Sep 21 07:25:05.427954: FIPS Product: YES Sep 21 07:25:05.427996: FIPS Kernel: NO Sep 21 07:25:05.427999: FIPS Mode: NO Sep 21 07:25:05.428002: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:05.428183: Initializing NSS Sep 21 07:25:05.428189: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:05.472369: NSS initialized Sep 21 07:25:05.472393: NSS crypto library initialized Sep 21 07:25:05.472396: FIPS HMAC integrity support [enabled] Sep 21 07:25:05.472398: FIPS mode disabled for pluto daemon Sep 21 07:25:05.548690: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:05.548798: libcap-ng support [enabled] Sep 21 07:25:05.548809: Linux audit support [enabled] Sep 21 07:25:05.548841: Linux audit activated Sep 21 07:25:05.548852: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:20239 Sep 21 07:25:05.548854: core dump dir: /tmp Sep 21 07:25:05.548857: secrets file: /etc/ipsec.secrets Sep 21 07:25:05.548859: leak-detective disabled Sep 21 07:25:05.548860: NSS crypto [enabled] Sep 21 07:25:05.548862: XAUTH PAM support [enabled] Sep 21 07:25:05.548938: | libevent is using pluto's memory allocator Sep 21 07:25:05.548947: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:05.548959: | libevent_malloc: new ptr-libevent@0x55654b846680 size 40 Sep 21 07:25:05.548962: | libevent_malloc: new ptr-libevent@0x55654b8466b0 size 40 Sep 21 07:25:05.548965: | libevent_malloc: new ptr-libevent@0x55654b847e10 size 40 Sep 21 07:25:05.548967: | creating event base Sep 21 07:25:05.548970: | libevent_malloc: new ptr-libevent@0x55654b847dd0 size 56 Sep 21 07:25:05.548974: | libevent_malloc: new ptr-libevent@0x55654b847e40 size 664 Sep 21 07:25:05.548985: | libevent_malloc: new ptr-libevent@0x55654b8480e0 size 24 Sep 21 07:25:05.548989: | libevent_malloc: new ptr-libevent@0x55654b801670 size 384 Sep 21 07:25:05.548998: | libevent_malloc: new ptr-libevent@0x55654b848100 size 16 Sep 21 07:25:05.549001: | libevent_malloc: new ptr-libevent@0x55654b848120 size 40 Sep 21 07:25:05.549003: | libevent_malloc: new ptr-libevent@0x55654b848150 size 48 Sep 21 07:25:05.549009: | libevent_realloc: new ptr-libevent@0x55654b848190 size 256 Sep 21 07:25:05.549011: | libevent_malloc: new ptr-libevent@0x55654b8482a0 size 16 Sep 21 07:25:05.549016: | libevent_free: release ptr-libevent@0x55654b847dd0 Sep 21 07:25:05.549020: | libevent initialized Sep 21 07:25:05.549024: | libevent_realloc: new ptr-libevent@0x55654b8482c0 size 64 Sep 21 07:25:05.549030: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:05.549047: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:05.549049: NAT-Traversal support [enabled] Sep 21 07:25:05.549052: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:05.549057: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:05.549061: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:05.549097: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:05.549100: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:05.549103: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:05.549149: Encryption algorithms: Sep 21 07:25:05.549156: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:05.549159: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:05.549163: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:05.549165: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:05.549168: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:05.549178: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:05.549182: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:05.549185: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:05.549189: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:05.549192: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:05.549195: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:05.549198: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:05.549201: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:05.549204: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:05.549207: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:05.549210: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:05.549213: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:05.549219: Hash algorithms: Sep 21 07:25:05.549222: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:05.549225: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:05.549233: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:05.549237: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:05.549240: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:05.549257: PRF algorithms: Sep 21 07:25:05.549261: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:05.549264: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:05.549268: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:05.549272: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:05.549276: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:05.549279: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:05.549315: Integrity algorithms: Sep 21 07:25:05.549319: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:05.549323: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:05.549328: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:05.549333: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:05.549338: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:05.549341: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:05.549345: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:05.549349: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:05.549352: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:05.549368: DH algorithms: Sep 21 07:25:05.549373: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:05.549376: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:05.549380: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:05.549386: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:05.549390: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:05.549393: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:05.549396: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:05.549400: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:05.549403: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:05.549406: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:05.549410: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:05.549415: testing CAMELLIA_CBC: Sep 21 07:25:05.549419: Camellia: 16 bytes with 128-bit key Sep 21 07:25:05.549563: Camellia: 16 bytes with 128-bit key Sep 21 07:25:05.549594: Camellia: 16 bytes with 256-bit key Sep 21 07:25:05.549621: Camellia: 16 bytes with 256-bit key Sep 21 07:25:05.549646: testing AES_GCM_16: Sep 21 07:25:05.549649: empty string Sep 21 07:25:05.549674: one block Sep 21 07:25:05.549698: two blocks Sep 21 07:25:05.549725: two blocks with associated data Sep 21 07:25:05.549753: testing AES_CTR: Sep 21 07:25:05.549757: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:05.549791: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:05.549823: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:05.549853: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:05.549881: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:05.549908: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:05.549936: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:05.549963: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:05.549991: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:05.550020: testing AES_CBC: Sep 21 07:25:05.550023: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:05.550053: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:05.550082: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:05.550111: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:05.550146: testing AES_XCBC: Sep 21 07:25:05.550149: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:05.550273: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:05.550408: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:05.550538: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:05.550668: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:05.550803: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:05.550947: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:05.551258: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:05.551403: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:05.551553: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:05.551803: testing HMAC_MD5: Sep 21 07:25:05.551809: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:05.551988: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:05.552139: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:05.552309: 8 CPU cores online Sep 21 07:25:05.552314: starting up 7 crypto helpers Sep 21 07:25:05.552350: started thread for crypto helper 0 Sep 21 07:25:05.552380: started thread for crypto helper 1 Sep 21 07:25:05.552400: started thread for crypto helper 2 Sep 21 07:25:05.552421: started thread for crypto helper 3 Sep 21 07:25:05.552441: started thread for crypto helper 4 Sep 21 07:25:05.552459: started thread for crypto helper 5 Sep 21 07:25:05.552484: started thread for crypto helper 6 Sep 21 07:25:05.552493: | checking IKEv1 state table Sep 21 07:25:05.552500: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552502: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:05.552505: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552507: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:05.552510: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:05.552511: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:05.552513: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:05.552515: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:05.552518: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:05.552520: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:05.552522: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:05.552523: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:05.552526: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:05.552528: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:05.552530: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:05.552532: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:05.552534: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:05.552536: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:05.552538: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:05.552540: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:05.552542: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:05.552544: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552546: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:05.552549: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552551: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552553: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:05.552556: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552558: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:05.552560: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:05.552563: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:05.552565: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:05.552567: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:05.552570: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:05.552572: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552575: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:05.552577: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552579: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:05.552582: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:05.552584: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:05.552587: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:05.552589: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:05.552592: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:05.552594: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:05.552597: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552599: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:05.552602: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552604: | INFO: category: informational flags: 0: Sep 21 07:25:05.552607: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552609: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:05.552612: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552614: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:05.552617: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:05.552619: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:05.552621: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:05.552624: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:05.552626: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:05.552629: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:05.552632: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:05.552634: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:05.552637: | -> UNDEFINED EVENT_NULL Sep 21 07:25:05.552639: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:05.552644: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:05.552647: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:05.552650: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:05.552652: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:05.552654: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:05.552661: | checking IKEv2 state table Sep 21 07:25:05.552667: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:05.552670: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:05.552673: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552675: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:05.552678: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:05.552681: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:05.552683: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:05.552686: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:05.552688: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:05.552690: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:05.552693: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:05.552695: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:05.552698: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:05.552700: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:05.552702: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:05.552705: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:05.552707: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552710: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:05.552713: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:05.552715: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:05.552718: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:05.552721: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:05.552724: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:05.552726: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:05.552729: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:05.552731: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:05.552734: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:05.552736: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:05.552739: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:05.552742: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:05.552744: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:05.552747: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:05.552750: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:05.552752: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:05.552755: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:05.552758: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:05.552761: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:05.552764: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:05.552767: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:05.552774: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:05.552777: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:05.552780: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:05.552788: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:05.552798: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:05.552804: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:05.552808: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:05.552810: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:05.552877: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:05.552941: | Hard-wiring algorithms Sep 21 07:25:05.552945: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:05.552950: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:05.552952: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:05.552954: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:05.552957: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:05.552959: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:05.552961: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:05.552963: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:05.552965: | adding AES_CTR to kernel algorithm db Sep 21 07:25:05.552967: | adding AES_CBC to kernel algorithm db Sep 21 07:25:05.552970: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:05.552972: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:05.552976: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:05.552981: | adding NULL to kernel algorithm db Sep 21 07:25:05.552986: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:05.552990: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:05.552992: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:05.552995: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:05.552999: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:05.553005: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:05.553011: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:05.553017: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:05.553023: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:05.553030: | adding NONE to kernel algorithm db Sep 21 07:25:05.553064: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:05.553076: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:05.553084: | setup kernel fd callback Sep 21 07:25:05.553089: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55654b852a80 Sep 21 07:25:05.553098: | libevent_malloc: new ptr-libevent@0x55654b859a50 size 128 Sep 21 07:25:05.553107: | libevent_malloc: new ptr-libevent@0x55654b8529e0 size 16 Sep 21 07:25:05.553120: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55654b84cf30 Sep 21 07:25:05.553125: | libevent_malloc: new ptr-libevent@0x55654b859ae0 size 128 Sep 21 07:25:05.553128: | libevent_malloc: new ptr-libevent@0x55654b8529c0 size 16 Sep 21 07:25:05.553340: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:05.553349: selinux support is enabled. Sep 21 07:25:05.553420: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:05.553622: | unbound context created - setting debug level to 5 Sep 21 07:25:05.553658: | /etc/hosts lookups activated Sep 21 07:25:05.553677: | /etc/resolv.conf usage activated Sep 21 07:25:05.553733: | outgoing-port-avoid set 0-65535 Sep 21 07:25:05.553761: | outgoing-port-permit set 32768-60999 Sep 21 07:25:05.553765: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:05.553768: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:05.553771: | Setting up events, loop start Sep 21 07:25:05.553774: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55654b84ccf0 Sep 21 07:25:05.553781: | libevent_malloc: new ptr-libevent@0x55654b864060 size 128 Sep 21 07:25:05.553789: | libevent_malloc: new ptr-libevent@0x55654b8640f0 size 16 Sep 21 07:25:05.553797: | libevent_realloc: new ptr-libevent@0x55654b864110 size 256 Sep 21 07:25:05.553800: | libevent_malloc: new ptr-libevent@0x55654b864220 size 8 Sep 21 07:25:05.553803: | libevent_realloc: new ptr-libevent@0x55654b858e50 size 144 Sep 21 07:25:05.553805: | libevent_malloc: new ptr-libevent@0x55654b864240 size 152 Sep 21 07:25:05.553809: | libevent_malloc: new ptr-libevent@0x55654b8642e0 size 16 Sep 21 07:25:05.553812: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:05.553815: | libevent_malloc: new ptr-libevent@0x55654b864300 size 8 Sep 21 07:25:05.553817: | libevent_malloc: new ptr-libevent@0x55654b864320 size 152 Sep 21 07:25:05.553819: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:05.553822: | libevent_malloc: new ptr-libevent@0x55654b8643c0 size 8 Sep 21 07:25:05.553824: | libevent_malloc: new ptr-libevent@0x55654b8643e0 size 152 Sep 21 07:25:05.553827: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:05.553829: | libevent_malloc: new ptr-libevent@0x55654b864480 size 8 Sep 21 07:25:05.553831: | libevent_realloc: release ptr-libevent@0x55654b858e50 Sep 21 07:25:05.553834: | libevent_realloc: new ptr-libevent@0x55654b8644a0 size 256 Sep 21 07:25:05.553836: | libevent_malloc: new ptr-libevent@0x55654b858e50 size 152 Sep 21 07:25:05.553838: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:05.554247: | created addconn helper (pid:20349) using fork+execve Sep 21 07:25:05.554263: | forked child 20349 Sep 21 07:25:05.554311: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:05.554333: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:05.554341: listening for IKE messages Sep 21 07:25:05.554470: | starting up helper thread 6 Sep 21 07:25:05.554483: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:05.554491: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:05.554504: | starting up helper thread 5 Sep 21 07:25:05.554510: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:05.554512: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:05.554523: | starting up helper thread 4 Sep 21 07:25:05.554528: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:05.554530: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:05.554539: | starting up helper thread 3 Sep 21 07:25:05.554543: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:05.554545: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:05.554554: | starting up helper thread 2 Sep 21 07:25:05.554559: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:05.554561: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:05.554572: | starting up helper thread 1 Sep 21 07:25:05.554577: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:05.554579: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:05.554589: | starting up helper thread 0 Sep 21 07:25:05.554592: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:05.554594: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:05.576868: | Inspecting interface lo Sep 21 07:25:05.576896: | found lo with address 127.0.0.1 Sep 21 07:25:05.576902: | Inspecting interface eth0 Sep 21 07:25:05.576907: | found eth0 with address 192.0.2.254 Sep 21 07:25:05.576911: | Inspecting interface eth1 Sep 21 07:25:05.576916: | found eth1 with address 192.1.2.23 Sep 21 07:25:05.576980: Kernel supports NIC esp-hw-offload Sep 21 07:25:05.576997: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:25:05.577077: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:05.577094: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:05.577101: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:05.577136: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:25:05.577161: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:05.577165: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:05.577169: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:05.577196: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:05.577220: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:05.577224: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:05.577228: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:05.577332: | no interfaces to sort Sep 21 07:25:05.577340: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:05.577354: | add_fd_read_event_handler: new ethX-pe@0x55654b84ddf0 Sep 21 07:25:05.577360: | libevent_malloc: new ptr-libevent@0x55654b864880 size 128 Sep 21 07:25:05.577366: | libevent_malloc: new ptr-libevent@0x55654b864910 size 16 Sep 21 07:25:05.577377: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:05.577381: | add_fd_read_event_handler: new ethX-pe@0x55654b864930 Sep 21 07:25:05.577385: | libevent_malloc: new ptr-libevent@0x55654b864970 size 128 Sep 21 07:25:05.577389: | libevent_malloc: new ptr-libevent@0x55654b864a00 size 16 Sep 21 07:25:05.577396: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:05.577400: | add_fd_read_event_handler: new ethX-pe@0x55654b864a20 Sep 21 07:25:05.577403: | libevent_malloc: new ptr-libevent@0x55654b864a60 size 128 Sep 21 07:25:05.577407: | libevent_malloc: new ptr-libevent@0x55654b864af0 size 16 Sep 21 07:25:05.577413: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:05.577417: | add_fd_read_event_handler: new ethX-pe@0x55654b864b10 Sep 21 07:25:05.577421: | libevent_malloc: new ptr-libevent@0x55654b864b50 size 128 Sep 21 07:25:05.577425: | libevent_malloc: new ptr-libevent@0x55654b864be0 size 16 Sep 21 07:25:05.577431: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:05.577435: | add_fd_read_event_handler: new ethX-pe@0x55654b864c00 Sep 21 07:25:05.577438: | libevent_malloc: new ptr-libevent@0x55654b864c40 size 128 Sep 21 07:25:05.577442: | libevent_malloc: new ptr-libevent@0x55654b864cd0 size 16 Sep 21 07:25:05.577448: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:05.577452: | add_fd_read_event_handler: new ethX-pe@0x55654b864cf0 Sep 21 07:25:05.577456: | libevent_malloc: new ptr-libevent@0x55654b864d30 size 128 Sep 21 07:25:05.577459: | libevent_malloc: new ptr-libevent@0x55654b864dc0 size 16 Sep 21 07:25:05.577466: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:05.577473: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:05.577476: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:05.577510: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:05.577539: | saving Modulus Sep 21 07:25:05.577546: | saving PublicExponent Sep 21 07:25:05.577551: | ignoring PrivateExponent Sep 21 07:25:05.577555: | ignoring Prime1 Sep 21 07:25:05.577559: | ignoring Prime2 Sep 21 07:25:05.577564: | ignoring Exponent1 Sep 21 07:25:05.577568: | ignoring Exponent2 Sep 21 07:25:05.577573: | ignoring Coefficient Sep 21 07:25:05.577577: | ignoring CKAIDNSS Sep 21 07:25:05.577631: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:05.577635: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:05.577639: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:05.577647: | certs and keys locked by 'process_secret' Sep 21 07:25:05.577649: | certs and keys unlocked by 'process_secret' Sep 21 07:25:05.577655: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:05.577666: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:05.577678: | spent 0.983 milliseconds in whack Sep 21 07:25:05.599483: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:05.599514: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:05.599522: listening for IKE messages Sep 21 07:25:05.599559: | Inspecting interface lo Sep 21 07:25:05.599566: | found lo with address 127.0.0.1 Sep 21 07:25:05.599569: | Inspecting interface eth0 Sep 21 07:25:05.599573: | found eth0 with address 192.0.2.254 Sep 21 07:25:05.599575: | Inspecting interface eth1 Sep 21 07:25:05.599579: | found eth1 with address 192.1.2.23 Sep 21 07:25:05.599663: | no interfaces to sort Sep 21 07:25:05.599672: | libevent_free: release ptr-libevent@0x55654b864880 Sep 21 07:25:05.599676: | free_event_entry: release EVENT_NULL-pe@0x55654b84ddf0 Sep 21 07:25:05.599679: | add_fd_read_event_handler: new ethX-pe@0x55654b84ddf0 Sep 21 07:25:05.599682: | libevent_malloc: new ptr-libevent@0x55654b864880 size 128 Sep 21 07:25:05.599691: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:05.599695: | libevent_free: release ptr-libevent@0x55654b864970 Sep 21 07:25:05.599697: | free_event_entry: release EVENT_NULL-pe@0x55654b864930 Sep 21 07:25:05.599700: | add_fd_read_event_handler: new ethX-pe@0x55654b864930 Sep 21 07:25:05.599702: | libevent_malloc: new ptr-libevent@0x55654b864970 size 128 Sep 21 07:25:05.599707: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:05.599711: | libevent_free: release ptr-libevent@0x55654b864a60 Sep 21 07:25:05.599713: | free_event_entry: release EVENT_NULL-pe@0x55654b864a20 Sep 21 07:25:05.599716: | add_fd_read_event_handler: new ethX-pe@0x55654b864a20 Sep 21 07:25:05.599718: | libevent_malloc: new ptr-libevent@0x55654b864a60 size 128 Sep 21 07:25:05.599723: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:05.599727: | libevent_free: release ptr-libevent@0x55654b864b50 Sep 21 07:25:05.599729: | free_event_entry: release EVENT_NULL-pe@0x55654b864b10 Sep 21 07:25:05.599732: | add_fd_read_event_handler: new ethX-pe@0x55654b864b10 Sep 21 07:25:05.599734: | libevent_malloc: new ptr-libevent@0x55654b864b50 size 128 Sep 21 07:25:05.599739: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:05.599742: | libevent_free: release ptr-libevent@0x55654b864c40 Sep 21 07:25:05.599745: | free_event_entry: release EVENT_NULL-pe@0x55654b864c00 Sep 21 07:25:05.599747: | add_fd_read_event_handler: new ethX-pe@0x55654b864c00 Sep 21 07:25:05.599749: | libevent_malloc: new ptr-libevent@0x55654b864c40 size 128 Sep 21 07:25:05.599755: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:05.599758: | libevent_free: release ptr-libevent@0x55654b864d30 Sep 21 07:25:05.599760: | free_event_entry: release EVENT_NULL-pe@0x55654b864cf0 Sep 21 07:25:05.599762: | add_fd_read_event_handler: new ethX-pe@0x55654b864cf0 Sep 21 07:25:05.599764: | libevent_malloc: new ptr-libevent@0x55654b864d30 size 128 Sep 21 07:25:05.599769: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:05.599773: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:05.599775: forgetting secrets Sep 21 07:25:05.599786: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:05.599805: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:05.599819: | saving Modulus Sep 21 07:25:05.599823: | saving PublicExponent Sep 21 07:25:05.599826: | ignoring PrivateExponent Sep 21 07:25:05.599829: | ignoring Prime1 Sep 21 07:25:05.599832: | ignoring Prime2 Sep 21 07:25:05.599835: | ignoring Exponent1 Sep 21 07:25:05.599837: | ignoring Exponent2 Sep 21 07:25:05.599840: | ignoring Coefficient Sep 21 07:25:05.599843: | ignoring CKAIDNSS Sep 21 07:25:05.599869: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:05.599872: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:05.599875: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:05.599879: | certs and keys locked by 'process_secret' Sep 21 07:25:05.599885: | certs and keys unlocked by 'process_secret' Sep 21 07:25:05.599890: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:05.599896: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:05.599902: | spent 0.418 milliseconds in whack Sep 21 07:25:05.600594: | processing signal PLUTO_SIGCHLD Sep 21 07:25:05.600605: | waitpid returned pid 20349 (exited with status 0) Sep 21 07:25:05.600609: | reaped addconn helper child (status 0) Sep 21 07:25:05.600613: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:05.600618: | spent 0.0159 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:05.700590: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:05.700617: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:05.700621: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:05.700623: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:05.700625: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:05.700629: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:05.700637: | Added new connection northnet-eastnet-ipv4 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:05.700641: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:05.700694: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:05.700698: | from whack: got --esp= Sep 21 07:25:05.700735: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:05.700740: | counting wild cards for @north is 0 Sep 21 07:25:05.700744: | counting wild cards for @east is 0 Sep 21 07:25:05.700754: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:25:05.700757: | new hp@0x55654b8465d0 Sep 21 07:25:05.700762: added connection description "northnet-eastnet-ipv4" Sep 21 07:25:05.700770: | ike_life: 50s; ipsec_life: 180s; rekey_margin: 5s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:05.700781: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Sep 21 07:25:05.700795: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:05.700804: | spent 0.21 milliseconds in whack Sep 21 07:25:05.700859: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:05.700873: add keyid @north Sep 21 07:25:05.700876: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:05.700879: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:05.700881: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:05.700883: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:05.700886: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:05.700888: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:05.700890: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:05.700892: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:05.700894: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:05.700897: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:05.700899: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:05.700901: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:05.700908: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:05.700910: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:05.700913: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:05.700915: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:05.700917: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:05.700919: | add pubkey c7 5e a5 99 Sep 21 07:25:05.700936: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:05.700939: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:05.700945: | keyid: *AQPl33O2P Sep 21 07:25:05.700948: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:05.700950: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:05.700952: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:05.700954: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:05.700957: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:05.700959: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:05.700961: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:05.700963: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:05.700965: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:05.700967: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:05.700970: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:05.700972: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:05.700974: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:05.700976: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:05.700978: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:05.700981: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:05.700983: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:05.700985: | n a5 99 Sep 21 07:25:05.700987: | e 03 Sep 21 07:25:05.700989: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:05.700991: | CKAID 88 aa 7c 5d Sep 21 07:25:05.700997: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:05.701001: | spent 0.141 milliseconds in whack Sep 21 07:25:05.701098: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:05.701112: add keyid @east Sep 21 07:25:05.701116: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:05.701118: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:05.701120: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:05.701122: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:05.701124: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:05.701126: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:05.701128: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:05.701130: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:05.701132: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:05.701134: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:05.701137: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:05.701139: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:05.701141: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:05.701143: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:05.701146: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:05.701148: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:05.701154: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:05.701156: | add pubkey 51 51 48 ef Sep 21 07:25:05.701167: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:05.701169: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:05.701173: | keyid: *AQO9bJbr3 Sep 21 07:25:05.701175: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:05.701177: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:05.701179: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:05.701181: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:05.701183: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:05.701185: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:05.701187: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:05.701192: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:05.701196: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:05.701198: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:05.701201: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:05.701204: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:05.701207: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:05.701210: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:05.701212: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:05.701215: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:05.701217: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:05.701220: | n 48 ef Sep 21 07:25:05.701222: | e 03 Sep 21 07:25:05.701225: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:05.701228: | CKAID 8a 82 25 f1 Sep 21 07:25:05.701235: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:05.701241: | spent 0.142 milliseconds in whack Sep 21 07:25:05.809447: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:05.809646: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:05.809653: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:05.809714: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:05.809724: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:05.809732: | spent 0.293 milliseconds in whack Sep 21 07:25:08.681880: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:08.681908: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:08.681911: | a9 99 11 a6 c8 e2 19 a0 00 00 00 00 00 00 00 00 Sep 21 07:25:08.681914: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:08.681916: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:08.681918: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:08.681920: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:08.681923: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:08.681925: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:08.681927: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:08.681929: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:08.681932: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:08.681934: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:08.681936: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:08.681938: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:08.681941: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:08.681943: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:08.681945: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:08.681947: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:08.681954: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:08.681957: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:08.681959: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:08.681961: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:08.681964: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:08.681966: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:08.681968: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:08.681970: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:08.681973: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:08.681975: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:08.681977: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:08.681979: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:08.681981: | 28 00 01 08 00 0e 00 00 c4 2b d6 0f a0 37 0a 10 Sep 21 07:25:08.681984: | 03 36 00 6c 97 c2 d3 4a db 63 3d 1f a9 1a 00 a6 Sep 21 07:25:08.681986: | 29 c6 ab 99 59 fc 84 e0 8e 19 c3 69 57 22 46 93 Sep 21 07:25:08.681988: | 83 ac af 82 de eb 8f f8 d3 0f 0f 84 92 23 6a d5 Sep 21 07:25:08.681990: | 7d 00 8c 09 ea 22 1d 69 fa a3 43 16 07 d7 28 93 Sep 21 07:25:08.681993: | f9 9b 97 2f 6c 38 b1 72 dd 58 bd 04 e5 f8 1a 86 Sep 21 07:25:08.681995: | 92 2d c4 08 75 e6 76 69 48 23 0c c5 c8 66 1f 12 Sep 21 07:25:08.681997: | e4 d9 a1 72 fe 07 9d b3 b8 b0 5d 5d e8 26 da dc Sep 21 07:25:08.681999: | d4 69 ba 52 40 bb 92 45 fb ec a4 f3 4c 3f 35 db Sep 21 07:25:08.682002: | f8 cc 39 1d aa 1e 80 8f 88 12 87 1d 9f b4 7a 5a Sep 21 07:25:08.682004: | 46 f1 14 b0 57 6a 05 f5 6e cf 8f b3 43 f9 9b 3f Sep 21 07:25:08.682006: | 75 19 f4 24 80 69 14 13 75 b5 26 e7 a0 30 8c 14 Sep 21 07:25:08.682008: | 05 d4 05 6a f7 7f 2b 98 6c b2 27 7f 1f e6 56 11 Sep 21 07:25:08.682011: | e7 9c a7 80 d1 f1 24 bf f6 e2 6d cf 01 82 3c 38 Sep 21 07:25:08.682013: | 75 7d cf 70 9c 87 ea da e5 1a ec e8 cd 4b 49 8d Sep 21 07:25:08.682015: | 00 84 de 72 6f f6 69 44 45 5a 52 67 81 21 6c fe Sep 21 07:25:08.682017: | ff 76 9a 4c 68 18 65 d6 29 00 00 24 9d da 01 19 Sep 21 07:25:08.682020: | 30 e4 27 d8 3c ca 91 37 c5 7e 94 c9 b7 df 4e 9a Sep 21 07:25:08.682022: | 10 3f 6d 0f 1e 27 41 2a 39 77 1d ed 29 00 00 08 Sep 21 07:25:08.682024: | 00 00 40 2e 29 00 00 1c 00 00 40 04 97 58 46 8b Sep 21 07:25:08.682026: | e4 de fd 9e a3 21 24 56 c3 f2 0d a8 c3 70 02 a1 Sep 21 07:25:08.682029: | 00 00 00 1c 00 00 40 05 54 05 83 ef 73 c8 8c ac Sep 21 07:25:08.682031: | f9 1b dd f0 84 6a 00 a3 0a a7 15 3e Sep 21 07:25:08.682038: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:08.682041: | **parse ISAKMP Message: Sep 21 07:25:08.682044: | initiator cookie: Sep 21 07:25:08.682046: | a9 99 11 a6 c8 e2 19 a0 Sep 21 07:25:08.682049: | responder cookie: Sep 21 07:25:08.682051: | 00 00 00 00 00 00 00 00 Sep 21 07:25:08.682053: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:08.682056: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:08.682059: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:08.682061: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:08.682064: | Message ID: 0 (0x0) Sep 21 07:25:08.682066: | length: 828 (0x33c) Sep 21 07:25:08.682069: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:08.682072: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:08.682075: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:08.682078: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:08.682082: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:08.682084: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:08.682086: | flags: none (0x0) Sep 21 07:25:08.682090: | length: 436 (0x1b4) Sep 21 07:25:08.682093: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:25:08.682095: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:08.682098: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:08.682101: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:08.682103: | flags: none (0x0) Sep 21 07:25:08.682105: | length: 264 (0x108) Sep 21 07:25:08.682108: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.682110: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:08.682112: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:08.682115: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:08.682117: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:08.682119: | flags: none (0x0) Sep 21 07:25:08.682122: | length: 36 (0x24) Sep 21 07:25:08.682124: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:08.682126: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:08.682129: | ***parse IKEv2 Notify Payload: Sep 21 07:25:08.682131: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:08.682133: | flags: none (0x0) Sep 21 07:25:08.682136: | length: 8 (0x8) Sep 21 07:25:08.682138: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:08.682141: | SPI size: 0 (0x0) Sep 21 07:25:08.682143: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:08.682146: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:08.682148: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:08.682150: | ***parse IKEv2 Notify Payload: Sep 21 07:25:08.682153: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:08.682155: | flags: none (0x0) Sep 21 07:25:08.682157: | length: 28 (0x1c) Sep 21 07:25:08.682160: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:08.682162: | SPI size: 0 (0x0) Sep 21 07:25:08.682165: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:08.682167: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:08.682169: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:08.682172: | ***parse IKEv2 Notify Payload: Sep 21 07:25:08.682174: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:08.682176: | flags: none (0x0) Sep 21 07:25:08.682179: | length: 28 (0x1c) Sep 21 07:25:08.682181: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:08.682183: | SPI size: 0 (0x0) Sep 21 07:25:08.682186: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:08.682188: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:08.682191: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:08.682196: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:08.682201: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:08.682204: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:08.682208: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-ipv4) Sep 21 07:25:08.682210: | find_next_host_connection returns empty Sep 21 07:25:08.682214: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:08.682217: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:08.682219: | find_next_host_connection returns empty Sep 21 07:25:08.682223: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:08.682228: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:08.682233: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:08.682235: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:08.682238: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-ipv4) Sep 21 07:25:08.682242: | find_next_host_connection returns northnet-eastnet-ipv4 Sep 21 07:25:08.682245: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:08.682247: | find_next_host_connection returns empty Sep 21 07:25:08.682250: | found connection: northnet-eastnet-ipv4 with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:08.682267: | creating state object #1 at 0x55654b8681b0 Sep 21 07:25:08.682270: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:08.682340: | pstats #1 ikev2.ike started Sep 21 07:25:08.682344: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:08.682347: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:08.682353: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:08.682362: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:08.682365: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:08.682369: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:08.682372: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:08.682376: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:08.682381: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:08.682383: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:08.682386: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:08.682388: | Now let's proceed with state specific processing Sep 21 07:25:08.682391: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:08.682397: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:08.682399: | constructing local IKE proposals for northnet-eastnet-ipv4 (IKE SA responder matching remote proposals) Sep 21 07:25:08.682407: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:08.682414: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:08.682418: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:08.682423: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:08.682427: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:08.682432: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:08.682436: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:08.682441: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:08.682452: "northnet-eastnet-ipv4": constructed local IKE proposals for northnet-eastnet-ipv4 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:08.682458: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:25:08.682463: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:08.682466: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:08.682468: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:08.682470: | local proposal 1 type DH has 8 transforms Sep 21 07:25:08.682473: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:08.682476: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:08.682478: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:08.682481: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:08.682483: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:08.682486: | local proposal 2 type DH has 8 transforms Sep 21 07:25:08.682488: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:08.682491: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:08.682493: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:08.682495: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:08.682498: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:08.682500: | local proposal 3 type DH has 8 transforms Sep 21 07:25:08.682502: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:08.682506: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:08.682508: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:08.682510: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:08.682513: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:08.682515: | local proposal 4 type DH has 8 transforms Sep 21 07:25:08.682517: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:08.682520: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:08.682523: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:08.682526: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:08.682528: | length: 100 (0x64) Sep 21 07:25:08.682530: | prop #: 1 (0x1) Sep 21 07:25:08.682533: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:08.682535: | spi size: 0 (0x0) Sep 21 07:25:08.682537: | # transforms: 11 (0xb) Sep 21 07:25:08.682541: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:08.682544: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682549: | length: 12 (0xc) Sep 21 07:25:08.682551: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:08.682554: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:08.682556: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:08.682559: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:08.682561: | length/value: 256 (0x100) Sep 21 07:25:08.682565: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:08.682568: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682570: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682573: | length: 8 (0x8) Sep 21 07:25:08.682575: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.682578: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:08.682581: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:08.682584: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:25:08.682587: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:25:08.682593: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:25:08.682596: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682600: | length: 8 (0x8) Sep 21 07:25:08.682603: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.682605: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:08.682608: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682610: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682612: | length: 8 (0x8) Sep 21 07:25:08.682614: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682617: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.682620: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:08.682623: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:25:08.682626: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:25:08.682629: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:25:08.682632: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682636: | length: 8 (0x8) Sep 21 07:25:08.682639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682641: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:08.682644: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682646: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682648: | length: 8 (0x8) Sep 21 07:25:08.682651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682653: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:08.682656: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682658: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682660: | length: 8 (0x8) Sep 21 07:25:08.682662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682665: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:08.682667: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682672: | length: 8 (0x8) Sep 21 07:25:08.682674: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682677: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:08.682679: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682684: | length: 8 (0x8) Sep 21 07:25:08.682686: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682689: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:08.682691: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682696: | length: 8 (0x8) Sep 21 07:25:08.682698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682701: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:08.682704: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682706: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:08.682708: | length: 8 (0x8) Sep 21 07:25:08.682710: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682713: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:08.682717: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:08.682721: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:08.682723: | remote proposal 1 matches local proposal 1 Sep 21 07:25:08.682727: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:08.682730: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:08.682732: | length: 100 (0x64) Sep 21 07:25:08.682734: | prop #: 2 (0x2) Sep 21 07:25:08.682736: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:08.682739: | spi size: 0 (0x0) Sep 21 07:25:08.682741: | # transforms: 11 (0xb) Sep 21 07:25:08.682744: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:08.682747: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682749: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682751: | length: 12 (0xc) Sep 21 07:25:08.682754: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:08.682756: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:08.682759: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:08.682761: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:08.682763: | length/value: 128 (0x80) Sep 21 07:25:08.682766: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682771: | length: 8 (0x8) Sep 21 07:25:08.682773: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.682776: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:08.682779: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682787: | length: 8 (0x8) Sep 21 07:25:08.682796: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.682798: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:08.682801: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682806: | length: 8 (0x8) Sep 21 07:25:08.682808: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682810: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.682813: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682818: | length: 8 (0x8) Sep 21 07:25:08.682820: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682822: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:08.682825: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682829: | length: 8 (0x8) Sep 21 07:25:08.682832: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682834: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:08.682837: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682839: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682842: | length: 8 (0x8) Sep 21 07:25:08.682844: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682846: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:08.682849: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682853: | length: 8 (0x8) Sep 21 07:25:08.682856: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682858: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:08.682861: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682865: | length: 8 (0x8) Sep 21 07:25:08.682868: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682870: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:08.682873: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682877: | length: 8 (0x8) Sep 21 07:25:08.682880: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682882: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:08.682886: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682888: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:08.682891: | length: 8 (0x8) Sep 21 07:25:08.682893: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.682895: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:08.682899: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:25:08.682902: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:25:08.682904: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:08.682907: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:08.682909: | length: 116 (0x74) Sep 21 07:25:08.682911: | prop #: 3 (0x3) Sep 21 07:25:08.682913: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:08.682916: | spi size: 0 (0x0) Sep 21 07:25:08.682918: | # transforms: 13 (0xd) Sep 21 07:25:08.682921: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:08.682924: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682926: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682928: | length: 12 (0xc) Sep 21 07:25:08.682931: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:08.682933: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:08.682935: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:08.682938: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:08.682940: | length/value: 256 (0x100) Sep 21 07:25:08.682943: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682947: | length: 8 (0x8) Sep 21 07:25:08.682950: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.682952: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:08.682955: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682959: | length: 8 (0x8) Sep 21 07:25:08.682962: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.682964: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:08.682967: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682969: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682972: | length: 8 (0x8) Sep 21 07:25:08.682974: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:08.682976: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:08.682979: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682984: | length: 8 (0x8) Sep 21 07:25:08.682986: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:08.682989: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:08.682991: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.682994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.682996: | length: 8 (0x8) Sep 21 07:25:08.682998: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683000: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.683003: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683008: | length: 8 (0x8) Sep 21 07:25:08.683010: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683012: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:08.683015: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683019: | length: 8 (0x8) Sep 21 07:25:08.683022: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683024: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:08.683027: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683033: | length: 8 (0x8) Sep 21 07:25:08.683035: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683038: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:08.683040: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683043: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683045: | length: 8 (0x8) Sep 21 07:25:08.683047: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683050: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:08.683052: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683057: | length: 8 (0x8) Sep 21 07:25:08.683059: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683061: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:08.683064: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683069: | length: 8 (0x8) Sep 21 07:25:08.683071: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683073: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:08.683076: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683078: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:08.683081: | length: 8 (0x8) Sep 21 07:25:08.683083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683085: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:08.683089: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:08.683092: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:08.683094: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:08.683097: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:08.683099: | length: 116 (0x74) Sep 21 07:25:08.683101: | prop #: 4 (0x4) Sep 21 07:25:08.683104: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:08.683106: | spi size: 0 (0x0) Sep 21 07:25:08.683108: | # transforms: 13 (0xd) Sep 21 07:25:08.683111: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:08.683114: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683118: | length: 12 (0xc) Sep 21 07:25:08.683121: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:08.683123: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:08.683125: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:08.683128: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:08.683130: | length/value: 128 (0x80) Sep 21 07:25:08.683133: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683138: | length: 8 (0x8) Sep 21 07:25:08.683140: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.683142: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:08.683145: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683149: | length: 8 (0x8) Sep 21 07:25:08.683152: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.683154: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:08.683157: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683162: | length: 8 (0x8) Sep 21 07:25:08.683164: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:08.683166: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:08.683169: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683175: | length: 8 (0x8) Sep 21 07:25:08.683178: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:08.683180: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:08.683183: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683185: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683187: | length: 8 (0x8) Sep 21 07:25:08.683190: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683192: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.683195: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683197: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683199: | length: 8 (0x8) Sep 21 07:25:08.683202: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683204: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:08.683207: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683209: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683211: | length: 8 (0x8) Sep 21 07:25:08.683214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683216: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:08.683218: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683223: | length: 8 (0x8) Sep 21 07:25:08.683226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683228: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:08.683231: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683235: | length: 8 (0x8) Sep 21 07:25:08.683237: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683240: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:08.683242: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683247: | length: 8 (0x8) Sep 21 07:25:08.683249: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683252: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:08.683254: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.683259: | length: 8 (0x8) Sep 21 07:25:08.683261: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683263: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:08.683266: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:08.683268: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:08.683270: | length: 8 (0x8) Sep 21 07:25:08.683273: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.683275: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:08.683279: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:08.683281: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:08.683286: "northnet-eastnet-ipv4" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:25:08.683291: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:25:08.683294: | converting proposal to internal trans attrs Sep 21 07:25:08.683298: | natd_hash: rcookie is zero Sep 21 07:25:08.683308: | natd_hash: hasher=0x55654af777a0(20) Sep 21 07:25:08.683311: | natd_hash: icookie= a9 99 11 a6 c8 e2 19 a0 Sep 21 07:25:08.683313: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:08.683315: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:08.683317: | natd_hash: port= 01 f4 Sep 21 07:25:08.683320: | natd_hash: hash= 54 05 83 ef 73 c8 8c ac f9 1b dd f0 84 6a 00 a3 Sep 21 07:25:08.683322: | natd_hash: hash= 0a a7 15 3e Sep 21 07:25:08.683324: | natd_hash: rcookie is zero Sep 21 07:25:08.683329: | natd_hash: hasher=0x55654af777a0(20) Sep 21 07:25:08.683332: | natd_hash: icookie= a9 99 11 a6 c8 e2 19 a0 Sep 21 07:25:08.683334: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:08.683336: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:08.683338: | natd_hash: port= 01 f4 Sep 21 07:25:08.683341: | natd_hash: hash= 97 58 46 8b e4 de fd 9e a3 21 24 56 c3 f2 0d a8 Sep 21 07:25:08.683343: | natd_hash: hash= c3 70 02 a1 Sep 21 07:25:08.683345: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:08.683347: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:08.683350: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:08.683353: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:25:08.683356: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:25:08.683360: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55654b86adc0 Sep 21 07:25:08.683363: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:08.683367: | libevent_malloc: new ptr-libevent@0x55654b86ae00 size 128 Sep 21 07:25:08.683378: | #1 spent 0.975 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:08.683385: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:08.683388: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:08.683390: | suspending state #1 and saving MD Sep 21 07:25:08.683393: | #1 is busy; has a suspended MD Sep 21 07:25:08.683397: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:08.683400: | "northnet-eastnet-ipv4" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:08.683405: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:08.683409: | #1 spent 1.43 milliseconds in ikev2_process_packet() Sep 21 07:25:08.683413: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:08.683416: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:08.683419: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:08.683422: | spent 1.44 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:08.683432: | crypto helper 6 resuming Sep 21 07:25:08.683436: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:25:08.683439: | crypto helper 6 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:25:08.684480: | crypto helper 6 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.00104 seconds Sep 21 07:25:08.684489: | (#1) spent 1.03 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:08.684492: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:08.684495: | scheduling resume sending helper answer for #1 Sep 21 07:25:08.684498: | libevent_malloc: new ptr-libevent@0x7fdfe4006900 size 128 Sep 21 07:25:08.684505: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:08.684514: | processing resume sending helper answer for #1 Sep 21 07:25:08.684522: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:08.684525: | crypto helper 6 replies to request ID 1 Sep 21 07:25:08.684527: | calling continuation function 0x55654aea1630 Sep 21 07:25:08.684530: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:25:08.684561: | **emit ISAKMP Message: Sep 21 07:25:08.684564: | initiator cookie: Sep 21 07:25:08.684566: | a9 99 11 a6 c8 e2 19 a0 Sep 21 07:25:08.684568: | responder cookie: Sep 21 07:25:08.684570: | 39 99 17 9c bc 71 23 52 Sep 21 07:25:08.684573: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:08.684576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:08.684578: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:08.684581: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:08.684583: | Message ID: 0 (0x0) Sep 21 07:25:08.684586: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:08.684589: | Emitting ikev2_proposal ... Sep 21 07:25:08.684591: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:08.684593: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:08.684596: | flags: none (0x0) Sep 21 07:25:08.684599: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:08.684602: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:08.684605: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:08.684607: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:08.684609: | prop #: 1 (0x1) Sep 21 07:25:08.684612: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:08.684614: | spi size: 0 (0x0) Sep 21 07:25:08.684616: | # transforms: 3 (0x3) Sep 21 07:25:08.684619: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:08.684622: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:08.684624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.684626: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:08.684629: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:08.684631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:08.684634: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:08.684637: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:08.684639: | length/value: 256 (0x100) Sep 21 07:25:08.684642: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:08.684644: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:08.684647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.684649: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:08.684651: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:08.684654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.684657: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:08.684660: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:08.684662: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:08.684664: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:08.684667: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:08.684669: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.684672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:08.684675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:08.684679: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:08.684681: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:25:08.684684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:08.684686: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:25:08.684689: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:08.684692: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:08.684695: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:08.684697: | flags: none (0x0) Sep 21 07:25:08.684699: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:08.684702: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:08.684705: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:08.684708: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:08.684710: | ikev2 g^x 77 b5 b7 51 e8 19 f9 25 79 bf 32 bb 3d ab 54 dd Sep 21 07:25:08.684713: | ikev2 g^x 45 b5 7c 90 85 e4 3f 0c 69 f9 3d 2b 29 5c f5 38 Sep 21 07:25:08.684715: | ikev2 g^x 40 ea 48 49 6f 5c 4f ae c3 3b f4 7e f3 eb 91 0a Sep 21 07:25:08.684717: | ikev2 g^x f3 59 5c 53 fa 6a 6e aa 88 57 6e 18 a6 78 c2 d3 Sep 21 07:25:08.684720: | ikev2 g^x 79 49 37 45 0e f4 31 00 0a 9b 2d 1c d3 db 25 fc Sep 21 07:25:08.684722: | ikev2 g^x 39 f9 24 22 32 6c 12 cb 03 79 c5 c1 51 b6 32 ca Sep 21 07:25:08.684724: | ikev2 g^x f2 d8 c2 41 ab f4 d1 d3 58 82 28 ae cb b4 1f 1b Sep 21 07:25:08.684726: | ikev2 g^x cd 3c 86 d2 1b 48 24 e9 dd 94 70 aa c2 41 53 16 Sep 21 07:25:08.684729: | ikev2 g^x f6 36 40 c3 ce 0f 5e d6 3a 6c 90 29 ee 44 02 9c Sep 21 07:25:08.684731: | ikev2 g^x 6c c8 63 12 ec eb 28 87 5c 1f 65 83 47 09 38 38 Sep 21 07:25:08.684733: | ikev2 g^x 60 7f 37 2e 6e f1 f4 d8 d3 85 d2 41 9d 21 d8 67 Sep 21 07:25:08.684736: | ikev2 g^x 06 c2 21 cb 4e a4 fc 0e 90 ed a4 dd 25 6d c7 0e Sep 21 07:25:08.684738: | ikev2 g^x d9 25 4a 3f 07 e2 99 c9 e1 fa 4c 72 6d 5d b4 4a Sep 21 07:25:08.684740: | ikev2 g^x 30 0c dd 49 79 d5 63 7b 37 c2 24 c3 cd 1f a1 74 Sep 21 07:25:08.684742: | ikev2 g^x 01 22 be d6 2b 7d b3 15 ac 1d 3f 9b 9f c8 40 4a Sep 21 07:25:08.684745: | ikev2 g^x 0a a0 f2 3e 14 d9 11 8e e7 d3 c7 a3 df cd e8 49 Sep 21 07:25:08.684747: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:08.684750: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:08.684752: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:08.684754: | flags: none (0x0) Sep 21 07:25:08.684757: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:08.684760: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:08.684762: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:08.684765: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:08.684768: | IKEv2 nonce c4 b0 95 37 62 73 85 99 e4 f4 7d 8a bd 80 41 c4 Sep 21 07:25:08.684770: | IKEv2 nonce c8 4a 5e 36 a8 da c6 ad 71 ec 75 d3 35 55 57 8d Sep 21 07:25:08.684772: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:08.684775: | Adding a v2N Payload Sep 21 07:25:08.684778: | ***emit IKEv2 Notify Payload: Sep 21 07:25:08.684780: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:08.684785: | flags: none (0x0) Sep 21 07:25:08.684790: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:08.684792: | SPI size: 0 (0x0) Sep 21 07:25:08.684796: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:08.684799: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:08.684802: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:08.684804: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:08.684807: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:08.684815: | natd_hash: hasher=0x55654af777a0(20) Sep 21 07:25:08.684817: | natd_hash: icookie= a9 99 11 a6 c8 e2 19 a0 Sep 21 07:25:08.684820: | natd_hash: rcookie= 39 99 17 9c bc 71 23 52 Sep 21 07:25:08.684822: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:08.684824: | natd_hash: port= 01 f4 Sep 21 07:25:08.684826: | natd_hash: hash= 4a a9 98 e6 25 a9 48 7f dd 2f b3 6e e3 1c d2 71 Sep 21 07:25:08.684828: | natd_hash: hash= 5b 01 77 b1 Sep 21 07:25:08.684831: | Adding a v2N Payload Sep 21 07:25:08.684833: | ***emit IKEv2 Notify Payload: Sep 21 07:25:08.684835: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:08.684838: | flags: none (0x0) Sep 21 07:25:08.684840: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:08.684842: | SPI size: 0 (0x0) Sep 21 07:25:08.684845: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:08.684848: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:08.684850: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:08.684853: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:08.684855: | Notify data 4a a9 98 e6 25 a9 48 7f dd 2f b3 6e e3 1c d2 71 Sep 21 07:25:08.684858: | Notify data 5b 01 77 b1 Sep 21 07:25:08.684860: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:08.684866: | natd_hash: hasher=0x55654af777a0(20) Sep 21 07:25:08.684868: | natd_hash: icookie= a9 99 11 a6 c8 e2 19 a0 Sep 21 07:25:08.684870: | natd_hash: rcookie= 39 99 17 9c bc 71 23 52 Sep 21 07:25:08.684873: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:08.684875: | natd_hash: port= 01 f4 Sep 21 07:25:08.684877: | natd_hash: hash= 80 67 6d 5e ed 99 f9 c0 25 31 a9 d5 51 2b 44 0d Sep 21 07:25:08.684879: | natd_hash: hash= 96 fe fb 5f Sep 21 07:25:08.684881: | Adding a v2N Payload Sep 21 07:25:08.684883: | ***emit IKEv2 Notify Payload: Sep 21 07:25:08.684886: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:08.684888: | flags: none (0x0) Sep 21 07:25:08.684890: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:08.684893: | SPI size: 0 (0x0) Sep 21 07:25:08.684895: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:08.684898: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:08.684901: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:08.684903: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:08.684906: | Notify data 80 67 6d 5e ed 99 f9 c0 25 31 a9 d5 51 2b 44 0d Sep 21 07:25:08.684908: | Notify data 96 fe fb 5f Sep 21 07:25:08.684910: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:08.684912: | emitting length of ISAKMP Message: 432 Sep 21 07:25:08.684920: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:08.684923: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:08.684926: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:08.684929: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:08.684932: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:08.684937: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:08.684942: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:08.684947: "northnet-eastnet-ipv4" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:08.684952: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:08.684959: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:08.684962: | a9 99 11 a6 c8 e2 19 a0 39 99 17 9c bc 71 23 52 Sep 21 07:25:08.684964: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:08.684966: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:08.684969: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:08.684971: | 04 00 00 0e 28 00 01 08 00 0e 00 00 77 b5 b7 51 Sep 21 07:25:08.684973: | e8 19 f9 25 79 bf 32 bb 3d ab 54 dd 45 b5 7c 90 Sep 21 07:25:08.684975: | 85 e4 3f 0c 69 f9 3d 2b 29 5c f5 38 40 ea 48 49 Sep 21 07:25:08.684977: | 6f 5c 4f ae c3 3b f4 7e f3 eb 91 0a f3 59 5c 53 Sep 21 07:25:08.684980: | fa 6a 6e aa 88 57 6e 18 a6 78 c2 d3 79 49 37 45 Sep 21 07:25:08.684982: | 0e f4 31 00 0a 9b 2d 1c d3 db 25 fc 39 f9 24 22 Sep 21 07:25:08.684984: | 32 6c 12 cb 03 79 c5 c1 51 b6 32 ca f2 d8 c2 41 Sep 21 07:25:08.684986: | ab f4 d1 d3 58 82 28 ae cb b4 1f 1b cd 3c 86 d2 Sep 21 07:25:08.684989: | 1b 48 24 e9 dd 94 70 aa c2 41 53 16 f6 36 40 c3 Sep 21 07:25:08.684991: | ce 0f 5e d6 3a 6c 90 29 ee 44 02 9c 6c c8 63 12 Sep 21 07:25:08.684993: | ec eb 28 87 5c 1f 65 83 47 09 38 38 60 7f 37 2e Sep 21 07:25:08.684995: | 6e f1 f4 d8 d3 85 d2 41 9d 21 d8 67 06 c2 21 cb Sep 21 07:25:08.684998: | 4e a4 fc 0e 90 ed a4 dd 25 6d c7 0e d9 25 4a 3f Sep 21 07:25:08.685000: | 07 e2 99 c9 e1 fa 4c 72 6d 5d b4 4a 30 0c dd 49 Sep 21 07:25:08.685002: | 79 d5 63 7b 37 c2 24 c3 cd 1f a1 74 01 22 be d6 Sep 21 07:25:08.685004: | 2b 7d b3 15 ac 1d 3f 9b 9f c8 40 4a 0a a0 f2 3e Sep 21 07:25:08.685007: | 14 d9 11 8e e7 d3 c7 a3 df cd e8 49 29 00 00 24 Sep 21 07:25:08.685009: | c4 b0 95 37 62 73 85 99 e4 f4 7d 8a bd 80 41 c4 Sep 21 07:25:08.685011: | c8 4a 5e 36 a8 da c6 ad 71 ec 75 d3 35 55 57 8d Sep 21 07:25:08.685013: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:08.685016: | 4a a9 98 e6 25 a9 48 7f dd 2f b3 6e e3 1c d2 71 Sep 21 07:25:08.685018: | 5b 01 77 b1 00 00 00 1c 00 00 40 05 80 67 6d 5e Sep 21 07:25:08.685020: | ed 99 f9 c0 25 31 a9 d5 51 2b 44 0d 96 fe fb 5f Sep 21 07:25:08.685058: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:08.685063: | libevent_free: release ptr-libevent@0x55654b86ae00 Sep 21 07:25:08.685066: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55654b86adc0 Sep 21 07:25:08.685068: | event_schedule: new EVENT_SO_DISCARD-pe@0x55654b86adc0 Sep 21 07:25:08.685072: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:25:08.685075: | libevent_malloc: new ptr-libevent@0x55654b86ae00 size 128 Sep 21 07:25:08.685078: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:08.685083: | #1 spent 0.535 milliseconds in resume sending helper answer Sep 21 07:25:08.685088: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:08.685091: | libevent_free: release ptr-libevent@0x7fdfe4006900 Sep 21 07:25:25.572803: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:25:25.572820: | expiring aged bare shunts from shunt table Sep 21 07:25:25.572829: | spent 0.00593 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:25:45.574358: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:25:45.574376: | expiring aged bare shunts from shunt table Sep 21 07:25:45.574386: | spent 0.00819 milliseconds in global timer EVENT_SHUNT_SCAN