 79 49 5f ae dd Sep 21 07:25:06.732454: | 7d 73 81 d1 18 cc 59 77 01 53 34 e3 de fe e3 90 Sep 21 07:25:06.732456: | 25 f5 68 c9 23 52 18 a4 92 Sep 21 07:25:06.732461: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:06.732465: | **parse ISAKMP Message: Sep 21 07:25:06.732468: | initiator cookie: Sep 21 07:25:06.732470: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.732472: | responder cookie: Sep 21 07:25:06.732474: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.732477: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:06.732480: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.732482: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:06.732485: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:06.732487: | Message ID: 2 (0x2) Sep 21 07:25:06.732490: | length: 601 (0x259) Sep 21 07:25:06.732493: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:06.732497: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Sep 21 07:25:06.732500: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:06.732506: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:06.732510: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:06.732514: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:06.732518: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:25:06.732522: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Sep 21 07:25:06.732524: | unpacking clear payload Sep 21 07:25:06.732527: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:06.732530: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:06.732533: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:06.732535: | flags: none (0x0) Sep 21 07:25:06.732538: | length: 573 (0x23d) Sep 21 07:25:06.732540: | processing payload: ISAKMP_NEXT_v2SK (len=569) Sep 21 07:25:06.732545: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:06.732548: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:06.732564: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:06.732566: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:06.732569: | **parse IKEv2 Security Association Payload: Sep 21 07:25:06.732572: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:06.732574: | flags: none (0x0) Sep 21 07:25:06.732576: | length: 196 (0xc4) Sep 21 07:25:06.732578: | processing payload: ISAKMP_NEXT_v2SA (len=192) Sep 21 07:25:06.732581: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:06.732583: | **parse IKEv2 Nonce Payload: Sep 21 07:25:06.732585: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:06.732588: | flags: none (0x0) Sep 21 07:25:06.732590: | length: 36 (0x24) Sep 21 07:25:06.732592: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:06.732594: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:06.732597: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:06.732600: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:06.732602: | flags: none (0x0) Sep 21 07:25:06.732606: | length: 264 (0x108) Sep 21 07:25:06.732608: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.732611: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:06.732613: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:06.732616: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:06.732618: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:06.732620: | flags: none (0x0) Sep 21 07:25:06.732623: | length: 24 (0x18) Sep 21 07:25:06.732625: | number of TS: 1 (0x1) Sep 21 07:25:06.732627: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:06.732630: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:06.732632: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:06.732635: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.732637: | flags: none (0x0) Sep 21 07:25:06.732639: | length: 24 (0x18) Sep 21 07:25:06.732641: | number of TS: 1 (0x1) Sep 21 07:25:06.732643: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:06.732647: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Sep 21 07:25:06.732649: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:25:06.732654: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:06.732659: | creating state object #3 at 0x55f7d3fd1800 Sep 21 07:25:06.732662: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:06.732669: | pstats #3 ikev2.child started Sep 21 07:25:06.732672: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:25:06.732676: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:06.732683: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:06.732686: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Sep 21 07:25:06.732691: | "northnet-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Sep 21 07:25:06.732696: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Sep 21 07:25:06.732700: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:06.732703: | forcing ST #1 to CHILD #1.#3 in FSM processor Sep 21 07:25:06.732705: | Now let's proceed with state specific processing Sep 21 07:25:06.732708: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:25:06.732712: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:06.732716: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Sep 21 07:25:06.732721: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:06.732727: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.732730: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:06.732734: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.732737: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:06.732741: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.732744: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:06.732748: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.732757: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.732764: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:25:06.732767: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:06.732770: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:06.732773: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:06.732775: | local proposal 1 type DH has 1 transforms Sep 21 07:25:06.732777: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:06.732781: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:25:06.732787: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:06.732792: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:06.732794: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:06.732797: | local proposal 2 type DH has 1 transforms Sep 21 07:25:06.732799: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:06.732802: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:25:06.732804: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:06.732806: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:06.732809: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:06.732811: | local proposal 3 type DH has 1 transforms Sep 21 07:25:06.732814: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:06.732816: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:06.732819: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:06.732821: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:06.732823: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:06.732826: | local proposal 4 type DH has 1 transforms Sep 21 07:25:06.732828: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:06.732831: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:06.732833: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.732836: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.732838: | length: 40 (0x28) Sep 21 07:25:06.732840: | prop #: 1 (0x1) Sep 21 07:25:06.732843: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.732845: | spi size: 4 (0x4) Sep 21 07:25:06.732847: | # transforms: 3 (0x3) Sep 21 07:25:06.732850: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.732853: | remote SPI 88 04 28 d1 Sep 21 07:25:06.732856: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:06.732858: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.732861: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.732863: | length: 12 (0xc) Sep 21 07:25:06.732866: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.732868: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.732871: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.732874: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.732876: | length/value: 256 (0x100) Sep 21 07:25:06.732880: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:06.732883: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.732886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.732888: | length: 8 (0x8) Sep 21 07:25:06.732890: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.732893: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.732896: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:06.732901: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:25:06.732905: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:25:06.732908: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:25:06.732910: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.732913: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.732915: | length: 8 (0x8) Sep 21 07:25:06.732917: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.732919: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.732923: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:06.732926: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:25:06.732929: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:25:06.732932: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:25:06.732936: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:25:06.732940: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:25:06.732943: | remote proposal 1 matches local proposal 1 Sep 21 07:25:06.732946: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.732948: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.732950: | length: 40 (0x28) Sep 21 07:25:06.732953: | prop #: 2 (0x2) Sep 21 07:25:06.732955: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.732957: | spi size: 4 (0x4) Sep 21 07:25:06.732960: | # transforms: 3 (0x3) Sep 21 07:25:06.732963: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.732965: | remote SPI 88 04 28 d1 Sep 21 07:25:06.732968: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.732971: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.732973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.732975: | length: 12 (0xc) Sep 21 07:25:06.732978: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.732980: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.732982: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.732985: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.732987: | length/value: 128 (0x80) Sep 21 07:25:06.732990: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.732993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.732995: | length: 8 (0x8) Sep 21 07:25:06.732997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.733000: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.733002: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733005: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.733007: | length: 8 (0x8) Sep 21 07:25:06.733010: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.733012: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.733016: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Sep 21 07:25:06.733019: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Sep 21 07:25:06.733021: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.733023: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:06.733026: | length: 56 (0x38) Sep 21 07:25:06.733028: | prop #: 3 (0x3) Sep 21 07:25:06.733030: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.733033: | spi size: 4 (0x4) Sep 21 07:25:06.733035: | # transforms: 5 (0x5) Sep 21 07:25:06.733038: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.733044: | remote SPI 88 04 28 d1 Sep 21 07:25:06.733047: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.733049: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733054: | length: 12 (0xc) Sep 21 07:25:06.733057: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.733059: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:06.733061: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.733064: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.733066: | length/value: 256 (0x100) Sep 21 07:25:06.733069: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733074: | length: 8 (0x8) Sep 21 07:25:06.733077: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.733079: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:06.733082: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733086: | length: 8 (0x8) Sep 21 07:25:06.733089: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.733091: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:06.733094: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733098: | length: 8 (0x8) Sep 21 07:25:06.733101: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.733103: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.733106: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733108: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.733110: | length: 8 (0x8) Sep 21 07:25:06.733113: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.733115: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.733119: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Sep 21 07:25:06.733122: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Sep 21 07:25:06.733125: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.733127: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:06.733129: | length: 56 (0x38) Sep 21 07:25:06.733131: | prop #: 4 (0x4) Sep 21 07:25:06.733134: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.733136: | spi size: 4 (0x4) Sep 21 07:25:06.733138: | # transforms: 5 (0x5) Sep 21 07:25:06.733142: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:06.733144: | remote SPI 88 04 28 d1 Sep 21 07:25:06.733147: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:06.733149: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733154: | length: 12 (0xc) Sep 21 07:25:06.733156: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.733159: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:06.733161: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.733164: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.733166: | length/value: 128 (0x80) Sep 21 07:25:06.733169: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733173: | length: 8 (0x8) Sep 21 07:25:06.733176: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.733178: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:06.733181: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733186: | length: 8 (0x8) Sep 21 07:25:06.733190: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:06.733192: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:06.733195: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.733200: | length: 8 (0x8) Sep 21 07:25:06.733202: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.733204: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.733207: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:06.733210: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.733212: | length: 8 (0x8) Sep 21 07:25:06.733214: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.733217: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.733220: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Sep 21 07:25:06.733223: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Sep 21 07:25:06.733229: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=880428d1;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.733234: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=880428d1;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:25:06.733237: | converting proposal to internal trans attrs Sep 21 07:25:06.733242: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:25:06.733245: | Child SA TS Request has child->sa == md->st; so using child connection Sep 21 07:25:06.733248: | TSi: parsing 1 traffic selectors Sep 21 07:25:06.733251: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:06.733253: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.733255: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.733258: | length: 16 (0x10) Sep 21 07:25:06.733260: | start port: 0 (0x0) Sep 21 07:25:06.733262: | end port: 65535 (0xffff) Sep 21 07:25:06.733265: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:06.733267: | TS low c0 00 03 00 Sep 21 07:25:06.733270: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:06.733272: | TS high c0 00 03 ff Sep 21 07:25:06.733274: | TSi: parsed 1 traffic selectors Sep 21 07:25:06.733277: | TSr: parsing 1 traffic selectors Sep 21 07:25:06.733279: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:06.733282: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.733284: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.733286: | length: 16 (0x10) Sep 21 07:25:06.733288: | start port: 0 (0x0) Sep 21 07:25:06.733291: | end port: 65535 (0xffff) Sep 21 07:25:06.733293: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:06.733295: | TS low c0 00 16 00 Sep 21 07:25:06.733298: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:06.733300: | TS high c0 00 16 ff Sep 21 07:25:06.733302: | TSr: parsed 1 traffic selectors Sep 21 07:25:06.733304: | looking for best SPD in current connection Sep 21 07:25:06.733311: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:06.733316: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.733323: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:06.733327: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:06.733329: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:06.733332: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:06.733335: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.733341: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.733348: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:06.733351: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:06.733353: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:06.733356: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:06.733359: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.733361: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:06.733364: | found better spd route for TSi[0],TSr[0] Sep 21 07:25:06.733366: | looking for better host pair Sep 21 07:25:06.733371: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:06.733376: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Sep 21 07:25:06.733379: | investigating connection "northnet-eastnets/0x2" as a better match Sep 21 07:25:06.733391: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.733400: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.733402: | results matched Sep 21 07:25:06.733411: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.733419: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.733425: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:06.733430: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.733436: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:06.733439: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:06.733441: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:06.733444: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:06.733447: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.733451: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.733457: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:06.733460: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:06.733463: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:06.733465: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:06.733468: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.733471: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:06.733473: | investigating connection "northnet-eastnets/0x1" as a better match Sep 21 07:25:06.733483: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.733492: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:25:06.733494: | results matched Sep 21 07:25:06.733502: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.733511: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.733516: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:06.733521: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.733529: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:06.733532: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:06.733534: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:06.733537: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:06.733540: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:06.733544: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:06.733550: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Sep 21 07:25:06.733553: | did not find a better connection using host pair Sep 21 07:25:06.733555: | printing contents struct traffic_selector Sep 21 07:25:06.733557: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:06.733560: | ipprotoid: 0 Sep 21 07:25:06.733562: | port range: 0-65535 Sep 21 07:25:06.733565: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:25:06.733568: | printing contents struct traffic_selector Sep 21 07:25:06.733570: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:06.733572: | ipprotoid: 0 Sep 21 07:25:06.733574: | port range: 0-65535 Sep 21 07:25:06.733578: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:06.733582: | adding Child Responder KE and nonce nr work-order 3 for state #3 Sep 21 07:25:06.733585: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f71f8002b20 Sep 21 07:25:06.733588: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:06.733592: | libevent_malloc: new ptr-libevent@0x7f71f0006b90 size 128 Sep 21 07:25:06.733595: | libevent_realloc: release ptr-libevent@0x55f7d3fa00d0 Sep 21 07:25:06.733598: | libevent_realloc: new ptr-libevent@0x55f7d3fd22c0 size 128 Sep 21 07:25:06.733609: | #3 spent 0.893 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Sep 21 07:25:06.733615: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.733619: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.733623: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:25:06.733625: | suspending state #3 and saving MD Sep 21 07:25:06.733628: | #3 is busy; has a suspended MD Sep 21 07:25:06.733632: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:06.733636: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:06.733640: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:06.733645: | #1 spent 1.28 milliseconds in ikev2_process_packet() Sep 21 07:25:06.733649: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:06.733652: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:06.733654: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:06.733658: | spent 1.3 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:06.733671: | crypto helper 5 resuming Sep 21 07:25:06.733676: | crypto helper 5 starting work-order 3 for state #3 Sep 21 07:25:06.733680: | crypto helper 5 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Sep 21 07:25:06.734646: | crypto helper 5 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000965 seconds Sep 21 07:25:06.734659: | (#3) spent 0.971 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr) Sep 21 07:25:06.734663: | crypto helper 5 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:06.734666: | scheduling resume sending helper answer for #3 Sep 21 07:25:06.734672: | libevent_malloc: new ptr-libevent@0x7f71f4006900 size 128 Sep 21 07:25:06.734681: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:06.734691: | processing resume sending helper answer for #3 Sep 21 07:25:06.734698: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:06.734701: | crypto helper 5 replies to request ID 3 Sep 21 07:25:06.734704: | calling continuation function 0x55f7d3b6c630 Sep 21 07:25:06.734707: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R Sep 21 07:25:06.734711: | adding DHv2 for child sa work-order 4 for state #3 Sep 21 07:25:06.734714: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:06.734717: | libevent_free: release ptr-libevent@0x7f71f0006b90 Sep 21 07:25:06.734720: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f71f8002b20 Sep 21 07:25:06.734723: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f71f8002b20 Sep 21 07:25:06.734726: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:06.734729: | libevent_malloc: new ptr-libevent@0x7f71f0006b90 size 128 Sep 21 07:25:06.734738: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.734743: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:25:06.734745: | suspending state #3 and saving MD Sep 21 07:25:06.734748: | #3 is busy; has a suspended MD Sep 21 07:25:06.734752: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:06.734756: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:06.734759: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:06.734764: | #3 spent 0.0616 milliseconds in resume sending helper answer Sep 21 07:25:06.734769: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:06.734772: | libevent_free: release ptr-libevent@0x7f71f4006900 Sep 21 07:25:06.734792: | crypto helper 0 resuming Sep 21 07:25:06.734800: | crypto helper 0 starting work-order 4 for state #3 Sep 21 07:25:06.734804: | crypto helper 0 doing crypto (DHv2 for child sa); request ID 4 Sep 21 07:25:06.735713: | crypto helper 0 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.000909 seconds Sep 21 07:25:06.735723: | (#3) spent 0.917 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh) Sep 21 07:25:06.735726: | crypto helper 0 sending results from work-order 4 for state #3 to event queue Sep 21 07:25:06.735728: | scheduling resume sending helper answer for #3 Sep 21 07:25:06.735731: | libevent_malloc: new ptr-libevent@0x7f71e8001ef0 size 128 Sep 21 07:25:06.735738: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:06.735747: | processing resume sending helper answer for #3 Sep 21 07:25:06.735753: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:06.735756: | crypto helper 0 replies to request ID 4 Sep 21 07:25:06.735758: | calling continuation function 0x55f7d3b6d4f0 Sep 21 07:25:06.735761: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R Sep 21 07:25:06.735767: | **emit ISAKMP Message: Sep 21 07:25:06.735769: | initiator cookie: Sep 21 07:25:06.735771: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:06.735774: | responder cookie: Sep 21 07:25:06.735775: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.735778: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:06.735780: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:06.735787: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:06.735793: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:06.735798: | Message ID: 2 (0x2) Sep 21 07:25:06.735801: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:06.735805: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:06.735808: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.735810: | flags: none (0x0) Sep 21 07:25:06.735813: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:06.735816: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.735819: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:06.735842: | netlink_get_spi: allocated 0x509cb7a3 for esp.0@192.1.2.23 Sep 21 07:25:06.735845: | Emitting ikev2_proposal ... Sep 21 07:25:06.735847: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:06.735848: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.735849: | flags: none (0x0) Sep 21 07:25:06.735852: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:06.735854: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.735855: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:06.735857: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:06.735859: | prop #: 1 (0x1) Sep 21 07:25:06.735860: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:06.735862: | spi size: 4 (0x4) Sep 21 07:25:06.735863: | # transforms: 3 (0x3) Sep 21 07:25:06.735865: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:06.735867: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:06.735869: | our spi 50 9c b7 a3 Sep 21 07:25:06.735870: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.735872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.735873: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:06.735875: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:06.735877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.735879: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:06.735881: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:06.735882: | length/value: 256 (0x100) Sep 21 07:25:06.735884: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:06.735885: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.735887: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.735889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:06.735890: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.735892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.735894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.735896: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:06.735897: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:06.735899: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:06.735900: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:06.735902: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:06.735904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:06.735905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:06.735908: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:06.735910: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:06.735912: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:06.735913: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:25:06.735915: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:06.735916: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:06.735918: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.735919: | flags: none (0x0) Sep 21 07:25:06.735921: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:06.735923: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.735925: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:06.735926: | IKEv2 nonce 7b 3c 3f de b9 36 90 52 67 90 94 48 1e f0 ff ec Sep 21 07:25:06.735928: | IKEv2 nonce e2 5c 9a a3 e5 06 33 92 27 db 2f 5e 15 bf fa b5 Sep 21 07:25:06.735929: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:06.735931: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:06.735933: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.735934: | flags: none (0x0) Sep 21 07:25:06.735936: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:06.735937: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:06.735939: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.735941: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:06.735942: | ikev2 g^x 16 25 f2 a9 13 3d 68 6e ad 0c df df 6b 1d 54 fb Sep 21 07:25:06.735944: | ikev2 g^x 7e fa d1 86 e1 f1 72 fb 27 ff f3 ca 34 64 8e 89 Sep 21 07:25:06.735945: | ikev2 g^x 9f e4 f7 e4 59 cc 33 4e 0a 54 0a 76 5a dd 4a 78 Sep 21 07:25:06.735947: | ikev2 g^x 9f 84 5f 70 8a 78 80 d5 7f 6c aa 5e 1e 0f e6 98 Sep 21 07:25:06.735948: | ikev2 g^x ea 7e 3e bc 07 f5 67 5b de da 71 4c ca f5 80 a2 Sep 21 07:25:06.735949: | ikev2 g^x f4 bd f2 e6 ab d2 c8 6b f0 3d c7 f3 71 3b cb ec Sep 21 07:25:06.735951: | ikev2 g^x 49 80 40 3e e3 64 b3 29 d7 91 11 3b b1 be 03 fb Sep 21 07:25:06.735952: | ikev2 g^x d6 66 9f 4f c5 1b 28 37 ef 32 9e 5f d2 e1 54 b1 Sep 21 07:25:06.735954: | ikev2 g^x cc 63 52 84 b3 59 e9 34 64 b3 b4 5b 9b 11 10 4f Sep 21 07:25:06.735955: | ikev2 g^x eb c4 20 32 12 60 a7 3b 9e f5 69 62 bb ce 77 4a Sep 21 07:25:06.735956: | ikev2 g^x 55 e0 f5 dd 26 52 1f b2 6b 83 de 88 ce 7b 09 a7 Sep 21 07:25:06.735958: | ikev2 g^x 9e 2f f6 f1 3c ec 67 a4 56 ea 6f 0d 90 d3 fb bc Sep 21 07:25:06.735959: | ikev2 g^x 98 28 3f fb 6a 15 f7 3a 9d fd 88 ed 53 43 5f 7e Sep 21 07:25:06.735961: | ikev2 g^x 06 6f af 61 11 54 1e f5 52 6e c0 6f 3f 9c e4 9c Sep 21 07:25:06.735962: | ikev2 g^x db 9f 25 41 a5 de c3 d0 a9 fe 1d 52 a2 67 ab a9 Sep 21 07:25:06.735963: | ikev2 g^x e3 13 e5 db ff 43 e6 59 65 07 1d f9 ed cb c7 7b Sep 21 07:25:06.735965: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:06.735967: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:06.735968: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.735970: | flags: none (0x0) Sep 21 07:25:06.735971: | number of TS: 1 (0x1) Sep 21 07:25:06.735973: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:06.735975: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.735976: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:06.735979: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.735981: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.735982: | start port: 0 (0x0) Sep 21 07:25:06.735984: | end port: 65535 (0xffff) Sep 21 07:25:06.735986: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:06.735987: | IP start c0 00 03 00 Sep 21 07:25:06.735989: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:06.735990: | IP end c0 00 03 ff Sep 21 07:25:06.735991: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:06.735993: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:06.735995: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:06.735996: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:06.735997: | flags: none (0x0) Sep 21 07:25:06.735999: | number of TS: 1 (0x1) Sep 21 07:25:06.736001: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:06.736003: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:06.736004: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:06.736006: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:06.736007: | IP Protocol ID: 0 (0x0) Sep 21 07:25:06.736008: | start port: 0 (0x0) Sep 21 07:25:06.736010: | end port: 65535 (0xffff) Sep 21 07:25:06.736012: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:06.736013: | IP start c0 00 16 00 Sep 21 07:25:06.736014: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:06.736016: | IP end c0 00 16 ff Sep 21 07:25:06.736017: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:06.736019: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:06.736020: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:06.736023: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:06.736138: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:25:06.736142: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:25:06.736144: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:06.736147: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.736148: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:06.736150: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.736151: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:06.736155: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Sep 21 07:25:06.736158: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:06.736160: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:06.736162: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:06.736163: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:06.736166: | setting IPsec SA replay-window to 32 Sep 21 07:25:06.736168: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:25:06.736170: | netlink: enabling tunnel mode Sep 21 07:25:06.736172: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:06.736174: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:06.736245: | netlink response for Add SA esp.880428d1@192.1.3.33 included non-error error Sep 21 07:25:06.736249: | set up outgoing SA, ref=0/0 Sep 21 07:25:06.736252: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:06.736254: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:06.736260: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:06.736264: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:06.736272: | setting IPsec SA replay-window to 32 Sep 21 07:25:06.736276: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:25:06.736279: | netlink: enabling tunnel mode Sep 21 07:25:06.736282: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:06.736284: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:06.736341: | netlink response for Add SA esp.509cb7a3@192.1.2.23 included non-error error Sep 21 07:25:06.736347: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:06.736356: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:06.736360: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:06.736405: | raw_eroute result=success Sep 21 07:25:06.736409: | set up incoming SA, ref=0/0 Sep 21 07:25:06.736412: | sr for #3: unrouted Sep 21 07:25:06.736415: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:06.736418: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:06.736421: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.736424: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:06.736427: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:06.736430: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:06.736435: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Sep 21 07:25:06.736438: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x55f7d3fbd580} and state: #3 Sep 21 07:25:06.736442: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:06.736452: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:25:06.736458: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:06.736492: | raw_eroute result=success Sep 21 07:25:06.736497: | running updown command "ipsec _updown" for verb up Sep 21 07:25:06.736501: | command executing up-client Sep 21 07:25:06.736541: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.736551: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:25:06.736577: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:25:06.736582: | popen cmd is 1405 chars long Sep 21 07:25:06.736585: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:25:06.736590: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:25:06.736596: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:25:06.736599: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:25:06.736605: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:25:06.736609: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:25:06.736612: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:25:06.736615: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:25:06.736619: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:25:06.736622: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:25:06.736626: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:25:06.736629: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:25:06.736633: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_: Sep 21 07:25:06.736636: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Sep 21 07:25:06.736640: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Sep 21 07:25:06.736644: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Sep 21 07:25:06.736647: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8: Sep 21 07:25:06.736650: | cmd(1360):80428d1 SPI_OUT=0x509cb7a3 ipsec _updown 2>&1: Sep 21 07:25:06.805457: | route_and_eroute: firewall_notified: true Sep 21 07:25:06.805473: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55f7d3fc7250,sr=0x55f7d3fc7250} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:06.805568: | #1 spent 0.674 milliseconds in install_ipsec_sa() Sep 21 07:25:06.805578: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:25:06.805585: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:06.805589: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:06.805593: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:06.805596: | emitting length of IKEv2 Encryption Payload: 421 Sep 21 07:25:06.805598: | emitting length of ISAKMP Message: 449 Sep 21 07:25:06.805624: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:25:06.805634: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:06.805640: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Sep 21 07:25:06.805643: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Sep 21 07:25:06.805649: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:06.805655: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:25:06.805662: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Sep 21 07:25:06.805668: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:06.805672: | pstats #3 ikev2.child established Sep 21 07:25:06.805679: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:25:06.805684: | NAT-T: encaps is 'auto' Sep 21 07:25:06.805690: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x880428d1 <0x509cb7a3 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:25:06.805698: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:06.805705: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:06.805709: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:06.805712: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:25:06.805714: | ad fb d7 c1 18 ff 6e 0e e3 4d 2d 49 fa 8a 8c 19 Sep 21 07:25:06.805717: | 4a f6 32 39 98 77 1b 58 71 62 12 9d 7e 87 eb 64 Sep 21 07:25:06.805719: | 0e b8 26 36 3a 29 c5 b8 14 9e e5 22 a8 68 24 a3 Sep 21 07:25:06.805722: | 30 da 82 38 69 fd df d7 60 5f a7 b2 83 9a 83 02 Sep 21 07:25:06.805725: | ed 1c e3 5e e1 59 c9 eb 52 31 9a 29 dc 38 36 ad Sep 21 07:25:06.805728: | e9 a1 8c bb 99 41 8f 1f 32 65 85 e7 01 03 42 e2 Sep 21 07:25:06.805730: | fb 47 0c cb d0 f4 36 1a 4c 23 7e c0 3b d1 fb 35 Sep 21 07:25:06.805733: | 62 d9 ef 31 e5 12 6b 24 d5 05 be 9e 60 6f eb fc Sep 21 07:25:06.805735: | dd a7 78 ab 1b 5a 1e ca 51 c3 db ad 0d 27 c8 4c Sep 21 07:25:06.805738: | 18 99 b6 13 c3 62 65 23 b5 e7 f9 70 c9 ef b7 77 Sep 21 07:25:06.805741: | 0f de 21 09 cb dd bd d2 92 5b 80 6c 0f bb 3f 57 Sep 21 07:25:06.805743: | 67 a5 de b1 59 f0 eb b3 4d 9f 79 a3 a3 14 7d 78 Sep 21 07:25:06.805746: | 21 53 f5 0c e4 47 75 d1 24 cf 6e 2b 66 b1 06 7d Sep 21 07:25:06.805749: | 41 e2 03 1b d3 5d fd 15 5e 79 8e cb 0f dd d3 64 Sep 21 07:25:06.805752: | 23 d4 87 64 f1 63 d9 90 b8 af 61 fc da 17 8f c6 Sep 21 07:25:06.805755: | fc 40 17 77 20 a6 5c 76 f1 a0 b3 bb 78 1f 4c de Sep 21 07:25:06.805757: | b1 eb 7c f2 5e 65 27 99 fc 56 46 17 8a 73 3f 86 Sep 21 07:25:06.805760: | da 19 97 0c 41 07 51 4f c5 09 af 96 58 a1 c2 02 Sep 21 07:25:06.805763: | 05 21 c3 d3 16 40 2b c9 0c 63 59 33 5b b9 39 dc Sep 21 07:25:06.805765: | 76 f3 6b 40 ef 7d db ae 3a 79 6e fe b2 66 b5 f9 Sep 21 07:25:06.805768: | a9 d8 cb 93 62 53 6b 9d 5a 6d 16 2e b4 af 09 b0 Sep 21 07:25:06.805771: | 4c 68 d7 f8 fd 8d 48 c5 21 fb 5f 47 2c 2d 52 1e Sep 21 07:25:06.805773: | 14 ba c9 80 74 5a a0 d2 76 1a 03 72 9e 71 95 a6 Sep 21 07:25:06.805776: | 1c 26 cd 4d 8d 6c d0 69 d5 92 88 96 1f 70 8a 91 Sep 21 07:25:06.805779: | 41 62 a4 33 73 c9 ac bd b7 1e 3d 19 00 6c 5c 1a Sep 21 07:25:06.805782: | 83 d2 b8 73 e3 fa 8b 4d 22 13 46 c1 0e 11 d8 75 Sep 21 07:25:06.805792: | 17 Sep 21 07:25:06.805853: | releasing whack for #3 (sock=fd@-1) Sep 21 07:25:06.805858: | releasing whack and unpending for parent #1 Sep 21 07:25:06.805861: | unpending state #1 connection "northnet-eastnets/0x2" Sep 21 07:25:06.805867: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:06.805870: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:06.805877: | libevent_free: release ptr-libevent@0x7f71f0006b90 Sep 21 07:25:06.805880: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f71f8002b20 Sep 21 07:25:06.805883: | event_schedule: new EVENT_SA_REKEY-pe@0x7f71f8002b20 Sep 21 07:25:06.805887: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Sep 21 07:25:06.805891: | libevent_malloc: new ptr-libevent@0x7f71f0006b90 size 128 Sep 21 07:25:06.805899: | #3 spent 1.35 milliseconds in resume sending helper answer Sep 21 07:25:06.805906: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:06.805910: | libevent_free: release ptr-libevent@0x7f71e8001ef0 Sep 21 07:25:06.805922: | processing signal PLUTO_SIGCHLD Sep 21 07:25:06.805927: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:06.805932: | spent 0.00514 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:09.702838: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:09.703038: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:09.703047: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:09.703224: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:09.703228: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:09.703238: | get_sa_info esp.9460eb3c@192.1.2.23 Sep 21 07:25:09.703255: | get_sa_info esp.9f9004e2@192.1.3.33 Sep 21 07:25:09.703275: | get_sa_info esp.509cb7a3@192.1.2.23 Sep 21 07:25:09.703283: | get_sa_info esp.880428d1@192.1.3.33 Sep 21 07:25:09.703303: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:09.703310: | spent 0.482 milliseconds in whack Sep 21 07:25:10.940553: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:10.940575: shutting down Sep 21 07:25:10.940585: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:10.940588: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:10.940594: destroying root certificate cache Sep 21 07:25:10.940606: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:10.940608: forgetting secrets Sep 21 07:25:10.940613: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:10.940625: | unreference key: 0x55f7d3fc8da0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:10.940630: | unreference key: 0x55f7d3fc8c20 user-east@testing.libreswan.org cnt 1-- Sep 21 07:25:10.940634: | unreference key: 0x55f7d3fc86b0 @east.testing.libreswan.org cnt 1-- Sep 21 07:25:10.940637: | unreference key: 0x55f7d3fc8290 east@testing.libreswan.org cnt 1-- Sep 21 07:25:10.940642: | unreference key: 0x55f7d3fc6ec0 192.1.2.23 cnt 1-- Sep 21 07:25:10.940651: | unreference key: 0x55f7d3fc2f10 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:10.940656: | unreference key: 0x55f7d3fc2bc0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:10.940660: | unreference key: 0x55f7d3fbec90 @north.testing.libreswan.org cnt 1-- Sep 21 07:25:10.940665: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:25:10.940668: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:10.940670: | pass 0 Sep 21 07:25:10.940673: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:10.940675: | state #3 Sep 21 07:25:10.940679: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:10.940684: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:10.940687: | pstats #3 ikev2.child deleted completed Sep 21 07:25:10.940692: | #3 spent 4.19 milliseconds in total Sep 21 07:25:10.940696: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:25:10.940701: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 4.208s and sending notification Sep 21 07:25:10.940704: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:10.940709: | get_sa_info esp.880428d1@192.1.3.33 Sep 21 07:25:10.940723: | get_sa_info esp.509cb7a3@192.1.2.23 Sep 21 07:25:10.940731: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=0B Sep 21 07:25:10.940735: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:25:10.940738: | Opening output PBS informational exchange delete request Sep 21 07:25:10.940741: | **emit ISAKMP Message: Sep 21 07:25:10.940743: | initiator cookie: Sep 21 07:25:10.940746: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:10.940748: | responder cookie: Sep 21 07:25:10.940750: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:10.940753: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:10.940756: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:10.940762: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:10.940764: | flags: none (0x0) Sep 21 07:25:10.940767: | Message ID: 0 (0x0) Sep 21 07:25:10.940770: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:10.940773: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:10.940776: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:10.940778: | flags: none (0x0) Sep 21 07:25:10.940782: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:10.940790: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:10.940794: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:10.940801: | ****emit IKEv2 Delete Payload: Sep 21 07:25:10.940804: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:10.940806: | flags: none (0x0) Sep 21 07:25:10.940809: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:10.940811: | SPI size: 4 (0x4) Sep 21 07:25:10.940813: | number of SPIs: 1 (0x1) Sep 21 07:25:10.940816: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:10.940819: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:10.940822: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:25:10.940825: | local spis 50 9c b7 a3 Sep 21 07:25:10.940827: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:10.940830: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:10.940833: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:10.940836: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:10.940838: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:10.940840: | emitting length of ISAKMP Message: 69 Sep 21 07:25:10.940864: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:25:10.940867: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:10.940870: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:10.940872: | 66 05 3b 74 34 90 a9 4e eb 69 42 39 b5 52 86 8b Sep 21 07:25:10.940874: | 67 e3 76 b6 db 2e f3 fe 28 c9 72 de cd 9a 08 10 Sep 21 07:25:10.940876: | 40 c9 62 ec 32 Sep 21 07:25:10.940931: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:25:10.940935: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Sep 21 07:25:10.940941: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:10.940944: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:10.940948: | libevent_free: release ptr-libevent@0x7f71f0006b90 Sep 21 07:25:10.940951: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f71f8002b20 Sep 21 07:25:10.941023: | running updown command "ipsec _updown" for verb down Sep 21 07:25:10.941028: | command executing down-client Sep 21 07:25:10.941067: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050706' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Sep 21 07:25:10.941073: | popen cmd is 1298 chars long Sep 21 07:25:10.941076: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:25:10.941078: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:25:10.941081: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:25:10.941083: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:25:10.941086: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:25:10.941088: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:25:10.941091: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:25:10.941093: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Sep 21 07:25:10.941096: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Sep 21 07:25:10.941099: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:25:10.941101: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050706' PLUTO_CONN: Sep 21 07:25:10.941103: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Sep 21 07:25:10.941106: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Sep 21 07:25:10.941109: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Sep 21 07:25:10.941111: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Sep 21 07:25:10.941114: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x880428d1 SPI_OUT=0x509cb7a3 : Sep 21 07:25:10.941116: | cmd(1280):ipsec _updown 2>&1: Sep 21 07:25:10.961997: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:25:10.962013: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:25:10.962017: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:10.962021: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:10.962070: | delete esp.880428d1@192.1.3.33 Sep 21 07:25:10.962099: | netlink response for Del SA esp.880428d1@192.1.3.33 included non-error error Sep 21 07:25:10.962103: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:10.962110: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:10.962153: | raw_eroute result=success Sep 21 07:25:10.962157: | delete esp.509cb7a3@192.1.2.23 Sep 21 07:25:10.962179: | netlink response for Del SA esp.509cb7a3@192.1.2.23 included non-error error Sep 21 07:25:10.962187: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:10.962191: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:10.962193: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:10.962196: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Sep 21 07:25:10.962200: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:25:10.962219: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:25:10.962232: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:10.962235: | state #2 Sep 21 07:25:10.962240: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:10.962243: | pstats #2 ikev2.child deleted completed Sep 21 07:25:10.962248: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:25:10.962252: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_R) aged 4.666s and sending notification Sep 21 07:25:10.962255: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:10.962259: | get_sa_info esp.9f9004e2@192.1.3.33 Sep 21 07:25:10.962269: | get_sa_info esp.9460eb3c@192.1.2.23 Sep 21 07:25:10.962277: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:25:10.962281: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:25:10.962284: | Opening output PBS informational exchange delete request Sep 21 07:25:10.962287: | **emit ISAKMP Message: Sep 21 07:25:10.962290: | initiator cookie: Sep 21 07:25:10.962292: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:10.962295: | responder cookie: Sep 21 07:25:10.962296: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:10.962299: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:10.962301: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:10.962304: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:10.962307: | flags: none (0x0) Sep 21 07:25:10.962309: | Message ID: 1 (0x1) Sep 21 07:25:10.962312: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:10.962315: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:10.962318: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:10.962320: | flags: none (0x0) Sep 21 07:25:10.962323: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:10.962326: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:10.962329: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:10.962336: | ****emit IKEv2 Delete Payload: Sep 21 07:25:10.962338: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:10.962341: | flags: none (0x0) Sep 21 07:25:10.962343: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:10.962345: | SPI size: 4 (0x4) Sep 21 07:25:10.962347: | number of SPIs: 1 (0x1) Sep 21 07:25:10.962350: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:10.962353: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:10.962356: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:25:10.962359: | local spis 94 60 eb 3c Sep 21 07:25:10.962361: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:10.962364: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:10.962367: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:10.962370: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:10.962373: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:10.962375: | emitting length of ISAKMP Message: 69 Sep 21 07:25:10.962395: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:10.962397: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:10.962399: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:25:10.962400: | 11 42 fa 60 ce 1d 88 e8 7f 2b fc 45 7c a0 a0 f4 Sep 21 07:25:10.962402: | f4 45 5c ac 8a 99 54 43 0d 4e 16 af 87 59 4d 4a Sep 21 07:25:10.962405: | 6b 8a bf 8d b6 Sep 21 07:25:10.962453: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:25:10.962457: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:25:10.962461: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Sep 21 07:25:10.962466: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Sep 21 07:25:10.962468: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:10.962473: | libevent_free: release ptr-libevent@0x55f7d3fd5280 Sep 21 07:25:10.962475: | free_event_entry: release EVENT_SA_REKEY-pe@0x55f7d3fcb1d0 Sep 21 07:25:10.962546: | running updown command "ipsec _updown" for verb down Sep 21 07:25:10.962550: | command executing down-client Sep 21 07:25:10.962592: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050706' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Sep 21 07:25:10.962596: | popen cmd is 1296 chars long Sep 21 07:25:10.962598: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:25:10.962601: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:25:10.962603: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:25:10.962605: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:25:10.962607: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:25:10.962610: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:25:10.962612: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:25:10.962615: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:25:10.962617: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:25:10.962620: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:25:10.962622: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050706' PLUTO_CONN_P: Sep 21 07:25:10.962625: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:25:10.962627: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:25:10.962630: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:25:10.962632: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:25:10.962635: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f9004e2 SPI_OUT=0x9460eb3c ip: Sep 21 07:25:10.962639: | cmd(1280):sec _updown 2>&1: Sep 21 07:25:10.971349: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:25:10.971364: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:25:10.971368: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:10.971372: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:10.971419: | delete esp.9f9004e2@192.1.3.33 Sep 21 07:25:10.971450: | netlink response for Del SA esp.9f9004e2@192.1.3.33 included non-error error Sep 21 07:25:10.971454: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:10.971461: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:10.971501: | raw_eroute result=success Sep 21 07:25:10.971505: | delete esp.9460eb3c@192.1.2.23 Sep 21 07:25:10.971526: | netlink response for Del SA esp.9460eb3c@192.1.2.23 included non-error error Sep 21 07:25:10.971531: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:25:10.971534: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Sep 21 07:25:10.971539: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:25:10.971545: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:25:10.971550: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:10.971553: | state #1 Sep 21 07:25:10.971555: | pass 1 Sep 21 07:25:10.971557: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:10.971559: | state #1 Sep 21 07:25:10.971564: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:10.971568: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:10.971573: | #1 spent 27.4 milliseconds in total Sep 21 07:25:10.971578: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:25:10.971582: "northnet-eastnets/0x2" #1: deleting state (STATE_PARENT_R2) aged 4.722s and sending notification Sep 21 07:25:10.971584: | parent state #1: PARENT_R2(established IKE SA) => delete Sep 21 07:25:10.971640: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:25:10.971644: | Opening output PBS informational exchange delete request Sep 21 07:25:10.971647: | **emit ISAKMP Message: Sep 21 07:25:10.971650: | initiator cookie: Sep 21 07:25:10.971652: | 62 7f 63 f5 15 4b b5 62 Sep 21 07:25:10.971654: | responder cookie: Sep 21 07:25:10.971656: | 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:10.971659: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:10.971662: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:10.971665: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:10.971667: | flags: none (0x0) Sep 21 07:25:10.971669: | Message ID: 2 (0x2) Sep 21 07:25:10.971672: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:10.971675: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:10.971678: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:10.971680: | flags: none (0x0) Sep 21 07:25:10.971683: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:10.971686: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:10.971689: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:10.971697: | ****emit IKEv2 Delete Payload: Sep 21 07:25:10.971700: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:10.971702: | flags: none (0x0) Sep 21 07:25:10.971705: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:10.971710: | SPI size: 0 (0x0) Sep 21 07:25:10.971712: | number of SPIs: 0 (0x0) Sep 21 07:25:10.971715: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:10.971718: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:10.971721: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:25:10.971723: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:10.971727: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:10.971729: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:10.971732: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:25:10.971734: | emitting length of ISAKMP Message: 65 Sep 21 07:25:10.971752: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:10.971755: | 62 7f 63 f5 15 4b b5 62 7b aa 54 4e 4f fb a3 a6 Sep 21 07:25:10.971757: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:25:10.971760: | 56 b4 c6 70 09 3b 31 44 46 37 fd f7 90 93 04 e7 Sep 21 07:25:10.971762: | 51 e8 89 37 4c 8a 45 b6 bc a0 fc a0 4f 85 47 ac Sep 21 07:25:10.971764: | a7 Sep 21 07:25:10.971818: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Sep 21 07:25:10.971824: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:25:10.971829: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Sep 21 07:25:10.971833: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Sep 21 07:25:10.971836: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:10.971841: | libevent_free: release ptr-libevent@0x55f7d3fbf020 Sep 21 07:25:10.971844: | free_event_entry: release EVENT_SA_REKEY-pe@0x55f7d3fd5180 Sep 21 07:25:10.971847: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:10.971850: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:25:10.971852: | State DB: deleting IKEv2 state #1 in PARENT_R2 Sep 21 07:25:10.971855: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:10.971867: | unreference key: 0x55f7d3fd51c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Sep 21 07:25:10.971880: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:25:10.971890: | unreference key: 0x55f7d3fd51c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:10.971896: | unreference key: 0x55f7d3f99af0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:25:10.971901: | unreference key: 0x55f7d3fd5eb0 @north.testing.libreswan.org cnt 1-- Sep 21 07:25:10.971914: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:10.971920: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:25:10.971925: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:25:10.971928: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:10.971955: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:10.971964: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:10.971967: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:10.971970: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:10.971975: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:10.971977: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:10.971981: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Sep 21 07:25:10.971985: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Sep 21 07:25:10.971988: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:10.971996: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:25:10.971999: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:10.972001: | pass 0 Sep 21 07:25:10.972003: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:10.972005: | pass 1 Sep 21 07:25:10.972007: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:10.972012: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:25:10.972017: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:25:10.972020: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:10.972042: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:10.972050: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:10.972053: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:10.972055: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:10.972058: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:25:10.972061: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:10.972064: | command executing unroute-client Sep 21 07:25:10.972103: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Sep 21 07:25:10.972106: | popen cmd is 1277 chars long Sep 21 07:25:10.972109: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:10.972111: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Sep 21 07:25:10.972114: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:25:10.972116: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:25:10.972119: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:25:10.972121: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:25:10.972124: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Sep 21 07:25:10.972126: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Sep 21 07:25:10.972129: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Sep 21 07:25:10.972133: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:25:10.972135: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Sep 21 07:25:10.972138: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:25:10.972140: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:25:10.972143: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:25:10.972145: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:25:10.972148: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:10.983201: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983216: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983218: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983226: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983293: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983299: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983301: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983304: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983316: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983325: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983385: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983388: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983390: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983401: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983413: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983425: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983439: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983451: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983470: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983480: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983486: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983500: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983513: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983523: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983535: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983546: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983560: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983573: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983584: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983596: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983608: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983620: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983632: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983645: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983657: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983668: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983681: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983692: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983704: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983716: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983727: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983742: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983754: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983766: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983778: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983939: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983952: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983964: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983976: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.983988: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984000: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984012: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984025: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984036: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984049: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984060: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984076: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984087: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984099: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984112: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984123: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984137: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984149: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984160: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984172: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984185: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984197: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984208: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984221: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984232: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984245: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984259: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984271: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984282: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984295: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984306: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984318: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984330: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984342: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984354: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984365: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984379: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984391: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984403: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984415: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984426: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984441: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984452: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984465: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984477: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984488: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984502: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984513: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984526: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984537: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984548: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984562: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984573: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984586: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984597: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984609: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984624: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984636: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984646: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984657: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984669: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984683: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984694: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984706: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984719: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984730: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984743: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984755: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984766: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984778: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984805: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984820: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984831: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984843: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984854: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984867: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984879: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984893: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984904: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:10.984916: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:11.006742: | free hp@0x55f7d3fc33d0 Sep 21 07:25:11.006756: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Sep 21 07:25:11.006762: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:25:11.006791: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:11.006796: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:11.006808: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:11.006812: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:11.006816: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:11.006819: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:25:11.006822: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:11.006825: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:25:11.006829: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:11.006838: | libevent_free: release ptr-libevent@0x55f7d3fbc790 Sep 21 07:25:11.006841: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fa5c00 Sep 21 07:25:11.006854: | libevent_free: release ptr-libevent@0x55f7d3fbc880 Sep 21 07:25:11.006857: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbc840 Sep 21 07:25:11.006864: | libevent_free: release ptr-libevent@0x55f7d3fbc970 Sep 21 07:25:11.006867: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbc930 Sep 21 07:25:11.006874: | libevent_free: release ptr-libevent@0x55f7d3fbca60 Sep 21 07:25:11.006876: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbca20 Sep 21 07:25:11.006887: | libevent_free: release ptr-libevent@0x55f7d3fbcb50 Sep 21 07:25:11.006890: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbcb10 Sep 21 07:25:11.006897: | libevent_free: release ptr-libevent@0x55f7d3fbcc40 Sep 21 07:25:11.006901: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fbcc00 Sep 21 07:25:11.006907: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:11.007307: | libevent_free: release ptr-libevent@0x55f7d3fbbf70 Sep 21 07:25:11.007315: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fa4b00 Sep 21 07:25:11.007319: | libevent_free: release ptr-libevent@0x55f7d3fb19f0 Sep 21 07:25:11.007322: | free_event_entry: release EVENT_NULL-pe@0x55f7d3fa4d40 Sep 21 07:25:11.007325: | libevent_free: release ptr-libevent@0x55f7d3fb1960 Sep 21 07:25:11.007328: | free_event_entry: release EVENT_NULL-pe@0x55f7d3faa890 Sep 21 07:25:11.007331: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:11.007334: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:11.007336: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:11.007338: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:11.007341: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:11.007343: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:11.007346: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:11.007348: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:11.007350: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:11.007355: | libevent_free: release ptr-libevent@0x55f7d3fbc150 Sep 21 07:25:11.007357: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:11.007360: | libevent_free: release ptr-libevent@0x55f7d3fbc230 Sep 21 07:25:11.007363: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:11.007366: | libevent_free: release ptr-libevent@0x55f7d3fbc2f0 Sep 21 07:25:11.007368: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:11.007371: | libevent_free: release ptr-libevent@0x55f7d3fb0c60 Sep 21 07:25:11.007373: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:11.007375: | releasing event base Sep 21 07:25:11.007388: | libevent_free: release ptr-libevent@0x55f7d3fbc3b0 Sep 21 07:25:11.007391: | libevent_free: release ptr-libevent@0x55f7d3f59480 Sep 21 07:25:11.007394: | libevent_free: release ptr-libevent@0x55f7d3f9fef0 Sep 21 07:25:11.007397: | libevent_free: release ptr-libevent@0x55f7d3fd22c0 Sep 21 07:25:11.007400: | libevent_free: release ptr-libevent@0x55f7d3f9ff10 Sep 21 07:25:11.007402: | libevent_free: release ptr-libevent@0x55f7d3fbc000 Sep 21 07:25:11.007405: | libevent_free: release ptr-libevent@0x55f7d3fbc1f0 Sep 21 07:25:11.007407: | libevent_free: release ptr-libevent@0x55f7d3fa00b0 Sep 21 07:25:11.007409: | libevent_free: release ptr-libevent@0x55f7d3faa7f0 Sep 21 07:25:11.007411: | libevent_free: release ptr-libevent@0x55f7d3faa7d0 Sep 21 07:25:11.007414: | libevent_free: release ptr-libevent@0x55f7d3fbccd0 Sep 21 07:25:11.007416: | libevent_free: release ptr-libevent@0x55f7d3fbcbe0 Sep 21 07:25:11.007418: | libevent_free: release ptr-libevent@0x55f7d3fbcaf0 Sep 21 07:25:11.007421: | libevent_free: release ptr-libevent@0x55f7d3fbca00 Sep 21 07:25:11.007423: | libevent_free: release ptr-libevent@0x55f7d3fbc910 Sep 21 07:25:11.007426: | libevent_free: release ptr-libevent@0x55f7d3fbc820 Sep 21 07:25:11.007428: | libevent_free: release ptr-libevent@0x55f7d3f9ffa0 Sep 21 07:25:11.007430: | libevent_free: release ptr-libevent@0x55f7d3fbc2d0 Sep 21 07:25:11.007433: | libevent_free: release ptr-libevent@0x55f7d3fbc210 Sep 21 07:25:11.007435: | libevent_free: release ptr-libevent@0x55f7d3fbc130 Sep 21 07:25:11.007437: | libevent_free: release ptr-libevent@0x55f7d3fbc390 Sep 21 07:25:11.007440: | libevent_free: release ptr-libevent@0x55f7d3fbc020 Sep 21 07:25:11.007443: | libevent_free: release ptr-libevent@0x55f7d3f9ff30 Sep 21 07:25:11.007445: | libevent_free: release ptr-libevent@0x55f7d3f9ff60 Sep 21 07:25:11.007447: | libevent_free: release ptr-libevent@0x55f7d3f9fc50 Sep 21 07:25:11.007452: | releasing global libevent data Sep 21 07:25:11.007455: | libevent_free: release ptr-libevent@0x55f7d3f9e440 Sep 21 07:25:11.007458: | libevent_free: release ptr-libevent@0x55f7d3f9e470 Sep 21 07:25:11.007460: | libevent_free: release ptr-libevent@0x55f7d3f9fc20