Sep 21 07:28:54.768910: FIPS Product: YES Sep 21 07:28:54.768968: FIPS Kernel: NO Sep 21 07:28:54.768972: FIPS Mode: NO Sep 21 07:28:54.768974: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:28:54.769148: Initializing NSS Sep 21 07:28:54.769152: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:28:54.802878: NSS initialized Sep 21 07:28:54.802892: NSS crypto library initialized Sep 21 07:28:54.802895: FIPS HMAC integrity support [enabled] Sep 21 07:28:54.802897: FIPS mode disabled for pluto daemon Sep 21 07:28:54.853009: FIPS HMAC integrity verification self-test FAILED Sep 21 07:28:54.853092: libcap-ng support [enabled] Sep 21 07:28:54.853102: Linux audit support [enabled] Sep 21 07:28:54.853125: Linux audit activated Sep 21 07:28:54.853131: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10055 Sep 21 07:28:54.853132: core dump dir: /tmp Sep 21 07:28:54.853134: secrets file: /etc/ipsec.secrets Sep 21 07:28:54.853135: leak-detective disabled Sep 21 07:28:54.853137: NSS crypto [enabled] Sep 21 07:28:54.853138: XAUTH PAM support [enabled] Sep 21 07:28:54.853198: | libevent is using pluto's memory allocator Sep 21 07:28:54.853203: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:28:54.853214: | libevent_malloc: new ptr-libevent@0x564f21119fb0 size 40 Sep 21 07:28:54.853219: | libevent_malloc: new ptr-libevent@0x564f21119fe0 size 40 Sep 21 07:28:54.853222: | libevent_malloc: new ptr-libevent@0x564f2111b2d0 size 40 Sep 21 07:28:54.853223: | creating event base Sep 21 07:28:54.853225: | libevent_malloc: new ptr-libevent@0x564f2111b290 size 56 Sep 21 07:28:54.853227: | libevent_malloc: new ptr-libevent@0x564f2111b300 size 664 Sep 21 07:28:54.853236: | libevent_malloc: new ptr-libevent@0x564f2111b5a0 size 24 Sep 21 07:28:54.853238: | libevent_malloc: new ptr-libevent@0x564f2110cda0 size 384 Sep 21 07:28:54.853246: | libevent_malloc: new ptr-libevent@0x564f2111b5c0 size 16 Sep 21 07:28:54.853248: | libevent_malloc: new ptr-libevent@0x564f2111b5e0 size 40 Sep 21 07:28:54.853250: | libevent_malloc: new ptr-libevent@0x564f2111b610 size 48 Sep 21 07:28:54.853255: | libevent_realloc: new ptr-libevent@0x564f2109d370 size 256 Sep 21 07:28:54.853256: | libevent_malloc: new ptr-libevent@0x564f2111b650 size 16 Sep 21 07:28:54.853260: | libevent_free: release ptr-libevent@0x564f2111b290 Sep 21 07:28:54.853263: | libevent initialized Sep 21 07:28:54.853265: | libevent_realloc: new ptr-libevent@0x564f2111b670 size 64 Sep 21 07:28:54.853267: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:28:54.853281: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:28:54.853283: NAT-Traversal support [enabled] Sep 21 07:28:54.853284: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:28:54.853293: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:28:54.853296: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:28:54.853319: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:28:54.853322: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:28:54.853324: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:28:54.853356: Encryption algorithms: Sep 21 07:28:54.853363: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:28:54.853365: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:28:54.853367: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:28:54.853369: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:28:54.853371: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:28:54.853377: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:28:54.853379: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:28:54.853381: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:28:54.853384: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:28:54.853386: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:28:54.853388: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:28:54.853390: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:28:54.853392: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:28:54.853394: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:28:54.853396: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:28:54.853398: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:28:54.853400: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:28:54.853405: Hash algorithms: Sep 21 07:28:54.853407: MD5 IKEv1: IKE IKEv2: Sep 21 07:28:54.853409: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:28:54.853411: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:28:54.853413: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:28:54.853414: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:28:54.853422: PRF algorithms: Sep 21 07:28:54.853424: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:28:54.853426: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:28:54.853428: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:28:54.853430: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:28:54.853432: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:28:54.853434: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:28:54.853448: Integrity algorithms: Sep 21 07:28:54.853450: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:28:54.853453: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:28:54.853455: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:28:54.853458: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:28:54.853460: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:28:54.853462: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:28:54.853464: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:28:54.853466: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:28:54.853467: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:28:54.853475: DH algorithms: Sep 21 07:28:54.853477: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:28:54.853479: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:28:54.853480: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:28:54.853484: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:28:54.853486: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:28:54.853487: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:28:54.853489: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:28:54.853491: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:28:54.853493: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:28:54.853495: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:28:54.853497: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:28:54.853498: testing CAMELLIA_CBC: Sep 21 07:28:54.853500: Camellia: 16 bytes with 128-bit key Sep 21 07:28:54.853582: Camellia: 16 bytes with 128-bit key Sep 21 07:28:54.853601: Camellia: 16 bytes with 256-bit key Sep 21 07:28:54.853619: Camellia: 16 bytes with 256-bit key Sep 21 07:28:54.853636: testing AES_GCM_16: Sep 21 07:28:54.853639: empty string Sep 21 07:28:54.853656: one block Sep 21 07:28:54.853672: two blocks Sep 21 07:28:54.853687: two blocks with associated data Sep 21 07:28:54.853703: testing AES_CTR: Sep 21 07:28:54.853705: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:28:54.853721: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:28:54.853737: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:28:54.853754: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:28:54.853770: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:28:54.853796: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:28:54.853818: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:28:54.853835: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:28:54.853852: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:28:54.853868: testing AES_CBC: Sep 21 07:28:54.853870: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:28:54.853886: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:28:54.853904: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:28:54.853921: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:28:54.853941: testing AES_XCBC: Sep 21 07:28:54.853943: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:28:54.854018: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:28:54.854098: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:28:54.854173: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:28:54.854249: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:28:54.854326: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:28:54.854403: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:28:54.854612: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:28:54.854693: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:28:54.854774: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:28:54.854938: testing HMAC_MD5: Sep 21 07:28:54.854943: RFC 2104: MD5_HMAC test 1 Sep 21 07:28:54.855050: RFC 2104: MD5_HMAC test 2 Sep 21 07:28:54.855141: RFC 2104: MD5_HMAC test 3 Sep 21 07:28:54.855254: 8 CPU cores online Sep 21 07:28:54.855256: starting up 7 crypto helpers Sep 21 07:28:54.855287: started thread for crypto helper 0 Sep 21 07:28:54.855314: | starting up helper thread 0 Sep 21 07:28:54.855327: | starting up helper thread 1 Sep 21 07:28:54.855355: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:28:54.855359: | crypto helper 1 waiting (nothing to do) Sep 21 07:28:54.855319: started thread for crypto helper 1 Sep 21 07:28:54.855331: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:28:54.855398: | crypto helper 0 waiting (nothing to do) Sep 21 07:28:54.855402: started thread for crypto helper 2 Sep 21 07:28:54.855407: | starting up helper thread 2 Sep 21 07:28:54.855416: started thread for crypto helper 3 Sep 21 07:28:54.855420: | starting up helper thread 3 Sep 21 07:28:54.855417: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:28:54.855432: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:28:54.855434: | crypto helper 2 waiting (nothing to do) Sep 21 07:28:54.855439: started thread for crypto helper 4 Sep 21 07:28:54.855441: | crypto helper 3 waiting (nothing to do) Sep 21 07:28:54.855446: | starting up helper thread 4 Sep 21 07:28:54.855450: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:28:54.855451: | crypto helper 4 waiting (nothing to do) Sep 21 07:28:54.855454: started thread for crypto helper 5 Sep 21 07:28:54.855462: | starting up helper thread 5 Sep 21 07:28:54.855469: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:28:54.855471: | crypto helper 5 waiting (nothing to do) Sep 21 07:28:54.855472: started thread for crypto helper 6 Sep 21 07:28:54.855475: | starting up helper thread 6 Sep 21 07:28:54.855475: | checking IKEv1 state table Sep 21 07:28:54.855481: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:28:54.855487: | crypto helper 6 waiting (nothing to do) Sep 21 07:28:54.855488: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855491: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:28:54.855492: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855494: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:28:54.855495: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:28:54.855497: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:28:54.855498: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:54.855500: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:54.855501: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:28:54.855503: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:28:54.855504: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:54.855505: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:54.855507: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:28:54.855508: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:54.855510: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:54.855511: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:28:54.855512: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:28:54.855514: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:54.855515: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:54.855517: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:28:54.855518: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:28:54.855520: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855521: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:28:54.855523: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855524: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855525: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:28:54.855527: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855528: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:28:54.855530: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:28:54.855531: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:28:54.855533: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:28:54.855534: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:28:54.855536: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:28:54.855537: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855539: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:28:54.855540: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855542: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:28:54.855546: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:28:54.855547: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:28:54.855549: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:28:54.855550: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:28:54.855552: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:28:54.855553: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:28:54.855555: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855556: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:28:54.855558: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855559: | INFO: category: informational flags: 0: Sep 21 07:28:54.855560: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855562: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:28:54.855564: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855565: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:28:54.855566: | -> XAUTH_R1 EVENT_NULL Sep 21 07:28:54.855568: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:28:54.855569: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:54.855571: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:28:54.855572: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:28:54.855574: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:28:54.855575: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:28:54.855577: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:28:54.855578: | -> UNDEFINED EVENT_NULL Sep 21 07:28:54.855580: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:28:54.855581: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:54.855583: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:28:54.855584: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:28:54.855586: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:28:54.855587: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:28:54.855592: | checking IKEv2 state table Sep 21 07:28:54.855596: | PARENT_I0: category: ignore flags: 0: Sep 21 07:28:54.855598: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:28:54.855599: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855601: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:28:54.855603: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:28:54.855605: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:28:54.855607: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:28:54.855608: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:28:54.855610: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:28:54.855611: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:28:54.855613: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:28:54.855615: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:28:54.855616: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:28:54.855618: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:28:54.855619: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:28:54.855621: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:28:54.855622: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855624: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:28:54.855626: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:28:54.855627: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:28:54.855629: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:28:54.855631: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:28:54.855634: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:28:54.855635: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:28:54.855637: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:28:54.855638: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:28:54.855640: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:28:54.855641: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:28:54.855643: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:28:54.855645: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:28:54.855646: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:28:54.855648: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:28:54.855650: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:28:54.855651: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:28:54.855653: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:28:54.855655: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:28:54.855656: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:28:54.855658: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:28:54.855660: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:28:54.855661: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:28:54.855663: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:28:54.855665: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:28:54.855666: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:28:54.855668: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:28:54.855670: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:28:54.855671: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:28:54.855673: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:28:54.855711: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:28:54.855762: | Hard-wiring algorithms Sep 21 07:28:54.855765: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:28:54.855768: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:28:54.855769: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:28:54.855771: | adding 3DES_CBC to kernel algorithm db Sep 21 07:28:54.855772: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:28:54.855774: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:28:54.855775: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:28:54.855776: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:28:54.855778: | adding AES_CTR to kernel algorithm db Sep 21 07:28:54.855779: | adding AES_CBC to kernel algorithm db Sep 21 07:28:54.855781: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:28:54.855782: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:28:54.855797: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:28:54.855798: | adding NULL to kernel algorithm db Sep 21 07:28:54.855800: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:28:54.855802: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:28:54.855803: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:28:54.855805: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:28:54.855807: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:28:54.855808: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:28:54.855810: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:28:54.855811: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:28:54.855813: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:28:54.855814: | adding NONE to kernel algorithm db Sep 21 07:28:54.855845: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:28:54.855848: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:28:54.855850: | setup kernel fd callback Sep 21 07:28:54.855852: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564f21125a50 Sep 21 07:28:54.855854: | libevent_malloc: new ptr-libevent@0x564f2112cf20 size 128 Sep 21 07:28:54.855856: | libevent_malloc: new ptr-libevent@0x564f21120cc0 size 16 Sep 21 07:28:54.855861: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564f211202f0 Sep 21 07:28:54.855864: | libevent_malloc: new ptr-libevent@0x564f2112cfb0 size 128 Sep 21 07:28:54.855866: | libevent_malloc: new ptr-libevent@0x564f2111b780 size 16 Sep 21 07:28:54.856008: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:28:54.856013: selinux support is enabled. Sep 21 07:28:54.856067: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:28:54.856192: | unbound context created - setting debug level to 5 Sep 21 07:28:54.856212: | /etc/hosts lookups activated Sep 21 07:28:54.856225: | /etc/resolv.conf usage activated Sep 21 07:28:54.856256: | outgoing-port-avoid set 0-65535 Sep 21 07:28:54.856273: | outgoing-port-permit set 32768-60999 Sep 21 07:28:54.856274: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:28:54.856276: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:28:54.856278: | Setting up events, loop start Sep 21 07:28:54.856280: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564f21120040 Sep 21 07:28:54.856282: | libevent_malloc: new ptr-libevent@0x564f21137520 size 128 Sep 21 07:28:54.856284: | libevent_malloc: new ptr-libevent@0x564f211375b0 size 16 Sep 21 07:28:54.856289: | libevent_realloc: new ptr-libevent@0x564f2109b5b0 size 256 Sep 21 07:28:54.856291: | libevent_malloc: new ptr-libevent@0x564f211375d0 size 8 Sep 21 07:28:54.856293: | libevent_realloc: new ptr-libevent@0x564f2112c220 size 144 Sep 21 07:28:54.856295: | libevent_malloc: new ptr-libevent@0x564f211375f0 size 152 Sep 21 07:28:54.856297: | libevent_malloc: new ptr-libevent@0x564f21137690 size 16 Sep 21 07:28:54.856299: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:28:54.856301: | libevent_malloc: new ptr-libevent@0x564f211376b0 size 8 Sep 21 07:28:54.856303: | libevent_malloc: new ptr-libevent@0x564f211376d0 size 152 Sep 21 07:28:54.856305: | signal event handler PLUTO_SIGTERM installed Sep 21 07:28:54.856306: | libevent_malloc: new ptr-libevent@0x564f21137770 size 8 Sep 21 07:28:54.856308: | libevent_malloc: new ptr-libevent@0x564f21137790 size 152 Sep 21 07:28:54.856310: | signal event handler PLUTO_SIGHUP installed Sep 21 07:28:54.856311: | libevent_malloc: new ptr-libevent@0x564f21137830 size 8 Sep 21 07:28:54.856313: | libevent_realloc: release ptr-libevent@0x564f2112c220 Sep 21 07:28:54.856314: | libevent_realloc: new ptr-libevent@0x564f21137850 size 256 Sep 21 07:28:54.856316: | libevent_malloc: new ptr-libevent@0x564f2112c220 size 152 Sep 21 07:28:54.856318: | signal event handler PLUTO_SIGSYS installed Sep 21 07:28:54.856549: | created addconn helper (pid:10121) using fork+execve Sep 21 07:28:54.856575: | forked child 10121 Sep 21 07:28:54.856608: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:54.856621: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:28:54.856626: listening for IKE messages Sep 21 07:28:54.856657: | Inspecting interface lo Sep 21 07:28:54.856662: | found lo with address 127.0.0.1 Sep 21 07:28:54.856664: | Inspecting interface eth0 Sep 21 07:28:54.856667: | found eth0 with address 192.0.2.254 Sep 21 07:28:54.856668: | Inspecting interface eth1 Sep 21 07:28:54.856671: | found eth1 with address 192.1.2.23 Sep 21 07:28:54.856710: Kernel supports NIC esp-hw-offload Sep 21 07:28:54.856718: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:28:54.856735: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:54.856743: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:54.856746: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:28:54.856767: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:28:54.856788: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:54.856794: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:54.856797: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:28:54.856817: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:28:54.856833: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:54.856836: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:54.856838: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:28:54.856890: | no interfaces to sort Sep 21 07:28:54.856893: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:28:54.856899: | add_fd_read_event_handler: new ethX-pe@0x564f21120dc0 Sep 21 07:28:54.856901: | libevent_malloc: new ptr-libevent@0x564f21137bc0 size 128 Sep 21 07:28:54.856903: | libevent_malloc: new ptr-libevent@0x564f21137c50 size 16 Sep 21 07:28:54.856908: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:28:54.856910: | add_fd_read_event_handler: new ethX-pe@0x564f21137c70 Sep 21 07:28:54.856911: | libevent_malloc: new ptr-libevent@0x564f21137cb0 size 128 Sep 21 07:28:54.856913: | libevent_malloc: new ptr-libevent@0x564f21137d40 size 16 Sep 21 07:28:54.856916: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:28:54.856918: | add_fd_read_event_handler: new ethX-pe@0x564f21137d60 Sep 21 07:28:54.856919: | libevent_malloc: new ptr-libevent@0x564f21137da0 size 128 Sep 21 07:28:54.856921: | libevent_malloc: new ptr-libevent@0x564f21137e30 size 16 Sep 21 07:28:54.856924: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:28:54.856925: | add_fd_read_event_handler: new ethX-pe@0x564f21137e50 Sep 21 07:28:54.856927: | libevent_malloc: new ptr-libevent@0x564f21137e90 size 128 Sep 21 07:28:54.856928: | libevent_malloc: new ptr-libevent@0x564f21137f20 size 16 Sep 21 07:28:54.856931: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:28:54.856933: | add_fd_read_event_handler: new ethX-pe@0x564f21137f40 Sep 21 07:28:54.856934: | libevent_malloc: new ptr-libevent@0x564f21137f80 size 128 Sep 21 07:28:54.856936: | libevent_malloc: new ptr-libevent@0x564f21138010 size 16 Sep 21 07:28:54.856939: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:28:54.856940: | add_fd_read_event_handler: new ethX-pe@0x564f21138030 Sep 21 07:28:54.856942: | libevent_malloc: new ptr-libevent@0x564f21138070 size 128 Sep 21 07:28:54.856944: | libevent_malloc: new ptr-libevent@0x564f21138100 size 16 Sep 21 07:28:54.856947: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:28:54.856949: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:28:54.856951: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:28:54.856966: loading secrets from "/etc/ipsec.secrets" Sep 21 07:28:54.856975: | id type added to secret(0x564f2112d100) PKK_PSK: @east Sep 21 07:28:54.856977: | id type added to secret(0x564f2112d100) PKK_PSK: @west Sep 21 07:28:54.856980: | Processing PSK at line 1: passed Sep 21 07:28:54.856982: | certs and keys locked by 'process_secret' Sep 21 07:28:54.856984: | certs and keys unlocked by 'process_secret' Sep 21 07:28:54.856987: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:28:54.856993: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:54.856999: | spent 0.395 milliseconds in whack Sep 21 07:28:54.883435: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:54.883452: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:28:54.883457: listening for IKE messages Sep 21 07:28:54.883487: | Inspecting interface lo Sep 21 07:28:54.883496: | found lo with address 127.0.0.1 Sep 21 07:28:54.883499: | Inspecting interface eth0 Sep 21 07:28:54.883501: | found eth0 with address 192.0.2.254 Sep 21 07:28:54.883503: | Inspecting interface eth1 Sep 21 07:28:54.883505: | found eth1 with address 192.1.2.23 Sep 21 07:28:54.883555: | no interfaces to sort Sep 21 07:28:54.883561: | libevent_free: release ptr-libevent@0x564f21137bc0 Sep 21 07:28:54.883563: | free_event_entry: release EVENT_NULL-pe@0x564f21120dc0 Sep 21 07:28:54.883565: | add_fd_read_event_handler: new ethX-pe@0x564f21120dc0 Sep 21 07:28:54.883567: | libevent_malloc: new ptr-libevent@0x564f21137bc0 size 128 Sep 21 07:28:54.883572: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:28:54.883575: | libevent_free: release ptr-libevent@0x564f21137cb0 Sep 21 07:28:54.883577: | free_event_entry: release EVENT_NULL-pe@0x564f21137c70 Sep 21 07:28:54.883578: | add_fd_read_event_handler: new ethX-pe@0x564f21137c70 Sep 21 07:28:54.883580: | libevent_malloc: new ptr-libevent@0x564f21137cb0 size 128 Sep 21 07:28:54.883583: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:28:54.883585: | libevent_free: release ptr-libevent@0x564f21137da0 Sep 21 07:28:54.883587: | free_event_entry: release EVENT_NULL-pe@0x564f21137d60 Sep 21 07:28:54.883603: | add_fd_read_event_handler: new ethX-pe@0x564f21137d60 Sep 21 07:28:54.883605: | libevent_malloc: new ptr-libevent@0x564f21137da0 size 128 Sep 21 07:28:54.883608: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:28:54.883610: | libevent_free: release ptr-libevent@0x564f21137e90 Sep 21 07:28:54.883612: | free_event_entry: release EVENT_NULL-pe@0x564f21137e50 Sep 21 07:28:54.883613: | add_fd_read_event_handler: new ethX-pe@0x564f21137e50 Sep 21 07:28:54.883615: | libevent_malloc: new ptr-libevent@0x564f21137e90 size 128 Sep 21 07:28:54.883618: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:28:54.883620: | libevent_free: release ptr-libevent@0x564f21137f80 Sep 21 07:28:54.883622: | free_event_entry: release EVENT_NULL-pe@0x564f21137f40 Sep 21 07:28:54.883623: | add_fd_read_event_handler: new ethX-pe@0x564f21137f40 Sep 21 07:28:54.883625: | libevent_malloc: new ptr-libevent@0x564f21137f80 size 128 Sep 21 07:28:54.883630: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:28:54.883633: | libevent_free: release ptr-libevent@0x564f21138070 Sep 21 07:28:54.883635: | free_event_entry: release EVENT_NULL-pe@0x564f21138030 Sep 21 07:28:54.883638: | add_fd_read_event_handler: new ethX-pe@0x564f21138030 Sep 21 07:28:54.883640: | libevent_malloc: new ptr-libevent@0x564f21138070 size 128 Sep 21 07:28:54.883644: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:28:54.883647: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:28:54.883649: forgetting secrets Sep 21 07:28:54.883657: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:28:54.883670: loading secrets from "/etc/ipsec.secrets" Sep 21 07:28:54.883679: | id type added to secret(0x564f2112d100) PKK_PSK: @east Sep 21 07:28:54.883682: | id type added to secret(0x564f2112d100) PKK_PSK: @west Sep 21 07:28:54.883686: | Processing PSK at line 1: passed Sep 21 07:28:54.883689: | certs and keys locked by 'process_secret' Sep 21 07:28:54.883691: | certs and keys unlocked by 'process_secret' Sep 21 07:28:54.883695: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:28:54.883703: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:54.883709: | spent 0.282 milliseconds in whack Sep 21 07:28:54.884112: | processing signal PLUTO_SIGCHLD Sep 21 07:28:54.884126: | waitpid returned pid 10121 (exited with status 0) Sep 21 07:28:54.884130: | reaped addconn helper child (status 0) Sep 21 07:28:54.884135: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:54.884140: | spent 0.0169 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:54.943716: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:54.943735: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:54.943738: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:28:54.943740: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:54.943741: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:28:54.943744: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:54.943750: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:28:54.943796: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:28:54.943801: | from whack: got --esp= Sep 21 07:28:54.943823: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:28:54.943827: | counting wild cards for @west is 0 Sep 21 07:28:54.943829: | counting wild cards for @east is 0 Sep 21 07:28:54.943837: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:28:54.943839: | new hp@0x564f211045f0 Sep 21 07:28:54.943842: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:54.943850: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:28:54.943857: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:28:54.943864: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:54.943870: | spent 0.156 milliseconds in whack Sep 21 07:28:57.337306: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:28:57.337333: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:28:57.337336: | 32 86 7e d9 f7 b1 8f 34 00 00 00 00 00 00 00 00 Sep 21 07:28:57.337338: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:28:57.337339: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:28:57.337341: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:28:57.337342: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:28:57.337344: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:28:57.337345: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:28:57.337346: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:28:57.337348: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:28:57.337349: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:28:57.337351: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:28:57.337352: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:28:57.337353: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:28:57.337355: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:28:57.337356: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:28:57.337357: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:28:57.337359: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:28:57.337360: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:28:57.337362: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:28:57.337363: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:28:57.337364: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:28:57.337366: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:28:57.337367: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:28:57.337369: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:28:57.337372: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:28:57.337374: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:28:57.337375: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:28:57.337377: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:28:57.337378: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:28:57.337379: | 28 00 01 08 00 0e 00 00 eb e1 da 3d 14 b3 7c f7 Sep 21 07:28:57.337381: | 71 6f fd 39 f9 d7 98 ab a2 fb 39 d1 35 d6 81 be Sep 21 07:28:57.337382: | 05 79 69 63 a4 a9 b8 05 cb 0b 4d f3 ea 32 fa 46 Sep 21 07:28:57.337384: | 97 63 a3 34 1e 94 95 e4 2a f5 49 4a 57 2d 87 c8 Sep 21 07:28:57.337385: | c0 31 42 63 51 19 c6 2c 5b 75 aa 04 16 84 65 8c Sep 21 07:28:57.337386: | 5e 7e 98 4a 08 25 42 b3 80 4c 67 76 98 b0 a5 7b Sep 21 07:28:57.337388: | 01 72 9a 8c 12 9b 3f ae f9 44 77 d9 e1 38 a8 20 Sep 21 07:28:57.337389: | 12 c8 39 52 96 44 94 ae a4 ae f3 59 2a 92 f8 57 Sep 21 07:28:57.337390: | be 9f 60 f7 89 4a 5a 86 eb 3a 17 df d7 51 c1 52 Sep 21 07:28:57.337392: | 32 a3 c2 1f 9b 2e 1e 7f 87 55 5d 8a cb 7f 85 b6 Sep 21 07:28:57.337393: | 4f 55 ee 3e 3b 83 9b 88 de 91 5f 4c 83 79 ee ec Sep 21 07:28:57.337395: | 21 6d 1e 85 87 72 32 53 29 63 b5 8d 51 8a a4 15 Sep 21 07:28:57.337396: | 1e 3e 8e 83 13 0a 40 be 10 45 88 f2 1b 2e 90 a2 Sep 21 07:28:57.337397: | 83 0a ce 77 80 c7 cc f4 08 f1 a7 7f ca 50 c7 93 Sep 21 07:28:57.337399: | e4 7b e6 0b 81 64 13 15 7c a4 47 3e ec 45 bc ba Sep 21 07:28:57.337400: | 29 dc 18 c7 6f 92 05 e8 f4 06 46 93 64 13 9b e4 Sep 21 07:28:57.337402: | e9 4d 2e 48 88 7c a7 f6 29 00 00 24 3b aa 33 14 Sep 21 07:28:57.337403: | 66 a5 2c 33 76 e4 88 06 c9 04 29 a9 d8 eb 05 cb Sep 21 07:28:57.337404: | 0e 4d 60 17 4f ce 45 99 6e 99 17 36 29 00 00 08 Sep 21 07:28:57.337406: | 00 00 40 2e 29 00 00 1c 00 00 40 04 6c 69 c4 99 Sep 21 07:28:57.337407: | 12 76 fd 82 82 9b ea d0 84 36 fe 7d 5a 7d f7 c1 Sep 21 07:28:57.337408: | 00 00 00 1c 00 00 40 05 3f f8 0a 8b 4a 3a de 65 Sep 21 07:28:57.337410: | 70 51 20 a9 e2 06 10 a7 15 c4 51 d2 Sep 21 07:28:57.337415: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:28:57.337418: | **parse ISAKMP Message: Sep 21 07:28:57.337419: | initiator cookie: Sep 21 07:28:57.337421: | 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.337422: | responder cookie: Sep 21 07:28:57.337424: | 00 00 00 00 00 00 00 00 Sep 21 07:28:57.337425: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:57.337427: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:57.337429: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:28:57.337431: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:28:57.337432: | Message ID: 0 (0x0) Sep 21 07:28:57.337434: | length: 828 (0x33c) Sep 21 07:28:57.337436: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:28:57.337442: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:28:57.337444: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:28:57.337446: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:28:57.337448: | ***parse IKEv2 Security Association Payload: Sep 21 07:28:57.337450: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:28:57.337452: | flags: none (0x0) Sep 21 07:28:57.337453: | length: 436 (0x1b4) Sep 21 07:28:57.337455: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:28:57.337456: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:28:57.337458: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:28:57.337460: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:28:57.337461: | flags: none (0x0) Sep 21 07:28:57.337463: | length: 264 (0x108) Sep 21 07:28:57.337464: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.337466: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:28:57.337469: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:28:57.337471: | ***parse IKEv2 Nonce Payload: Sep 21 07:28:57.337472: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:57.337474: | flags: none (0x0) Sep 21 07:28:57.337475: | length: 36 (0x24) Sep 21 07:28:57.337477: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:28:57.337478: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:57.337480: | ***parse IKEv2 Notify Payload: Sep 21 07:28:57.337481: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:57.337483: | flags: none (0x0) Sep 21 07:28:57.337484: | length: 8 (0x8) Sep 21 07:28:57.337486: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:57.337487: | SPI size: 0 (0x0) Sep 21 07:28:57.337490: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:28:57.337491: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:28:57.337493: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:57.337494: | ***parse IKEv2 Notify Payload: Sep 21 07:28:57.337496: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:57.337497: | flags: none (0x0) Sep 21 07:28:57.337499: | length: 28 (0x1c) Sep 21 07:28:57.337500: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:57.337501: | SPI size: 0 (0x0) Sep 21 07:28:57.337503: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:28:57.337505: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:28:57.337506: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:57.337507: | ***parse IKEv2 Notify Payload: Sep 21 07:28:57.337509: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.337510: | flags: none (0x0) Sep 21 07:28:57.337512: | length: 28 (0x1c) Sep 21 07:28:57.337513: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:57.337515: | SPI size: 0 (0x0) Sep 21 07:28:57.337516: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:28:57.337518: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:28:57.337520: | DDOS disabled and no cookie sent, continuing Sep 21 07:28:57.337525: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:28:57.337530: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:57.337533: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:28:57.337537: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:28:57.337540: | find_next_host_connection returns empty Sep 21 07:28:57.337544: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:28:57.337547: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:28:57.337549: | find_next_host_connection returns empty Sep 21 07:28:57.337554: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:28:57.337558: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:28:57.337563: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:57.337565: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:28:57.337568: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:28:57.337571: | find_next_host_connection returns empty Sep 21 07:28:57.337574: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:28:57.337577: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:28:57.337579: | find_next_host_connection returns empty Sep 21 07:28:57.337583: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Sep 21 07:28:57.337588: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:28:57.337595: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:57.337597: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:28:57.337601: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:28:57.337603: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:28:57.337606: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:28:57.337608: | find_next_host_connection returns empty Sep 21 07:28:57.337611: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Sep 21 07:28:57.337641: | creating state object #1 at 0x564f2113b1a0 Sep 21 07:28:57.337645: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:28:57.337653: | pstats #1 ikev2.ike started Sep 21 07:28:57.337657: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:28:57.337660: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:28:57.337666: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:28:57.337676: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:28:57.337679: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:28:57.337684: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:28:57.337687: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:28:57.337692: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:28:57.337696: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:28:57.337699: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:28:57.337702: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:28:57.337704: | Now let's proceed with state specific processing Sep 21 07:28:57.337707: | calling processor Respond to IKE_SA_INIT Sep 21 07:28:57.337713: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:28:57.337716: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Sep 21 07:28:57.337724: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:57.337733: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:57.337737: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:57.337743: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:57.337747: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:57.337752: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:57.337756: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:57.337762: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:57.337775: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:57.337780: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:28:57.337790: | local proposal 1 type ENCR has 1 transforms Sep 21 07:28:57.337796: | local proposal 1 type PRF has 2 transforms Sep 21 07:28:57.337798: | local proposal 1 type INTEG has 1 transforms Sep 21 07:28:57.337801: | local proposal 1 type DH has 8 transforms Sep 21 07:28:57.337803: | local proposal 1 type ESN has 0 transforms Sep 21 07:28:57.337807: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:28:57.337809: | local proposal 2 type ENCR has 1 transforms Sep 21 07:28:57.337812: | local proposal 2 type PRF has 2 transforms Sep 21 07:28:57.337814: | local proposal 2 type INTEG has 1 transforms Sep 21 07:28:57.337817: | local proposal 2 type DH has 8 transforms Sep 21 07:28:57.337819: | local proposal 2 type ESN has 0 transforms Sep 21 07:28:57.337822: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:28:57.337825: | local proposal 3 type ENCR has 1 transforms Sep 21 07:28:57.337827: | local proposal 3 type PRF has 2 transforms Sep 21 07:28:57.337829: | local proposal 3 type INTEG has 2 transforms Sep 21 07:28:57.337832: | local proposal 3 type DH has 8 transforms Sep 21 07:28:57.337834: | local proposal 3 type ESN has 0 transforms Sep 21 07:28:57.337837: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:28:57.337840: | local proposal 4 type ENCR has 1 transforms Sep 21 07:28:57.337842: | local proposal 4 type PRF has 2 transforms Sep 21 07:28:57.337844: | local proposal 4 type INTEG has 2 transforms Sep 21 07:28:57.337846: | local proposal 4 type DH has 8 transforms Sep 21 07:28:57.337849: | local proposal 4 type ESN has 0 transforms Sep 21 07:28:57.337852: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:28:57.337855: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.337858: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:57.337861: | length: 100 (0x64) Sep 21 07:28:57.337863: | prop #: 1 (0x1) Sep 21 07:28:57.337865: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:57.337867: | spi size: 0 (0x0) Sep 21 07:28:57.337870: | # transforms: 11 (0xb) Sep 21 07:28:57.337873: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:28:57.337876: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337881: | length: 12 (0xc) Sep 21 07:28:57.337883: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.337885: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:57.337888: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.337890: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.337893: | length/value: 256 (0x100) Sep 21 07:28:57.337897: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:28:57.337900: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337907: | length: 8 (0x8) Sep 21 07:28:57.337910: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.337912: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:57.337916: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:28:57.337919: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:28:57.337922: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:28:57.337925: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:28:57.337927: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337930: | length: 8 (0x8) Sep 21 07:28:57.337932: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.337933: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:57.337935: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337937: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337938: | length: 8 (0x8) Sep 21 07:28:57.337939: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337941: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.337943: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:28:57.337945: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:28:57.337947: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:28:57.337949: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:28:57.337950: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337953: | length: 8 (0x8) Sep 21 07:28:57.337955: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337956: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:57.337958: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337961: | length: 8 (0x8) Sep 21 07:28:57.337962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337963: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:57.337965: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337967: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337968: | length: 8 (0x8) Sep 21 07:28:57.337969: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337971: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:57.337973: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337975: | length: 8 (0x8) Sep 21 07:28:57.337977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337978: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:57.337980: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337983: | length: 8 (0x8) Sep 21 07:28:57.337984: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337986: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:57.337987: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.337990: | length: 8 (0x8) Sep 21 07:28:57.337992: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.337993: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:57.337995: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.337996: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.337998: | length: 8 (0x8) Sep 21 07:28:57.337999: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338003: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:57.338005: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:28:57.338008: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:28:57.338010: | remote proposal 1 matches local proposal 1 Sep 21 07:28:57.338011: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.338013: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:57.338014: | length: 100 (0x64) Sep 21 07:28:57.338016: | prop #: 2 (0x2) Sep 21 07:28:57.338017: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:57.338019: | spi size: 0 (0x0) Sep 21 07:28:57.338020: | # transforms: 11 (0xb) Sep 21 07:28:57.338022: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:57.338024: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338027: | length: 12 (0xc) Sep 21 07:28:57.338028: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.338030: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:57.338031: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.338033: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.338034: | length/value: 128 (0x80) Sep 21 07:28:57.338036: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338038: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338039: | length: 8 (0x8) Sep 21 07:28:57.338041: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.338042: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:57.338044: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338047: | length: 8 (0x8) Sep 21 07:28:57.338048: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.338050: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:57.338051: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338054: | length: 8 (0x8) Sep 21 07:28:57.338056: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338057: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.338059: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338062: | length: 8 (0x8) Sep 21 07:28:57.338063: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338064: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:57.338066: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338068: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338069: | length: 8 (0x8) Sep 21 07:28:57.338070: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338072: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:57.338074: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338076: | length: 8 (0x8) Sep 21 07:28:57.338078: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338079: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:57.338081: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338084: | length: 8 (0x8) Sep 21 07:28:57.338085: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338087: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:57.338088: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338091: | length: 8 (0x8) Sep 21 07:28:57.338095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338097: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:57.338098: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338101: | length: 8 (0x8) Sep 21 07:28:57.338103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338104: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:57.338106: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338107: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.338109: | length: 8 (0x8) Sep 21 07:28:57.338110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338112: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:57.338114: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:28:57.338116: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:28:57.338117: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.338119: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:57.338120: | length: 116 (0x74) Sep 21 07:28:57.338122: | prop #: 3 (0x3) Sep 21 07:28:57.338123: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:57.338124: | spi size: 0 (0x0) Sep 21 07:28:57.338126: | # transforms: 13 (0xd) Sep 21 07:28:57.338128: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:57.338129: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338132: | length: 12 (0xc) Sep 21 07:28:57.338134: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.338135: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:57.338137: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.338138: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.338140: | length/value: 256 (0x100) Sep 21 07:28:57.338142: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338145: | length: 8 (0x8) Sep 21 07:28:57.338146: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.338148: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:57.338149: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338151: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338152: | length: 8 (0x8) Sep 21 07:28:57.338154: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.338155: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:57.338157: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338160: | length: 8 (0x8) Sep 21 07:28:57.338161: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.338163: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:57.338164: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338167: | length: 8 (0x8) Sep 21 07:28:57.338169: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.338170: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:57.338172: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338175: | length: 8 (0x8) Sep 21 07:28:57.338176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338178: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.338179: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338182: | length: 8 (0x8) Sep 21 07:28:57.338184: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338186: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:57.338188: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338191: | length: 8 (0x8) Sep 21 07:28:57.338192: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338194: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:57.338195: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338197: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338198: | length: 8 (0x8) Sep 21 07:28:57.338200: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338201: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:57.338203: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338206: | length: 8 (0x8) Sep 21 07:28:57.338207: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338209: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:57.338211: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338212: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338213: | length: 8 (0x8) Sep 21 07:28:57.338215: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338216: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:57.338218: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338221: | length: 8 (0x8) Sep 21 07:28:57.338222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:57.338225: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338227: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.338228: | length: 8 (0x8) Sep 21 07:28:57.338230: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338231: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:57.338234: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:28:57.338235: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:28:57.338237: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.338238: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:57.338240: | length: 116 (0x74) Sep 21 07:28:57.338241: | prop #: 4 (0x4) Sep 21 07:28:57.338243: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:57.338244: | spi size: 0 (0x0) Sep 21 07:28:57.338246: | # transforms: 13 (0xd) Sep 21 07:28:57.338247: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:57.338249: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338252: | length: 12 (0xc) Sep 21 07:28:57.338253: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.338255: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:57.338256: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.338258: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.338259: | length/value: 128 (0x80) Sep 21 07:28:57.338261: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338264: | length: 8 (0x8) Sep 21 07:28:57.338265: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.338267: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:57.338269: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338271: | length: 8 (0x8) Sep 21 07:28:57.338273: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.338274: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:57.338279: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338282: | length: 8 (0x8) Sep 21 07:28:57.338283: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.338285: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:57.338286: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338288: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338289: | length: 8 (0x8) Sep 21 07:28:57.338291: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.338292: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:57.338294: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338295: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338297: | length: 8 (0x8) Sep 21 07:28:57.338298: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338300: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.338301: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338304: | length: 8 (0x8) Sep 21 07:28:57.338306: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338307: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:57.338309: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338312: | length: 8 (0x8) Sep 21 07:28:57.338313: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338315: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:57.338316: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338318: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338319: | length: 8 (0x8) Sep 21 07:28:57.338321: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338322: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:57.338324: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338326: | length: 8 (0x8) Sep 21 07:28:57.338328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338329: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:57.338331: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338334: | length: 8 (0x8) Sep 21 07:28:57.338335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338337: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:57.338339: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.338341: | length: 8 (0x8) Sep 21 07:28:57.338343: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338344: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:57.338346: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.338348: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.338349: | length: 8 (0x8) Sep 21 07:28:57.338350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.338352: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:57.338354: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:28:57.338356: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:28:57.338359: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:28:57.338363: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:28:57.338364: | converting proposal to internal trans attrs Sep 21 07:28:57.338367: | natd_hash: rcookie is zero Sep 21 07:28:57.338377: | natd_hash: hasher=0x564f2070e7a0(20) Sep 21 07:28:57.338379: | natd_hash: icookie= 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.338380: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:28:57.338382: | natd_hash: ip= c0 01 02 17 Sep 21 07:28:57.338383: | natd_hash: port= 01 f4 Sep 21 07:28:57.338385: | natd_hash: hash= 3f f8 0a 8b 4a 3a de 65 70 51 20 a9 e2 06 10 a7 Sep 21 07:28:57.338386: | natd_hash: hash= 15 c4 51 d2 Sep 21 07:28:57.338387: | natd_hash: rcookie is zero Sep 21 07:28:57.338392: | natd_hash: hasher=0x564f2070e7a0(20) Sep 21 07:28:57.338393: | natd_hash: icookie= 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.338395: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:28:57.338396: | natd_hash: ip= c0 01 02 2d Sep 21 07:28:57.338397: | natd_hash: port= 01 f4 Sep 21 07:28:57.338399: | natd_hash: hash= 6c 69 c4 99 12 76 fd 82 82 9b ea d0 84 36 fe 7d Sep 21 07:28:57.338400: | natd_hash: hash= 5a 7d f7 c1 Sep 21 07:28:57.338402: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:28:57.338403: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:28:57.338404: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:28:57.338407: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Sep 21 07:28:57.338409: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:28:57.338411: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564f2113b0d0 Sep 21 07:28:57.338414: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:28:57.338416: | libevent_malloc: new ptr-libevent@0x564f2113d310 size 128 Sep 21 07:28:57.338424: | #1 spent 0.71 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:28:57.338429: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:57.338432: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:28:57.338430: | crypto helper 1 resuming Sep 21 07:28:57.338434: | suspending state #1 and saving MD Sep 21 07:28:57.338447: | #1 is busy; has a suspended MD Sep 21 07:28:57.338443: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:28:57.338452: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:28:57.338457: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:28:57.338459: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:28:57.338465: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:28:57.338468: | #1 spent 1.14 milliseconds in ikev2_process_packet() Sep 21 07:28:57.338471: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:28:57.338473: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:28:57.338475: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:28:57.338478: | spent 1.15 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:28:57.339531: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001073 seconds Sep 21 07:28:57.339544: | (#1) spent 1.08 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:28:57.339547: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:28:57.339550: | scheduling resume sending helper answer for #1 Sep 21 07:28:57.339554: | libevent_malloc: new ptr-libevent@0x7face4006900 size 128 Sep 21 07:28:57.339561: | crypto helper 1 waiting (nothing to do) Sep 21 07:28:57.339586: | processing resume sending helper answer for #1 Sep 21 07:28:57.339593: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:28:57.339596: | crypto helper 1 replies to request ID 1 Sep 21 07:28:57.339598: | calling continuation function 0x564f20638630 Sep 21 07:28:57.339600: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:28:57.339627: | **emit ISAKMP Message: Sep 21 07:28:57.339629: | initiator cookie: Sep 21 07:28:57.339631: | 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.339632: | responder cookie: Sep 21 07:28:57.339634: | 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.339636: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:28:57.339637: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:57.339639: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:28:57.339641: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:28:57.339643: | Message ID: 0 (0x0) Sep 21 07:28:57.339644: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:28:57.339647: | Emitting ikev2_proposal ... Sep 21 07:28:57.339649: | ***emit IKEv2 Security Association Payload: Sep 21 07:28:57.339650: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.339652: | flags: none (0x0) Sep 21 07:28:57.339654: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:28:57.339656: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.339658: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.339659: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:57.339661: | prop #: 1 (0x1) Sep 21 07:28:57.339663: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:57.339664: | spi size: 0 (0x0) Sep 21 07:28:57.339666: | # transforms: 3 (0x3) Sep 21 07:28:57.339667: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:57.339669: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:57.339671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.339673: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.339674: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:57.339676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:57.339678: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.339680: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.339681: | length/value: 256 (0x100) Sep 21 07:28:57.339683: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:57.339685: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:57.339686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.339688: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:57.339689: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:57.339691: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.339693: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:57.339695: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:57.339698: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:57.339700: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.339701: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:57.339703: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.339705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.339706: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:57.339708: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:57.339710: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:28:57.339711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:57.339713: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:28:57.339715: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:28:57.339717: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:28:57.339719: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.339720: | flags: none (0x0) Sep 21 07:28:57.339722: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:57.339724: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:28:57.339726: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.339728: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:28:57.339730: | ikev2 g^x 50 5c 3b 66 da 65 ac 2a 0e f4 47 a8 3d e0 04 3b Sep 21 07:28:57.339731: | ikev2 g^x f2 8b e7 de 5d f1 20 34 9d c8 38 fb be 66 2d f6 Sep 21 07:28:57.339732: | ikev2 g^x e4 ae 82 f1 fd 65 c9 0a 06 d5 fd 32 b6 1b 53 2a Sep 21 07:28:57.339734: | ikev2 g^x 8a 57 c1 37 4c 53 e7 d9 a4 44 1c be 74 6d d9 ce Sep 21 07:28:57.339735: | ikev2 g^x ab 65 4a d6 db 0a 39 df f3 93 d3 92 8d 2b 2f 5b Sep 21 07:28:57.339737: | ikev2 g^x de d4 a2 39 0e 73 e8 d9 54 9b d7 d4 7b a7 e1 c9 Sep 21 07:28:57.339738: | ikev2 g^x c9 99 44 f9 d4 b7 53 95 59 77 83 c6 93 60 4f b6 Sep 21 07:28:57.339740: | ikev2 g^x 19 03 34 9a 72 a2 02 b4 a2 ae 30 3c d0 8f 7a 25 Sep 21 07:28:57.339741: | ikev2 g^x ef af 09 02 07 b1 4c 0b 08 92 75 0b b9 55 2e 5f Sep 21 07:28:57.339742: | ikev2 g^x 42 09 0b 69 8f 8b 2b 96 f5 29 89 29 f5 da 16 e6 Sep 21 07:28:57.339744: | ikev2 g^x b8 5b d4 b0 a6 06 54 44 c5 03 4a 2e 32 2b dc 86 Sep 21 07:28:57.339745: | ikev2 g^x e0 64 87 ba 87 5e 61 e0 07 04 c8 7e b7 d6 38 9e Sep 21 07:28:57.339747: | ikev2 g^x 2d 0b c0 83 ba f7 09 cf 45 1b 13 eb ca b5 38 4b Sep 21 07:28:57.339748: | ikev2 g^x 12 07 81 8f 85 46 f9 3a af d3 50 24 ec fd fd 26 Sep 21 07:28:57.339749: | ikev2 g^x c2 7f 38 f7 14 2b 17 71 c5 2b a3 53 9f 36 99 56 Sep 21 07:28:57.339751: | ikev2 g^x 93 f4 2a f9 f3 4b 48 e8 ef eb a1 ed c2 8c ff 89 Sep 21 07:28:57.339752: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:28:57.339754: | ***emit IKEv2 Nonce Payload: Sep 21 07:28:57.339756: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:57.339757: | flags: none (0x0) Sep 21 07:28:57.339759: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:28:57.339761: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:28:57.339763: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.339764: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:28:57.339766: | IKEv2 nonce db 08 53 37 f2 b8 59 e4 cd 19 c5 3e 4d e4 d4 78 Sep 21 07:28:57.339769: | IKEv2 nonce f6 43 0e d8 52 93 de 93 53 89 df 3c 6e 6f 34 89 Sep 21 07:28:57.339770: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:28:57.339772: | Adding a v2N Payload Sep 21 07:28:57.339773: | ***emit IKEv2 Notify Payload: Sep 21 07:28:57.339775: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.339776: | flags: none (0x0) Sep 21 07:28:57.339778: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:57.339780: | SPI size: 0 (0x0) Sep 21 07:28:57.339781: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:28:57.339789: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:57.339793: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.339795: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:28:57.339797: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:28:57.339805: | natd_hash: hasher=0x564f2070e7a0(20) Sep 21 07:28:57.339806: | natd_hash: icookie= 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.339808: | natd_hash: rcookie= 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.339809: | natd_hash: ip= c0 01 02 17 Sep 21 07:28:57.339811: | natd_hash: port= 01 f4 Sep 21 07:28:57.339812: | natd_hash: hash= c7 c8 c7 a9 2d e9 47 ba 15 6b 48 62 c3 37 11 e0 Sep 21 07:28:57.339814: | natd_hash: hash= ff b6 44 cc Sep 21 07:28:57.339815: | Adding a v2N Payload Sep 21 07:28:57.339817: | ***emit IKEv2 Notify Payload: Sep 21 07:28:57.339818: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.339820: | flags: none (0x0) Sep 21 07:28:57.339821: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:57.339823: | SPI size: 0 (0x0) Sep 21 07:28:57.339824: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:28:57.339826: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:57.339828: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.339830: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:28:57.339831: | Notify data c7 c8 c7 a9 2d e9 47 ba 15 6b 48 62 c3 37 11 e0 Sep 21 07:28:57.339833: | Notify data ff b6 44 cc Sep 21 07:28:57.339834: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:28:57.339838: | natd_hash: hasher=0x564f2070e7a0(20) Sep 21 07:28:57.339839: | natd_hash: icookie= 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.339841: | natd_hash: rcookie= 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.339842: | natd_hash: ip= c0 01 02 2d Sep 21 07:28:57.339844: | natd_hash: port= 01 f4 Sep 21 07:28:57.339845: | natd_hash: hash= 6d a4 8d 92 a2 36 06 59 66 77 0a ea 4c 6c 68 98 Sep 21 07:28:57.339846: | natd_hash: hash= b6 74 37 11 Sep 21 07:28:57.339848: | Adding a v2N Payload Sep 21 07:28:57.339849: | ***emit IKEv2 Notify Payload: Sep 21 07:28:57.339851: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.339852: | flags: none (0x0) Sep 21 07:28:57.339854: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:57.339855: | SPI size: 0 (0x0) Sep 21 07:28:57.339857: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:28:57.339859: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:57.339860: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.339862: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:28:57.339863: | Notify data 6d a4 8d 92 a2 36 06 59 66 77 0a ea 4c 6c 68 98 Sep 21 07:28:57.339865: | Notify data b6 74 37 11 Sep 21 07:28:57.339866: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:28:57.339868: | emitting length of ISAKMP Message: 432 Sep 21 07:28:57.339872: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:57.339876: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:28:57.339878: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:28:57.339880: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:28:57.339882: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:28:57.339885: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:28:57.339888: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:28:57.339891: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:28:57.339894: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:28:57.339900: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:28:57.339902: | 32 86 7e d9 f7 b1 8f 34 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.339904: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:28:57.339905: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:28:57.339906: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:28:57.339908: | 04 00 00 0e 28 00 01 08 00 0e 00 00 50 5c 3b 66 Sep 21 07:28:57.339909: | da 65 ac 2a 0e f4 47 a8 3d e0 04 3b f2 8b e7 de Sep 21 07:28:57.339911: | 5d f1 20 34 9d c8 38 fb be 66 2d f6 e4 ae 82 f1 Sep 21 07:28:57.339912: | fd 65 c9 0a 06 d5 fd 32 b6 1b 53 2a 8a 57 c1 37 Sep 21 07:28:57.339913: | 4c 53 e7 d9 a4 44 1c be 74 6d d9 ce ab 65 4a d6 Sep 21 07:28:57.339915: | db 0a 39 df f3 93 d3 92 8d 2b 2f 5b de d4 a2 39 Sep 21 07:28:57.339916: | 0e 73 e8 d9 54 9b d7 d4 7b a7 e1 c9 c9 99 44 f9 Sep 21 07:28:57.339917: | d4 b7 53 95 59 77 83 c6 93 60 4f b6 19 03 34 9a Sep 21 07:28:57.339919: | 72 a2 02 b4 a2 ae 30 3c d0 8f 7a 25 ef af 09 02 Sep 21 07:28:57.339920: | 07 b1 4c 0b 08 92 75 0b b9 55 2e 5f 42 09 0b 69 Sep 21 07:28:57.339922: | 8f 8b 2b 96 f5 29 89 29 f5 da 16 e6 b8 5b d4 b0 Sep 21 07:28:57.339923: | a6 06 54 44 c5 03 4a 2e 32 2b dc 86 e0 64 87 ba Sep 21 07:28:57.339924: | 87 5e 61 e0 07 04 c8 7e b7 d6 38 9e 2d 0b c0 83 Sep 21 07:28:57.339926: | ba f7 09 cf 45 1b 13 eb ca b5 38 4b 12 07 81 8f Sep 21 07:28:57.339927: | 85 46 f9 3a af d3 50 24 ec fd fd 26 c2 7f 38 f7 Sep 21 07:28:57.339929: | 14 2b 17 71 c5 2b a3 53 9f 36 99 56 93 f4 2a f9 Sep 21 07:28:57.339930: | f3 4b 48 e8 ef eb a1 ed c2 8c ff 89 29 00 00 24 Sep 21 07:28:57.339931: | db 08 53 37 f2 b8 59 e4 cd 19 c5 3e 4d e4 d4 78 Sep 21 07:28:57.339933: | f6 43 0e d8 52 93 de 93 53 89 df 3c 6e 6f 34 89 Sep 21 07:28:57.339934: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:28:57.339935: | c7 c8 c7 a9 2d e9 47 ba 15 6b 48 62 c3 37 11 e0 Sep 21 07:28:57.339937: | ff b6 44 cc 00 00 00 1c 00 00 40 05 6d a4 8d 92 Sep 21 07:28:57.339938: | a2 36 06 59 66 77 0a ea 4c 6c 68 98 b6 74 37 11 Sep 21 07:28:57.339970: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:28:57.339973: | libevent_free: release ptr-libevent@0x564f2113d310 Sep 21 07:28:57.339975: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564f2113b0d0 Sep 21 07:28:57.339977: | event_schedule: new EVENT_SO_DISCARD-pe@0x564f2113b0d0 Sep 21 07:28:57.339980: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:28:57.339981: | libevent_malloc: new ptr-libevent@0x564f2113d310 size 128 Sep 21 07:28:57.339984: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:28:57.339988: | #1 spent 0.37 milliseconds in resume sending helper answer Sep 21 07:28:57.339991: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:28:57.339995: | libevent_free: release ptr-libevent@0x7face4006900 Sep 21 07:28:57.343230: | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:28:57.343251: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:28:57.343254: | 32 86 7e d9 f7 b1 8f 34 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.343255: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:28:57.343257: | 32 e9 64 fd 8f eb 90 04 4d e5 e9 a6 02 c3 64 a4 Sep 21 07:28:57.343258: | e7 cb 9b fd c4 4c dc 10 f8 8d 01 52 5d d7 c9 96 Sep 21 07:28:57.343260: | 24 35 cf 40 5f bf 95 d9 01 cd 17 06 82 8f 7d 17 Sep 21 07:28:57.343261: | cf a4 77 06 0a 2b af 91 27 c5 27 9d 17 ab ad b8 Sep 21 07:28:57.343263: | 49 5a c6 4c 2c 31 1f c3 76 ef d2 f2 97 d9 c3 48 Sep 21 07:28:57.343264: | 2a fa 59 a4 f2 4e c5 b9 58 f3 32 a0 00 05 eb 81 Sep 21 07:28:57.343265: | ad cc 69 f3 0f 1a 70 c3 5d 9e b6 e9 2e cd 10 50 Sep 21 07:28:57.343267: | 26 99 a7 f2 25 c5 00 88 4d d3 cf f9 dd af dc fa Sep 21 07:28:57.343268: | b7 d9 95 85 4d d4 ce 42 2e ad f0 d2 2e 38 b2 78 Sep 21 07:28:57.343270: | cb 13 4c ca 32 10 d1 a8 49 86 df 45 17 53 f5 46 Sep 21 07:28:57.343271: | 25 9e 20 08 96 4d d8 15 38 d9 b7 4b c8 d3 e2 5e Sep 21 07:28:57.343272: | c3 e2 1f bb 61 ed 4d 99 85 a4 7a 7f 4a fe 86 4e Sep 21 07:28:57.343274: | 59 04 05 ff 3a 2d c1 20 db c8 1a 36 51 80 c8 9c Sep 21 07:28:57.343275: | 89 fe d1 59 f5 0a ed 5a 4c 62 2a 64 cb ac d9 36 Sep 21 07:28:57.343277: | 67 d4 13 da e4 f3 95 29 94 38 5d a0 64 28 73 61 Sep 21 07:28:57.343278: | 70 4e 9c ac 91 d5 97 8c 1c 14 09 c1 dc 44 1c 3f Sep 21 07:28:57.343279: | 2e 0c 40 a1 e8 ea ed 4e a8 d9 b6 02 9a d3 a6 4d Sep 21 07:28:57.343281: | 8c b6 b1 bc 41 6a 0a 8b 25 72 14 2a f7 7b 89 97 Sep 21 07:28:57.343282: | 46 1c 4a fc 02 be 04 8e 7f 56 95 ce c2 2c 6a b9 Sep 21 07:28:57.343284: | c0 e3 15 6d 84 8a da d5 45 6e cc 0f 07 cf 3f 04 Sep 21 07:28:57.343285: | 80 42 f3 c9 00 01 ff 5a ef 0b 66 55 f6 Sep 21 07:28:57.343288: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:28:57.343291: | **parse ISAKMP Message: Sep 21 07:28:57.343292: | initiator cookie: Sep 21 07:28:57.343294: | 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.343295: | responder cookie: Sep 21 07:28:57.343297: | 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.343298: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:28:57.343300: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:57.343302: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:28:57.343304: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:28:57.343305: | Message ID: 1 (0x1) Sep 21 07:28:57.343307: | length: 365 (0x16d) Sep 21 07:28:57.343309: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:28:57.343311: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:28:57.343314: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:28:57.343318: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:28:57.343320: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:28:57.343323: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:28:57.343325: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:28:57.343328: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:28:57.343329: | unpacking clear payload Sep 21 07:28:57.343331: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:28:57.343333: | ***parse IKEv2 Encryption Payload: Sep 21 07:28:57.343334: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:28:57.343339: | flags: none (0x0) Sep 21 07:28:57.343340: | length: 337 (0x151) Sep 21 07:28:57.343342: | processing payload: ISAKMP_NEXT_v2SK (len=333) Sep 21 07:28:57.343345: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:28:57.343347: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:28:57.343349: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:28:57.343350: | Now let's proceed with state specific processing Sep 21 07:28:57.343352: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:28:57.343356: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:28:57.343359: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:28:57.343362: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:28:57.343365: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:28:57.343368: | libevent_free: release ptr-libevent@0x564f2113d310 Sep 21 07:28:57.343371: | free_event_entry: release EVENT_SO_DISCARD-pe@0x564f2113b0d0 Sep 21 07:28:57.343374: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564f2113b0d0 Sep 21 07:28:57.343377: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:28:57.343380: | libevent_malloc: new ptr-libevent@0x564f2113d310 size 128 Sep 21 07:28:57.343391: | #1 spent 0.0333 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:28:57.343397: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:57.343397: | crypto helper 0 resuming Sep 21 07:28:57.343400: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:28:57.343408: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:28:57.343415: | suspending state #1 and saving MD Sep 21 07:28:57.343422: | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:28:57.343427: | #1 is busy; has a suspended MD Sep 21 07:28:57.343439: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:28:57.343443: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:28:57.343448: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:28:57.343454: | #1 spent 0.203 milliseconds in ikev2_process_packet() Sep 21 07:28:57.343458: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:28:57.343461: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:28:57.343462: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:28:57.343465: | spent 0.216 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:28:57.344396: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:28:57.344843: | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001421 seconds Sep 21 07:28:57.344853: | (#1) spent 1.42 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:28:57.344856: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:28:57.344859: | scheduling resume sending helper answer for #1 Sep 21 07:28:57.344862: | libevent_malloc: new ptr-libevent@0x7facdc006b90 size 128 Sep 21 07:28:57.344870: | crypto helper 0 waiting (nothing to do) Sep 21 07:28:57.344879: | processing resume sending helper answer for #1 Sep 21 07:28:57.344887: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:28:57.344893: | crypto helper 0 replies to request ID 2 Sep 21 07:28:57.344895: | calling continuation function 0x564f20638630 Sep 21 07:28:57.344896: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:28:57.344898: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:28:57.344952: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:28:57.344956: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:28:57.344959: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:28:57.344960: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:28:57.344962: | flags: none (0x0) Sep 21 07:28:57.344964: | length: 12 (0xc) Sep 21 07:28:57.344965: | ID type: ID_FQDN (0x2) Sep 21 07:28:57.344967: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:28:57.344969: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:28:57.344970: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:28:57.344972: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:28:57.344973: | flags: none (0x0) Sep 21 07:28:57.344974: | length: 12 (0xc) Sep 21 07:28:57.344976: | ID type: ID_FQDN (0x2) Sep 21 07:28:57.344977: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:28:57.344979: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:28:57.344981: | **parse IKEv2 Authentication Payload: Sep 21 07:28:57.344982: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:57.344984: | flags: none (0x0) Sep 21 07:28:57.344985: | length: 72 (0x48) Sep 21 07:28:57.344987: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:28:57.344988: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:28:57.344990: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:28:57.344991: | **parse IKEv2 Security Association Payload: Sep 21 07:28:57.344993: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:28:57.344994: | flags: none (0x0) Sep 21 07:28:57.344996: | length: 164 (0xa4) Sep 21 07:28:57.344997: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:28:57.344999: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:28:57.345000: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:28:57.345002: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:28:57.345003: | flags: none (0x0) Sep 21 07:28:57.345005: | length: 24 (0x18) Sep 21 07:28:57.345006: | number of TS: 1 (0x1) Sep 21 07:28:57.345008: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:28:57.345009: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:28:57.345011: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:28:57.345012: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.345014: | flags: none (0x0) Sep 21 07:28:57.345015: | length: 24 (0x18) Sep 21 07:28:57.345016: | number of TS: 1 (0x1) Sep 21 07:28:57.345018: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:28:57.345020: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:28:57.345021: | Now let's proceed with state specific processing Sep 21 07:28:57.345023: | calling processor Responder: process IKE_AUTH request Sep 21 07:28:57.345027: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:28:57.345031: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:28:57.345033: | received IDr payload - extracting our alleged ID Sep 21 07:28:57.345036: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:57.345039: | match_id a=@west Sep 21 07:28:57.345041: | b=@west Sep 21 07:28:57.345042: | results matched Sep 21 07:28:57.345045: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:28:57.345046: | Warning: not switching back to template of current instance Sep 21 07:28:57.345050: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:28:57.345052: | This connection's local id is @east (ID_FQDN) Sep 21 07:28:57.345054: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Sep 21 07:28:57.345057: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:57.345058: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:57.345060: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:28:57.345063: | 1: compared key @west to @east / @west -> 004 Sep 21 07:28:57.345065: | 2: compared key @east to @east / @west -> 014 Sep 21 07:28:57.345066: | line 1: match=014 Sep 21 07:28:57.345068: | match 014 beats previous best_match 000 match=0x564f2112d100 (line=1) Sep 21 07:28:57.345070: | concluding with best_match=014 best=0x564f2112d100 (lineno=1) Sep 21 07:28:57.345071: | returning because exact peer id match Sep 21 07:28:57.345073: | offered CA: '%none' Sep 21 07:28:57.345075: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Sep 21 07:28:57.345089: | verifying AUTH payload Sep 21 07:28:57.345092: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Sep 21 07:28:57.345094: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:57.345096: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:57.345098: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:28:57.345100: | 1: compared key @west to @east / @west -> 004 Sep 21 07:28:57.345102: | 2: compared key @east to @east / @west -> 014 Sep 21 07:28:57.345103: | line 1: match=014 Sep 21 07:28:57.345105: | match 014 beats previous best_match 000 match=0x564f2112d100 (line=1) Sep 21 07:28:57.345106: | concluding with best_match=014 best=0x564f2112d100 (lineno=1) Sep 21 07:28:57.345146: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Sep 21 07:28:57.345149: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:28:57.345152: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:28:57.345154: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:28:57.345156: | libevent_free: release ptr-libevent@0x564f2113d310 Sep 21 07:28:57.345158: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564f2113b0d0 Sep 21 07:28:57.345160: | event_schedule: new EVENT_SA_REKEY-pe@0x564f2113b0d0 Sep 21 07:28:57.345162: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:28:57.345164: | libevent_malloc: new ptr-libevent@0x564f2113d310 size 128 Sep 21 07:28:57.345256: | pstats #1 ikev2.ike established Sep 21 07:28:57.345264: | **emit ISAKMP Message: Sep 21 07:28:57.345267: | initiator cookie: Sep 21 07:28:57.345269: | 32 86 7e d9 f7 b1 8f 34 Sep 21 07:28:57.345272: | responder cookie: Sep 21 07:28:57.345274: | 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.345277: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:28:57.345280: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:57.345283: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:28:57.345286: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:28:57.345288: | Message ID: 1 (0x1) Sep 21 07:28:57.345292: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:28:57.345295: | IKEv2 CERT: send a certificate? Sep 21 07:28:57.345299: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:28:57.345302: | ***emit IKEv2 Encryption Payload: Sep 21 07:28:57.345305: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.345307: | flags: none (0x0) Sep 21 07:28:57.345311: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:28:57.345314: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.345320: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:28:57.345329: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:28:57.345342: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:28:57.345346: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.345348: | flags: none (0x0) Sep 21 07:28:57.345351: | ID type: ID_FQDN (0x2) Sep 21 07:28:57.345355: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:28:57.345359: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.345363: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:28:57.345366: | my identity 65 61 73 74 Sep 21 07:28:57.345369: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:28:57.345376: | assembled IDr payload Sep 21 07:28:57.345379: | CHILD SA proposals received Sep 21 07:28:57.345381: | going to assemble AUTH payload Sep 21 07:28:57.345384: | ****emit IKEv2 Authentication Payload: Sep 21 07:28:57.345387: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:57.345389: | flags: none (0x0) Sep 21 07:28:57.345392: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:28:57.345396: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:28:57.345400: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:28:57.345404: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.345407: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Sep 21 07:28:57.345411: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:57.345414: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:57.345417: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:28:57.345419: | 1: compared key @west to @east / @west -> 004 Sep 21 07:28:57.345421: | 2: compared key @east to @east / @west -> 014 Sep 21 07:28:57.345422: | line 1: match=014 Sep 21 07:28:57.345424: | match 014 beats previous best_match 000 match=0x564f2112d100 (line=1) Sep 21 07:28:57.345426: | concluding with best_match=014 best=0x564f2112d100 (lineno=1) Sep 21 07:28:57.345462: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:28:57.345464: | PSK auth 8b 0a 1d 86 4a b0 54 19 e0 f8 3f 73 32 66 af 4b Sep 21 07:28:57.345466: | PSK auth c5 35 34 0c 1a d7 8c cf 7c e4 4e e1 81 21 88 94 Sep 21 07:28:57.345467: | PSK auth 79 6d d5 ab 92 c8 bd e7 36 01 b1 17 08 79 83 4b Sep 21 07:28:57.345468: | PSK auth ec ef d9 40 bb 70 66 98 55 f8 c7 9f 41 36 c8 68 Sep 21 07:28:57.345470: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:28:57.345476: | creating state object #2 at 0x564f2113e6a0 Sep 21 07:28:57.345478: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:28:57.345481: | pstats #2 ikev2.child started Sep 21 07:28:57.345483: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:28:57.345486: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:28:57.345490: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:28:57.345493: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:28:57.345496: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:28:57.345500: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:28:57.345501: | TSi: parsing 1 traffic selectors Sep 21 07:28:57.345504: | ***parse IKEv2 Traffic Selector: Sep 21 07:28:57.345505: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:57.345507: | IP Protocol ID: 0 (0x0) Sep 21 07:28:57.345508: | length: 16 (0x10) Sep 21 07:28:57.345510: | start port: 0 (0x0) Sep 21 07:28:57.345511: | end port: 65535 (0xffff) Sep 21 07:28:57.345513: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:28:57.345515: | TS low c0 00 01 00 Sep 21 07:28:57.345516: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:28:57.345518: | TS high c0 00 01 ff Sep 21 07:28:57.345519: | TSi: parsed 1 traffic selectors Sep 21 07:28:57.345521: | TSr: parsing 1 traffic selectors Sep 21 07:28:57.345522: | ***parse IKEv2 Traffic Selector: Sep 21 07:28:57.345524: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:57.345525: | IP Protocol ID: 0 (0x0) Sep 21 07:28:57.345527: | length: 16 (0x10) Sep 21 07:28:57.345528: | start port: 0 (0x0) Sep 21 07:28:57.345530: | end port: 65535 (0xffff) Sep 21 07:28:57.345531: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:28:57.345532: | TS low c0 00 02 00 Sep 21 07:28:57.345534: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:28:57.345535: | TS high c0 00 02 ff Sep 21 07:28:57.345537: | TSr: parsed 1 traffic selectors Sep 21 07:28:57.345538: | looking for best SPD in current connection Sep 21 07:28:57.345543: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:28:57.345546: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:57.345550: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:28:57.345552: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:28:57.345553: | TSi[0] port match: YES fitness 65536 Sep 21 07:28:57.345555: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:28:57.345557: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:57.345560: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:57.345563: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:28:57.345565: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:28:57.345567: | TSr[0] port match: YES fitness 65536 Sep 21 07:28:57.345568: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:28:57.345570: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:57.345572: | best fit so far: TSi[0] TSr[0] Sep 21 07:28:57.345573: | found better spd route for TSi[0],TSr[0] Sep 21 07:28:57.345575: | looking for better host pair Sep 21 07:28:57.345578: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:57.345581: | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found Sep 21 07:28:57.345582: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Sep 21 07:28:57.345584: | match_id a=@west Sep 21 07:28:57.345586: | b=@west Sep 21 07:28:57.345587: | results matched Sep 21 07:28:57.345590: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:28:57.345593: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:57.345596: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:28:57.345598: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:28:57.345599: | TSi[0] port match: YES fitness 65536 Sep 21 07:28:57.345601: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:28:57.345603: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:57.345606: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:57.345609: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:28:57.345611: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:28:57.345612: | TSr[0] port match: YES fitness 65536 Sep 21 07:28:57.345614: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:28:57.345616: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:57.345617: | best fit so far: TSi[0] TSr[0] Sep 21 07:28:57.345619: | did not find a better connection using host pair Sep 21 07:28:57.345620: | printing contents struct traffic_selector Sep 21 07:28:57.345622: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:28:57.345623: | ipprotoid: 0 Sep 21 07:28:57.345625: | port range: 0-65535 Sep 21 07:28:57.345627: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:28:57.345628: | printing contents struct traffic_selector Sep 21 07:28:57.345630: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:28:57.345631: | ipprotoid: 0 Sep 21 07:28:57.345632: | port range: 0-65535 Sep 21 07:28:57.345635: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:28:57.345637: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:28:57.345647: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:28:57.345651: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:28:57.345653: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:28:57.345655: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:28:57.345658: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:28:57.345660: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:57.345662: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:28:57.345665: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:57.345669: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:57.345671: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:28:57.345673: | local proposal 1 type ENCR has 1 transforms Sep 21 07:28:57.345675: | local proposal 1 type PRF has 0 transforms Sep 21 07:28:57.345677: | local proposal 1 type INTEG has 1 transforms Sep 21 07:28:57.345678: | local proposal 1 type DH has 1 transforms Sep 21 07:28:57.345680: | local proposal 1 type ESN has 1 transforms Sep 21 07:28:57.345682: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:28:57.345683: | local proposal 2 type ENCR has 1 transforms Sep 21 07:28:57.345685: | local proposal 2 type PRF has 0 transforms Sep 21 07:28:57.345686: | local proposal 2 type INTEG has 1 transforms Sep 21 07:28:57.345688: | local proposal 2 type DH has 1 transforms Sep 21 07:28:57.345689: | local proposal 2 type ESN has 1 transforms Sep 21 07:28:57.345691: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:28:57.345692: | local proposal 3 type ENCR has 1 transforms Sep 21 07:28:57.345694: | local proposal 3 type PRF has 0 transforms Sep 21 07:28:57.345695: | local proposal 3 type INTEG has 2 transforms Sep 21 07:28:57.345697: | local proposal 3 type DH has 1 transforms Sep 21 07:28:57.345699: | local proposal 3 type ESN has 1 transforms Sep 21 07:28:57.345701: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:28:57.345703: | local proposal 4 type ENCR has 1 transforms Sep 21 07:28:57.345704: | local proposal 4 type PRF has 0 transforms Sep 21 07:28:57.345706: | local proposal 4 type INTEG has 2 transforms Sep 21 07:28:57.345707: | local proposal 4 type DH has 1 transforms Sep 21 07:28:57.345709: | local proposal 4 type ESN has 1 transforms Sep 21 07:28:57.345710: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:28:57.345712: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.345714: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:57.345715: | length: 32 (0x20) Sep 21 07:28:57.345717: | prop #: 1 (0x1) Sep 21 07:28:57.345719: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:57.345720: | spi size: 4 (0x4) Sep 21 07:28:57.345722: | # transforms: 2 (0x2) Sep 21 07:28:57.345724: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:57.345725: | remote SPI f0 ed 7e f5 Sep 21 07:28:57.345727: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:28:57.345729: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345732: | length: 12 (0xc) Sep 21 07:28:57.345734: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.345735: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:57.345737: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.345739: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.345740: | length/value: 256 (0x100) Sep 21 07:28:57.345743: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:28:57.345745: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345746: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.345748: | length: 8 (0x8) Sep 21 07:28:57.345749: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:57.345751: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:57.345753: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:28:57.345755: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:28:57.345757: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:28:57.345759: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:28:57.345761: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:28:57.345763: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:28:57.345765: | remote proposal 1 matches local proposal 1 Sep 21 07:28:57.345767: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.345768: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:57.345770: | length: 32 (0x20) Sep 21 07:28:57.345771: | prop #: 2 (0x2) Sep 21 07:28:57.345773: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:57.345774: | spi size: 4 (0x4) Sep 21 07:28:57.345775: | # transforms: 2 (0x2) Sep 21 07:28:57.345777: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:57.345779: | remote SPI f0 ed 7e f5 Sep 21 07:28:57.345780: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:57.345782: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345793: | length: 12 (0xc) Sep 21 07:28:57.345794: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.345796: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:57.345798: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.345800: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.345802: | length/value: 128 (0x80) Sep 21 07:28:57.345804: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345805: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.345807: | length: 8 (0x8) Sep 21 07:28:57.345808: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:57.345810: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:57.345812: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:28:57.345813: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:28:57.345815: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.345817: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:57.345818: | length: 48 (0x30) Sep 21 07:28:57.345819: | prop #: 3 (0x3) Sep 21 07:28:57.345821: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:57.345822: | spi size: 4 (0x4) Sep 21 07:28:57.345824: | # transforms: 4 (0x4) Sep 21 07:28:57.345826: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:57.345827: | remote SPI f0 ed 7e f5 Sep 21 07:28:57.345829: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:57.345830: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345833: | length: 12 (0xc) Sep 21 07:28:57.345835: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.345836: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:57.345838: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.345839: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.345841: | length/value: 256 (0x100) Sep 21 07:28:57.345843: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345845: | length: 8 (0x8) Sep 21 07:28:57.345847: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.345848: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:57.345850: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345853: | length: 8 (0x8) Sep 21 07:28:57.345855: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.345856: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:57.345858: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345859: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.345861: | length: 8 (0x8) Sep 21 07:28:57.345862: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:57.345864: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:57.345866: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:28:57.345867: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:28:57.345869: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.345871: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:57.345872: | length: 48 (0x30) Sep 21 07:28:57.345873: | prop #: 4 (0x4) Sep 21 07:28:57.345875: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:57.345876: | spi size: 4 (0x4) Sep 21 07:28:57.345878: | # transforms: 4 (0x4) Sep 21 07:28:57.345879: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:57.345881: | remote SPI f0 ed 7e f5 Sep 21 07:28:57.345882: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:57.345884: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345887: | length: 12 (0xc) Sep 21 07:28:57.345889: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.345891: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:57.345892: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.345894: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.345895: | length/value: 128 (0x80) Sep 21 07:28:57.345897: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345900: | length: 8 (0x8) Sep 21 07:28:57.345901: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.345903: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:57.345905: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345906: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345907: | length: 8 (0x8) Sep 21 07:28:57.345909: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:57.345910: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:57.345912: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345914: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.345915: | length: 8 (0x8) Sep 21 07:28:57.345916: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:57.345918: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:57.345920: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:28:57.345922: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:28:57.345925: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=f0ed7ef5;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:28:57.345928: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=f0ed7ef5;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:28:57.345929: | converting proposal to internal trans attrs Sep 21 07:28:57.345945: | netlink_get_spi: allocated 0x58804fee for esp.0@192.1.2.23 Sep 21 07:28:57.345947: | Emitting ikev2_proposal ... Sep 21 07:28:57.345949: | ****emit IKEv2 Security Association Payload: Sep 21 07:28:57.345950: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.345952: | flags: none (0x0) Sep 21 07:28:57.345954: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:28:57.345956: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.345958: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:57.345959: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:57.345961: | prop #: 1 (0x1) Sep 21 07:28:57.345962: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:57.345964: | spi size: 4 (0x4) Sep 21 07:28:57.345965: | # transforms: 2 (0x2) Sep 21 07:28:57.345967: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:57.345969: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:28:57.345970: | our spi 58 80 4f ee Sep 21 07:28:57.345972: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345975: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:57.345977: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:57.345978: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:57.345980: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:57.345982: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:57.345983: | length/value: 256 (0x100) Sep 21 07:28:57.345986: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:57.345988: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:57.345990: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:57.345991: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:57.345993: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:57.345994: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:57.345996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:57.345998: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:57.346000: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:28:57.346001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:57.346003: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:28:57.346005: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:28:57.346007: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:28:57.346008: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.346010: | flags: none (0x0) Sep 21 07:28:57.346011: | number of TS: 1 (0x1) Sep 21 07:28:57.346013: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:28:57.346015: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.346017: | *****emit IKEv2 Traffic Selector: Sep 21 07:28:57.346018: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:57.346020: | IP Protocol ID: 0 (0x0) Sep 21 07:28:57.346021: | start port: 0 (0x0) Sep 21 07:28:57.346023: | end port: 65535 (0xffff) Sep 21 07:28:57.346025: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:28:57.346026: | IP start c0 00 01 00 Sep 21 07:28:57.346028: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:28:57.346029: | IP end c0 00 01 ff Sep 21 07:28:57.346031: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:28:57.346032: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:28:57.346034: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:28:57.346035: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:57.346037: | flags: none (0x0) Sep 21 07:28:57.346038: | number of TS: 1 (0x1) Sep 21 07:28:57.346040: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:28:57.346042: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:57.346043: | *****emit IKEv2 Traffic Selector: Sep 21 07:28:57.346045: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:57.346046: | IP Protocol ID: 0 (0x0) Sep 21 07:28:57.346048: | start port: 0 (0x0) Sep 21 07:28:57.346049: | end port: 65535 (0xffff) Sep 21 07:28:57.346051: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:28:57.346052: | IP start c0 00 02 00 Sep 21 07:28:57.346054: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:28:57.346055: | IP end c0 00 02 ff Sep 21 07:28:57.346057: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:28:57.346058: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:28:57.346060: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:28:57.346062: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:28:57.346162: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:28:57.346168: | #1 spent 1.13 milliseconds Sep 21 07:28:57.346170: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:28:57.346172: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:28:57.346174: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:28:57.346176: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:28:57.346178: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:28:57.346181: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:28:57.346184: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:28:57.346186: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:28:57.346188: | AES_GCM_16 requires 4 salt bytes Sep 21 07:28:57.346189: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:28:57.346192: | setting IPsec SA replay-window to 32 Sep 21 07:28:57.346194: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:28:57.346196: | netlink: enabling tunnel mode Sep 21 07:28:57.346198: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:28:57.346199: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:28:57.346274: | netlink response for Add SA esp.f0ed7ef5@192.1.2.45 included non-error error Sep 21 07:28:57.346279: | set up outgoing SA, ref=0/0 Sep 21 07:28:57.346281: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:28:57.346283: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:28:57.346285: | AES_GCM_16 requires 4 salt bytes Sep 21 07:28:57.346286: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:28:57.346288: | setting IPsec SA replay-window to 32 Sep 21 07:28:57.346290: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:28:57.346292: | netlink: enabling tunnel mode Sep 21 07:28:57.346293: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:28:57.346295: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:28:57.346337: | netlink response for Add SA esp.58804fee@192.1.2.23 included non-error error Sep 21 07:28:57.346340: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:28:57.346345: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:28:57.346347: | IPsec Sa SPD priority set to 1042407 Sep 21 07:28:57.346398: | raw_eroute result=success Sep 21 07:28:57.346402: | set up incoming SA, ref=0/0 Sep 21 07:28:57.346404: | sr for #2: unrouted Sep 21 07:28:57.346406: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:28:57.346407: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:28:57.346409: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:28:57.346411: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:28:57.346413: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:28:57.346415: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:28:57.346418: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:28:57.346422: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Sep 21 07:28:57.346424: | IPsec Sa SPD priority set to 1042407 Sep 21 07:28:57.346442: | raw_eroute result=success Sep 21 07:28:57.346446: | running updown command "ipsec _updown" for verb up Sep 21 07:28:57.346448: | command executing up-client Sep 21 07:28:57.346464: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Sep 21 07:28:57.346470: | popen cmd is 1046 chars long Sep 21 07:28:57.346472: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:28:57.346474: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Sep 21 07:28:57.346475: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Sep 21 07:28:57.346491: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Sep 21 07:28:57.346498: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Sep 21 07:28:57.346501: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Sep 21 07:28:57.346505: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:28:57.346508: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Sep 21 07:28:57.346510: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:28:57.346513: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:28:57.346515: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:28:57.346518: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:28:57.346521: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf0ed7ef5 SPI_OUT=0x58804fee ipsec _updow: Sep 21 07:28:57.346524: | cmd(1040):n 2>&1: Sep 21 07:28:57.358848: | route_and_eroute: firewall_notified: true Sep 21 07:28:57.358862: | running updown command "ipsec _updown" for verb prepare Sep 21 07:28:57.358866: | command executing prepare-client Sep 21 07:28:57.358894: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:28:57.358898: | popen cmd is 1051 chars long Sep 21 07:28:57.358902: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:28:57.358904: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Sep 21 07:28:57.358910: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:28:57.358912: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:28:57.358915: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Sep 21 07:28:57.358917: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:28:57.358919: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:28:57.358922: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:28:57.358924: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:28:57.358926: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:28:57.358929: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:28:57.358931: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:28:57.358933: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf0ed7ef5 SPI_OUT=0x58804fee ipsec _: Sep 21 07:28:57.358935: | cmd(1040):updown 2>&1: Sep 21 07:28:57.372753: | running updown command "ipsec _updown" for verb route Sep 21 07:28:57.372765: | command executing route-client Sep 21 07:28:57.372790: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:28:57.372794: | popen cmd is 1049 chars long Sep 21 07:28:57.372796: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:28:57.372798: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Sep 21 07:28:57.372799: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Sep 21 07:28:57.372801: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Sep 21 07:28:57.372802: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Sep 21 07:28:57.372804: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:28:57.372806: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:28:57.372807: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:28:57.372809: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:28:57.372823: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:28:57.372825: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:28:57.372826: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:28:57.372828: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf0ed7ef5 SPI_OUT=0x58804fee ipsec _up: Sep 21 07:28:57.372832: | cmd(1040):down 2>&1: Sep 21 07:28:57.381724: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x564f21138a90,sr=0x564f21138a90} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:28:57.381817: | #1 spent 0.784 milliseconds in install_ipsec_sa() Sep 21 07:28:57.381827: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:28:57.381831: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:28:57.381834: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:28:57.381838: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:28:57.381840: | emitting length of IKEv2 Encryption Payload: 197 Sep 21 07:28:57.381843: | emitting length of ISAKMP Message: 225 Sep 21 07:28:57.381860: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:28:57.381866: | #1 spent 1.97 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:28:57.381873: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:57.381878: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:57.381882: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:28:57.381885: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:28:57.381888: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:28:57.381891: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:28:57.381897: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:28:57.381902: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:28:57.381904: | pstats #2 ikev2.child established Sep 21 07:28:57.381912: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Sep 21 07:28:57.381916: | NAT-T: encaps is 'auto' Sep 21 07:28:57.381922: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xf0ed7ef5 <0x58804fee xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:28:57.381927: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:28:57.381933: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:28:57.381936: | 32 86 7e d9 f7 b1 8f 34 9b ec 7e 49 a5 a4 18 3d Sep 21 07:28:57.381938: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:28:57.381940: | 26 9b 81 bc 06 a0 41 b9 4f 1d be 84 45 33 77 9a Sep 21 07:28:57.381943: | 34 98 71 ae a9 5c e4 98 35 b4 8a 80 ce e4 01 a2 Sep 21 07:28:57.381945: | 5d b8 c1 36 de 39 13 0d ec 4d 94 f7 c4 0f 52 d0 Sep 21 07:28:57.381947: | 96 b2 cb 9a f0 d0 2d 10 ef 47 e1 a8 b6 42 56 ed Sep 21 07:28:57.381950: | 2b 92 c5 c1 23 48 7e ce 8b 4a 51 1f f7 07 22 f3 Sep 21 07:28:57.381952: | f0 df 95 5e 4f df e0 a9 71 1c 06 da 61 d5 f5 24 Sep 21 07:28:57.381955: | 21 f2 47 2e 76 5f d2 bd 08 56 89 17 f1 6a ea 02 Sep 21 07:28:57.381957: | 7b d6 ae 58 00 f5 1c f8 fe 95 38 b1 97 94 55 92 Sep 21 07:28:57.381959: | 40 ed c3 d0 2d 88 3e 07 57 79 d7 55 78 7b 42 38 Sep 21 07:28:57.381961: | d1 0b 80 cd d7 74 53 91 62 8b 94 6f 1e c6 a1 00 Sep 21 07:28:57.381963: | b0 a3 0b fc 49 25 e0 a1 e8 94 85 57 c0 2c e7 1c Sep 21 07:28:57.381965: | 27 4d aa 90 07 05 47 a2 f7 e7 c0 a3 72 4d 32 39 Sep 21 07:28:57.381970: | 50 Sep 21 07:28:57.382014: | releasing whack for #2 (sock=fd@-1) Sep 21 07:28:57.382018: | releasing whack and unpending for parent #1 Sep 21 07:28:57.382021: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:57.382025: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:28:57.382028: | event_schedule: new EVENT_SA_REKEY-pe@0x7face4002b20 Sep 21 07:28:57.382031: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:28:57.382035: | libevent_malloc: new ptr-libevent@0x564f21142130 size 128 Sep 21 07:28:57.382040: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:28:57.382045: | #1 spent 2.22 milliseconds in resume sending helper answer Sep 21 07:28:57.382050: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:28:57.382054: | libevent_free: release ptr-libevent@0x7facdc006b90 Sep 21 07:28:57.382066: | processing signal PLUTO_SIGCHLD Sep 21 07:28:57.382072: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:57.382076: | spent 0.00506 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:57.382079: | processing signal PLUTO_SIGCHLD Sep 21 07:28:57.382082: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:57.382086: | spent 0.00377 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:57.382088: | processing signal PLUTO_SIGCHLD Sep 21 07:28:57.382091: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:57.382095: | spent 0.00345 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:01.444860: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:01.445080: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:29:01.445085: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:29:01.445150: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:29:01.445153: | FOR_EACH_STATE_... in sort_states Sep 21 07:29:01.445167: | get_sa_info esp.58804fee@192.1.2.23 Sep 21 07:29:01.445184: | get_sa_info esp.f0ed7ef5@192.1.2.45 Sep 21 07:29:01.445205: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:01.445213: | spent 0.355 milliseconds in whack