Sep 21 07:28:56.461350: FIPS Product: YES Sep 21 07:28:56.461396: FIPS Kernel: NO Sep 21 07:28:56.461399: FIPS Mode: NO Sep 21 07:28:56.461402: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:28:56.461586: Initializing NSS Sep 21 07:28:56.461590: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:28:56.525624: NSS initialized Sep 21 07:28:56.525635: NSS crypto library initialized Sep 21 07:28:56.525638: FIPS HMAC integrity support [enabled] Sep 21 07:28:56.525640: FIPS mode disabled for pluto daemon Sep 21 07:28:56.585889: FIPS HMAC integrity verification self-test FAILED Sep 21 07:28:56.586028: libcap-ng support [enabled] Sep 21 07:28:56.586035: Linux audit support [enabled] Sep 21 07:28:56.586058: Linux audit activated Sep 21 07:28:56.586066: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11441 Sep 21 07:28:56.586068: core dump dir: /tmp Sep 21 07:28:56.586069: secrets file: /etc/ipsec.secrets Sep 21 07:28:56.586071: leak-detective disabled Sep 21 07:28:56.586072: NSS crypto [enabled] Sep 21 07:28:56.586073: XAUTH PAM support [enabled] Sep 21 07:28:56.586128: | libevent is using pluto's memory allocator Sep 21 07:28:56.586132: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:28:56.586143: | libevent_malloc: new ptr-libevent@0x555bbe0ec2c0 size 40 Sep 21 07:28:56.586147: | libevent_malloc: new ptr-libevent@0x555bbe0ed570 size 40 Sep 21 07:28:56.586149: | libevent_malloc: new ptr-libevent@0x555bbe0ed5a0 size 40 Sep 21 07:28:56.586151: | creating event base Sep 21 07:28:56.586153: | libevent_malloc: new ptr-libevent@0x555bbe0ed530 size 56 Sep 21 07:28:56.586155: | libevent_malloc: new ptr-libevent@0x555bbe0ed5d0 size 664 Sep 21 07:28:56.586162: | libevent_malloc: new ptr-libevent@0x555bbe0ed870 size 24 Sep 21 07:28:56.586166: | libevent_malloc: new ptr-libevent@0x555bbe0defa0 size 384 Sep 21 07:28:56.586174: | libevent_malloc: new ptr-libevent@0x555bbe0ed890 size 16 Sep 21 07:28:56.586176: | libevent_malloc: new ptr-libevent@0x555bbe0ed8b0 size 40 Sep 21 07:28:56.586178: | libevent_malloc: new ptr-libevent@0x555bbe0ed8e0 size 48 Sep 21 07:28:56.586182: | libevent_realloc: new ptr-libevent@0x555bbe06f370 size 256 Sep 21 07:28:56.586184: | libevent_malloc: new ptr-libevent@0x555bbe0ed920 size 16 Sep 21 07:28:56.586188: | libevent_free: release ptr-libevent@0x555bbe0ed530 Sep 21 07:28:56.586190: | libevent initialized Sep 21 07:28:56.586192: | libevent_realloc: new ptr-libevent@0x555bbe0ed940 size 64 Sep 21 07:28:56.586197: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:28:56.586209: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:28:56.586211: NAT-Traversal support [enabled] Sep 21 07:28:56.586213: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:28:56.586221: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:28:56.586223: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:28:56.586246: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:28:56.586248: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:28:56.586250: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:28:56.586282: Encryption algorithms: Sep 21 07:28:56.586290: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:28:56.586292: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:28:56.586294: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:28:56.586297: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:28:56.586299: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:28:56.586305: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:28:56.586307: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:28:56.586309: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:28:56.586311: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:28:56.586313: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:28:56.586316: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:28:56.586318: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:28:56.586320: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:28:56.586322: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:28:56.586324: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:28:56.586326: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:28:56.586328: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:28:56.586333: Hash algorithms: Sep 21 07:28:56.586335: MD5 IKEv1: IKE IKEv2: Sep 21 07:28:56.586337: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:28:56.586339: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:28:56.586340: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:28:56.586342: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:28:56.586350: PRF algorithms: Sep 21 07:28:56.586352: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:28:56.586354: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:28:56.586356: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:28:56.586358: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:28:56.586360: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:28:56.586362: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:28:56.586376: Integrity algorithms: Sep 21 07:28:56.586378: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:28:56.586381: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:28:56.586383: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:28:56.586386: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:28:56.586388: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:28:56.586390: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:28:56.586392: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:28:56.586394: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:28:56.586396: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:28:56.586403: DH algorithms: Sep 21 07:28:56.586405: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:28:56.586407: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:28:56.586409: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:28:56.586412: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:28:56.586414: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:28:56.586415: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:28:56.586417: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:28:56.586419: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:28:56.586421: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:28:56.586423: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:28:56.586424: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:28:56.586426: testing CAMELLIA_CBC: Sep 21 07:28:56.586428: Camellia: 16 bytes with 128-bit key Sep 21 07:28:56.586530: Camellia: 16 bytes with 128-bit key Sep 21 07:28:56.586552: Camellia: 16 bytes with 256-bit key Sep 21 07:28:56.586571: Camellia: 16 bytes with 256-bit key Sep 21 07:28:56.586588: testing AES_GCM_16: Sep 21 07:28:56.586591: empty string Sep 21 07:28:56.586616: one block Sep 21 07:28:56.586634: two blocks Sep 21 07:28:56.586650: two blocks with associated data Sep 21 07:28:56.586666: testing AES_CTR: Sep 21 07:28:56.586668: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:28:56.586685: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:28:56.586701: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:28:56.586719: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:28:56.586735: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:28:56.586752: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:28:56.586768: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:28:56.586790: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:28:56.586810: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:28:56.586827: testing AES_CBC: Sep 21 07:28:56.586829: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:28:56.586845: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:28:56.586863: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:28:56.586882: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:28:56.586903: testing AES_XCBC: Sep 21 07:28:56.586904: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:28:56.586980: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:28:56.587061: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:28:56.587135: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:28:56.587211: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:28:56.587288: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:28:56.587401: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:28:56.587615: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:28:56.587753: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:28:56.587911: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:28:56.588097: testing HMAC_MD5: Sep 21 07:28:56.588102: RFC 2104: MD5_HMAC test 1 Sep 21 07:28:56.588223: RFC 2104: MD5_HMAC test 2 Sep 21 07:28:56.588345: RFC 2104: MD5_HMAC test 3 Sep 21 07:28:56.588465: 8 CPU cores online Sep 21 07:28:56.588468: starting up 7 crypto helpers Sep 21 07:28:56.588501: started thread for crypto helper 0 Sep 21 07:28:56.588507: | starting up helper thread 0 Sep 21 07:28:56.588519: started thread for crypto helper 1 Sep 21 07:28:56.588524: | starting up helper thread 1 Sep 21 07:28:56.588520: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:28:56.588533: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:28:56.588545: | crypto helper 0 waiting (nothing to do) Sep 21 07:28:56.588552: | crypto helper 1 waiting (nothing to do) Sep 21 07:28:56.588553: started thread for crypto helper 2 Sep 21 07:28:56.588557: | starting up helper thread 2 Sep 21 07:28:56.588570: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:28:56.588572: | crypto helper 2 waiting (nothing to do) Sep 21 07:28:56.588583: started thread for crypto helper 3 Sep 21 07:28:56.588584: | starting up helper thread 3 Sep 21 07:28:56.588596: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:28:56.588598: | crypto helper 3 waiting (nothing to do) Sep 21 07:28:56.588611: started thread for crypto helper 4 Sep 21 07:28:56.588631: started thread for crypto helper 5 Sep 21 07:28:56.588652: started thread for crypto helper 6 Sep 21 07:28:56.588655: | starting up helper thread 6 Sep 21 07:28:56.588660: | checking IKEv1 state table Sep 21 07:28:56.588662: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:28:56.588669: | crypto helper 6 waiting (nothing to do) Sep 21 07:28:56.588671: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588674: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:28:56.588676: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588679: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:28:56.588682: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:28:56.588684: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:28:56.588686: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:56.588688: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:56.588691: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:28:56.588693: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:28:56.588696: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:56.588698: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:56.588700: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:28:56.588703: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:56.588705: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:56.588707: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:28:56.588710: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:28:56.588713: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:56.588715: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:56.588717: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:28:56.588720: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:28:56.588722: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588725: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:28:56.588727: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588729: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588732: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:28:56.588734: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588747: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:28:56.588750: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:28:56.588753: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:28:56.588755: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:28:56.588757: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:28:56.588760: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:28:56.588762: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588765: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:28:56.588767: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588770: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:28:56.588772: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:28:56.588775: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:28:56.588777: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:28:56.588780: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:28:56.588782: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:28:56.588798: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:28:56.588800: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588806: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:28:56.588808: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588811: | INFO: category: informational flags: 0: Sep 21 07:28:56.588813: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588816: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:28:56.588818: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588820: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:28:56.588822: | -> XAUTH_R1 EVENT_NULL Sep 21 07:28:56.588824: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:28:56.588826: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:56.588828: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:28:56.588830: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:28:56.588832: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:28:56.588834: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:28:56.588836: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:28:56.588838: | -> UNDEFINED EVENT_NULL Sep 21 07:28:56.588840: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:28:56.588842: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:56.588844: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:28:56.588846: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:28:56.588848: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:28:56.588850: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:28:56.588856: | checking IKEv2 state table Sep 21 07:28:56.588863: | PARENT_I0: category: ignore flags: 0: Sep 21 07:28:56.588865: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:28:56.588868: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588871: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:28:56.588873: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:28:56.588876: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:28:56.588878: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:28:56.588881: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:28:56.588883: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:28:56.588885: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:28:56.588888: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:28:56.588890: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:28:56.588893: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:28:56.588895: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:28:56.588898: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:28:56.588900: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:28:56.588903: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588906: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:28:56.588908: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:28:56.588911: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:28:56.588914: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:28:56.588916: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:28:56.588919: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:28:56.588922: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:28:56.588924: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:28:56.588926: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:28:56.588929: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:28:56.588934: | starting up helper thread 5 Sep 21 07:28:56.588930: | starting up helper thread 4 Sep 21 07:28:56.588953: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:28:56.588956: | crypto helper 4 waiting (nothing to do) Sep 21 07:28:56.588937: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:28:56.588943: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:28:56.589013: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:28:56.589020: | crypto helper 5 waiting (nothing to do) Sep 21 07:28:56.589023: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:28:56.589026: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:28:56.589029: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:28:56.589031: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:28:56.589033: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:28:56.589035: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:28:56.589038: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:28:56.589041: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:28:56.589043: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:28:56.589046: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:28:56.589048: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:28:56.589051: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:28:56.589054: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:28:56.589056: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:28:56.589059: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:28:56.589061: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:28:56.589064: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:28:56.589066: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:28:56.589121: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:28:56.589176: | Hard-wiring algorithms Sep 21 07:28:56.589179: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:28:56.589182: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:28:56.589183: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:28:56.589185: | adding 3DES_CBC to kernel algorithm db Sep 21 07:28:56.589186: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:28:56.589188: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:28:56.589189: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:28:56.589191: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:28:56.589192: | adding AES_CTR to kernel algorithm db Sep 21 07:28:56.589194: | adding AES_CBC to kernel algorithm db Sep 21 07:28:56.589195: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:28:56.589197: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:28:56.589199: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:28:56.589200: | adding NULL to kernel algorithm db Sep 21 07:28:56.589202: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:28:56.589204: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:28:56.589205: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:28:56.589207: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:28:56.589208: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:28:56.589210: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:28:56.589212: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:28:56.589214: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:28:56.589215: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:28:56.589217: | adding NONE to kernel algorithm db Sep 21 07:28:56.589238: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:28:56.589242: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:28:56.589244: | setup kernel fd callback Sep 21 07:28:56.589246: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555bbe0f3010 Sep 21 07:28:56.589249: | libevent_malloc: new ptr-libevent@0x555bbe0ff130 size 128 Sep 21 07:28:56.589251: | libevent_malloc: new ptr-libevent@0x555bbe0f22f0 size 16 Sep 21 07:28:56.589255: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555bbe0f2fd0 Sep 21 07:28:56.589257: | libevent_malloc: new ptr-libevent@0x555bbe0ff1c0 size 128 Sep 21 07:28:56.589259: | libevent_malloc: new ptr-libevent@0x555bbe0f2310 size 16 Sep 21 07:28:56.589489: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:28:56.589498: selinux support is enabled. Sep 21 07:28:56.589563: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:28:56.589687: | unbound context created - setting debug level to 5 Sep 21 07:28:56.589708: | /etc/hosts lookups activated Sep 21 07:28:56.589720: | /etc/resolv.conf usage activated Sep 21 07:28:56.589752: | outgoing-port-avoid set 0-65535 Sep 21 07:28:56.589769: | outgoing-port-permit set 32768-60999 Sep 21 07:28:56.589771: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:28:56.589773: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:28:56.589775: | Setting up events, loop start Sep 21 07:28:56.589777: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555bbe0ed530 Sep 21 07:28:56.589779: | libevent_malloc: new ptr-libevent@0x555bbe1096b0 size 128 Sep 21 07:28:56.589782: | libevent_malloc: new ptr-libevent@0x555bbe109740 size 16 Sep 21 07:28:56.589799: | libevent_realloc: new ptr-libevent@0x555bbe06d6c0 size 256 Sep 21 07:28:56.589801: | libevent_malloc: new ptr-libevent@0x555bbe109760 size 8 Sep 21 07:28:56.589803: | libevent_realloc: new ptr-libevent@0x555bbe0fe530 size 144 Sep 21 07:28:56.589805: | libevent_malloc: new ptr-libevent@0x555bbe109780 size 152 Sep 21 07:28:56.589807: | libevent_malloc: new ptr-libevent@0x555bbe109820 size 16 Sep 21 07:28:56.589810: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:28:56.589812: | libevent_malloc: new ptr-libevent@0x555bbe109840 size 8 Sep 21 07:28:56.589813: | libevent_malloc: new ptr-libevent@0x555bbe109860 size 152 Sep 21 07:28:56.589815: | signal event handler PLUTO_SIGTERM installed Sep 21 07:28:56.589817: | libevent_malloc: new ptr-libevent@0x555bbe109900 size 8 Sep 21 07:28:56.589818: | libevent_malloc: new ptr-libevent@0x555bbe109920 size 152 Sep 21 07:28:56.589820: | signal event handler PLUTO_SIGHUP installed Sep 21 07:28:56.589822: | libevent_malloc: new ptr-libevent@0x555bbe1099c0 size 8 Sep 21 07:28:56.589823: | libevent_realloc: release ptr-libevent@0x555bbe0fe530 Sep 21 07:28:56.589825: | libevent_realloc: new ptr-libevent@0x555bbe1099e0 size 256 Sep 21 07:28:56.589827: | libevent_malloc: new ptr-libevent@0x555bbe0fe530 size 152 Sep 21 07:28:56.589829: | signal event handler PLUTO_SIGSYS installed Sep 21 07:28:56.590087: | created addconn helper (pid:11530) using fork+execve Sep 21 07:28:56.590100: | forked child 11530 Sep 21 07:28:56.590140: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:56.590155: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:28:56.590162: listening for IKE messages Sep 21 07:28:56.590198: | Inspecting interface lo Sep 21 07:28:56.590205: | found lo with address 127.0.0.1 Sep 21 07:28:56.590208: | Inspecting interface eth0 Sep 21 07:28:56.590212: | found eth0 with address 192.0.2.254 Sep 21 07:28:56.590214: | Inspecting interface eth1 Sep 21 07:28:56.590218: | found eth1 with address 192.1.2.23 Sep 21 07:28:56.590262: Kernel supports NIC esp-hw-offload Sep 21 07:28:56.590275: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:28:56.590298: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:56.590305: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:56.590309: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:28:56.590335: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:28:56.590357: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:56.590361: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:56.590364: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:28:56.590389: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:28:56.590410: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:56.590414: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:56.590418: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:28:56.590489: | no interfaces to sort Sep 21 07:28:56.590495: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:28:56.590504: | add_fd_read_event_handler: new ethX-pe@0x555bbe109d50 Sep 21 07:28:56.590508: | libevent_malloc: new ptr-libevent@0x555bbe109d90 size 128 Sep 21 07:28:56.590511: | libevent_malloc: new ptr-libevent@0x555bbe109e20 size 16 Sep 21 07:28:56.590518: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:28:56.590521: | add_fd_read_event_handler: new ethX-pe@0x555bbe109e40 Sep 21 07:28:56.590524: | libevent_malloc: new ptr-libevent@0x555bbe109e80 size 128 Sep 21 07:28:56.590527: | libevent_malloc: new ptr-libevent@0x555bbe109f10 size 16 Sep 21 07:28:56.590532: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:28:56.590535: | add_fd_read_event_handler: new ethX-pe@0x555bbe109f30 Sep 21 07:28:56.590537: | libevent_malloc: new ptr-libevent@0x555bbe109f70 size 128 Sep 21 07:28:56.590540: | libevent_malloc: new ptr-libevent@0x555bbe10a000 size 16 Sep 21 07:28:56.590545: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:28:56.590548: | add_fd_read_event_handler: new ethX-pe@0x555bbe10a020 Sep 21 07:28:56.590550: | libevent_malloc: new ptr-libevent@0x555bbe10a060 size 128 Sep 21 07:28:56.590553: | libevent_malloc: new ptr-libevent@0x555bbe10a0f0 size 16 Sep 21 07:28:56.590557: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:28:56.590560: | add_fd_read_event_handler: new ethX-pe@0x555bbe10a110 Sep 21 07:28:56.590562: | libevent_malloc: new ptr-libevent@0x555bbe10a150 size 128 Sep 21 07:28:56.590565: | libevent_malloc: new ptr-libevent@0x555bbe10a1e0 size 16 Sep 21 07:28:56.590570: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:28:56.590573: | add_fd_read_event_handler: new ethX-pe@0x555bbe10a200 Sep 21 07:28:56.590576: | libevent_malloc: new ptr-libevent@0x555bbe10a240 size 128 Sep 21 07:28:56.590578: | libevent_malloc: new ptr-libevent@0x555bbe10a2d0 size 16 Sep 21 07:28:56.590583: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:28:56.590588: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:28:56.590590: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:28:56.590611: loading secrets from "/etc/ipsec.secrets" Sep 21 07:28:56.590624: | id type added to secret(0x555bbe0ff2f0) PKK_PSK: @east Sep 21 07:28:56.590628: | id type added to secret(0x555bbe0ff2f0) PKK_PSK: @west Sep 21 07:28:56.590633: | Processing PSK at line 1: passed Sep 21 07:28:56.590635: | certs and keys locked by 'process_secret' Sep 21 07:28:56.590638: | certs and keys unlocked by 'process_secret' Sep 21 07:28:56.590643: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:28:56.590652: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:56.590660: | spent 0.523 milliseconds in whack Sep 21 07:28:56.620017: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:56.620041: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:28:56.620047: listening for IKE messages Sep 21 07:28:56.620087: | Inspecting interface lo Sep 21 07:28:56.620099: | found lo with address 127.0.0.1 Sep 21 07:28:56.620102: | Inspecting interface eth0 Sep 21 07:28:56.620107: | found eth0 with address 192.0.2.254 Sep 21 07:28:56.620109: | Inspecting interface eth1 Sep 21 07:28:56.620113: | found eth1 with address 192.1.2.23 Sep 21 07:28:56.620184: | no interfaces to sort Sep 21 07:28:56.620195: | libevent_free: release ptr-libevent@0x555bbe109d90 Sep 21 07:28:56.620198: | free_event_entry: release EVENT_NULL-pe@0x555bbe109d50 Sep 21 07:28:56.620201: | add_fd_read_event_handler: new ethX-pe@0x555bbe109d50 Sep 21 07:28:56.620205: | libevent_malloc: new ptr-libevent@0x555bbe109d90 size 128 Sep 21 07:28:56.620213: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:28:56.620218: | libevent_free: release ptr-libevent@0x555bbe109e80 Sep 21 07:28:56.620221: | free_event_entry: release EVENT_NULL-pe@0x555bbe109e40 Sep 21 07:28:56.620224: | add_fd_read_event_handler: new ethX-pe@0x555bbe109e40 Sep 21 07:28:56.620226: | libevent_malloc: new ptr-libevent@0x555bbe109e80 size 128 Sep 21 07:28:56.620231: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:28:56.620235: | libevent_free: release ptr-libevent@0x555bbe109f70 Sep 21 07:28:56.620237: | free_event_entry: release EVENT_NULL-pe@0x555bbe109f30 Sep 21 07:28:56.620240: | add_fd_read_event_handler: new ethX-pe@0x555bbe109f30 Sep 21 07:28:56.620242: | libevent_malloc: new ptr-libevent@0x555bbe109f70 size 128 Sep 21 07:28:56.620247: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:28:56.620251: | libevent_free: release ptr-libevent@0x555bbe10a060 Sep 21 07:28:56.620253: | free_event_entry: release EVENT_NULL-pe@0x555bbe10a020 Sep 21 07:28:56.620256: | add_fd_read_event_handler: new ethX-pe@0x555bbe10a020 Sep 21 07:28:56.620258: | libevent_malloc: new ptr-libevent@0x555bbe10a060 size 128 Sep 21 07:28:56.620264: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:28:56.620268: | libevent_free: release ptr-libevent@0x555bbe10a150 Sep 21 07:28:56.620270: | free_event_entry: release EVENT_NULL-pe@0x555bbe10a110 Sep 21 07:28:56.620273: | add_fd_read_event_handler: new ethX-pe@0x555bbe10a110 Sep 21 07:28:56.620275: | libevent_malloc: new ptr-libevent@0x555bbe10a150 size 128 Sep 21 07:28:56.620280: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:28:56.620284: | libevent_free: release ptr-libevent@0x555bbe10a240 Sep 21 07:28:56.620287: | free_event_entry: release EVENT_NULL-pe@0x555bbe10a200 Sep 21 07:28:56.620289: | add_fd_read_event_handler: new ethX-pe@0x555bbe10a200 Sep 21 07:28:56.620292: | libevent_malloc: new ptr-libevent@0x555bbe10a240 size 128 Sep 21 07:28:56.620297: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:28:56.620300: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:28:56.620303: forgetting secrets Sep 21 07:28:56.620312: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:28:56.620328: loading secrets from "/etc/ipsec.secrets" Sep 21 07:28:56.620339: | id type added to secret(0x555bbe0ff2f0) PKK_PSK: @east Sep 21 07:28:56.620343: | id type added to secret(0x555bbe0ff2f0) PKK_PSK: @west Sep 21 07:28:56.620347: | Processing PSK at line 1: passed Sep 21 07:28:56.620350: | certs and keys locked by 'process_secret' Sep 21 07:28:56.620352: | certs and keys unlocked by 'process_secret' Sep 21 07:28:56.620358: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:28:56.620366: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:56.620374: | spent 0.365 milliseconds in whack Sep 21 07:28:56.620885: | processing signal PLUTO_SIGCHLD Sep 21 07:28:56.620897: | waitpid returned pid 11530 (exited with status 0) Sep 21 07:28:56.620900: | reaped addconn helper child (status 0) Sep 21 07:28:56.620903: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:56.620907: | spent 0.0117 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:56.697542: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:56.697562: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:56.697565: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:28:56.697566: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:56.697568: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:28:56.697571: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:56.697577: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:28:56.697617: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:28:56.697619: | from whack: got --esp= Sep 21 07:28:56.697641: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:28:56.697645: | counting wild cards for @west is 0 Sep 21 07:28:56.697647: | counting wild cards for @east is 0 Sep 21 07:28:56.697655: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:28:56.697658: | new hp@0x555bbe0d6600 Sep 21 07:28:56.697660: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:56.697668: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:28:56.697675: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:28:56.697681: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:56.697688: | spent 0.153 milliseconds in whack Sep 21 07:28:59.333325: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:28:59.333356: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:28:59.333359: | 41 75 14 23 59 b1 14 ea 00 00 00 00 00 00 00 00 Sep 21 07:28:59.333362: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:28:59.333364: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:28:59.333366: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:28:59.333369: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:28:59.333371: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:28:59.333373: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:28:59.333376: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:28:59.333378: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:28:59.333380: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:28:59.333383: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:28:59.333385: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:28:59.333387: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:28:59.333389: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:28:59.333392: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:28:59.333394: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:28:59.333396: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:28:59.333399: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:28:59.333401: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:28:59.333403: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:28:59.333405: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:28:59.333408: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:28:59.333410: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:28:59.333413: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:28:59.333419: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:28:59.333422: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:28:59.333424: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:28:59.333426: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:28:59.333429: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:28:59.333431: | 28 00 01 08 00 0e 00 00 d9 26 98 e6 7f 2e 20 e5 Sep 21 07:28:59.333433: | 4a b6 c1 5b 0a 72 f4 15 69 bf 7c a2 c0 9c b6 c6 Sep 21 07:28:59.333436: | 81 b4 e6 47 59 58 01 6a b3 07 4d 2b 7b 5b 87 c9 Sep 21 07:28:59.333438: | 34 91 ae 82 03 e7 3b 93 f4 db 84 c5 8b af da 94 Sep 21 07:28:59.333440: | bf b2 a3 15 07 f9 72 2b 37 bc 8a 8d ba 87 12 51 Sep 21 07:28:59.333443: | 19 50 d7 11 1f 9d 71 40 a5 d3 d5 5d b7 5e 1c de Sep 21 07:28:59.333445: | 04 b7 bd 2d 19 98 80 66 8e 3f b5 9d 7c fd d3 45 Sep 21 07:28:59.333447: | bb f7 00 0e c9 a3 5e 99 e7 07 f0 f6 59 f5 c0 d9 Sep 21 07:28:59.333450: | 2e 39 79 30 37 23 a5 3b a6 ce 26 5f 01 e5 28 14 Sep 21 07:28:59.333452: | 7d 39 ac 4f be cb 48 64 08 a6 4b bc 88 63 85 ea Sep 21 07:28:59.333454: | 3a 3d f5 dc f8 26 62 c4 6d 50 1b 20 3a 6d e7 c3 Sep 21 07:28:59.333457: | 49 6e 2d b0 8a 8e e6 b9 b1 c9 bf 5c ef 49 8b 1f Sep 21 07:28:59.333459: | 54 be 67 02 9d ff 78 90 64 b9 b8 00 1e f3 c5 7d Sep 21 07:28:59.333461: | 67 18 bd e7 ba 75 2c 18 6f d3 b0 95 6c 87 f5 2a Sep 21 07:28:59.333464: | 96 96 f1 e2 ea aa 7e 1d 0d 31 98 02 26 3d 0e 08 Sep 21 07:28:59.333466: | 8f 1a bd eb 63 d2 71 fc 68 44 9b 91 74 98 e1 ba Sep 21 07:28:59.333468: | f5 6c c7 89 52 06 ab d1 29 00 00 24 32 43 8d be Sep 21 07:28:59.333471: | 0d ff 43 ba b9 f1 03 c1 50 88 16 7b b2 7e 44 07 Sep 21 07:28:59.333473: | 4e f6 78 fa 0f 5e cb 01 7f c4 c9 12 29 00 00 08 Sep 21 07:28:59.333475: | 00 00 40 2e 29 00 00 1c 00 00 40 04 b0 f9 6f 37 Sep 21 07:28:59.333478: | 89 42 77 c3 64 aa d7 4c 51 5f b1 4e 9a ee 60 e5 Sep 21 07:28:59.333480: | 00 00 00 1c 00 00 40 05 22 a7 be 3f f8 cd 4b 80 Sep 21 07:28:59.333482: | ea 8f a0 f0 24 76 02 62 27 85 61 98 Sep 21 07:28:59.333489: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:28:59.333493: | **parse ISAKMP Message: Sep 21 07:28:59.333495: | initiator cookie: Sep 21 07:28:59.333497: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.333500: | responder cookie: Sep 21 07:28:59.333502: | 00 00 00 00 00 00 00 00 Sep 21 07:28:59.333505: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:59.333508: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.333510: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:28:59.333513: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:28:59.333515: | Message ID: 0 (0x0) Sep 21 07:28:59.333518: | length: 828 (0x33c) Sep 21 07:28:59.333521: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:28:59.333524: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:28:59.333528: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:28:59.333531: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:28:59.333534: | ***parse IKEv2 Security Association Payload: Sep 21 07:28:59.333537: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:28:59.333539: | flags: none (0x0) Sep 21 07:28:59.333542: | length: 436 (0x1b4) Sep 21 07:28:59.333544: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:28:59.333547: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:28:59.333549: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:28:59.333552: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:28:59.333554: | flags: none (0x0) Sep 21 07:28:59.333557: | length: 264 (0x108) Sep 21 07:28:59.333559: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.333562: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:28:59.333566: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:28:59.333568: | ***parse IKEv2 Nonce Payload: Sep 21 07:28:59.333571: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.333573: | flags: none (0x0) Sep 21 07:28:59.333575: | length: 36 (0x24) Sep 21 07:28:59.333578: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:28:59.333580: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:59.333583: | ***parse IKEv2 Notify Payload: Sep 21 07:28:59.333585: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.333588: | flags: none (0x0) Sep 21 07:28:59.333590: | length: 8 (0x8) Sep 21 07:28:59.333593: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.333595: | SPI size: 0 (0x0) Sep 21 07:28:59.333598: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:28:59.333600: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:28:59.333603: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:59.333605: | ***parse IKEv2 Notify Payload: Sep 21 07:28:59.333608: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.333610: | flags: none (0x0) Sep 21 07:28:59.333612: | length: 28 (0x1c) Sep 21 07:28:59.333615: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.333617: | SPI size: 0 (0x0) Sep 21 07:28:59.333620: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:28:59.333622: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:28:59.333624: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:59.333627: | ***parse IKEv2 Notify Payload: Sep 21 07:28:59.333629: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.333632: | flags: none (0x0) Sep 21 07:28:59.333634: | length: 28 (0x1c) Sep 21 07:28:59.333636: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.333639: | SPI size: 0 (0x0) Sep 21 07:28:59.333641: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:28:59.333643: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:28:59.333646: | DDOS disabled and no cookie sent, continuing Sep 21 07:28:59.333652: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:28:59.333657: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:59.333661: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:28:59.333664: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:28:59.333667: | find_next_host_connection returns empty Sep 21 07:28:59.333671: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:28:59.333674: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:28:59.333677: | find_next_host_connection returns empty Sep 21 07:28:59.333681: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:28:59.333685: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:28:59.333690: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:59.333693: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:28:59.333696: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:28:59.333698: | find_next_host_connection returns empty Sep 21 07:28:59.333702: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:28:59.333705: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:28:59.333707: | find_next_host_connection returns empty Sep 21 07:28:59.333711: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Sep 21 07:28:59.333716: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:28:59.333722: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:59.333725: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:28:59.333728: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Sep 21 07:28:59.333730: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:28:59.333733: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:28:59.333735: | find_next_host_connection returns empty Sep 21 07:28:59.333738: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Sep 21 07:28:59.333762: | creating state object #1 at 0x555bbe10d370 Sep 21 07:28:59.333765: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:28:59.333772: | pstats #1 ikev2.ike started Sep 21 07:28:59.333775: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:28:59.333778: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:28:59.333788: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:28:59.333800: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:28:59.333803: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:28:59.333807: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:28:59.333811: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:28:59.333815: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:28:59.333819: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:28:59.333822: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:28:59.333825: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:28:59.333827: | Now let's proceed with state specific processing Sep 21 07:28:59.333829: | calling processor Respond to IKE_SA_INIT Sep 21 07:28:59.333839: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:28:59.333842: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Sep 21 07:28:59.333850: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.333858: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.333862: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.333867: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.333871: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.333876: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.333880: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.333885: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.333898: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.333902: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:28:59.333907: | local proposal 1 type ENCR has 1 transforms Sep 21 07:28:59.333910: | local proposal 1 type PRF has 2 transforms Sep 21 07:28:59.333912: | local proposal 1 type INTEG has 1 transforms Sep 21 07:28:59.333915: | local proposal 1 type DH has 8 transforms Sep 21 07:28:59.333917: | local proposal 1 type ESN has 0 transforms Sep 21 07:28:59.333920: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:28:59.333923: | local proposal 2 type ENCR has 1 transforms Sep 21 07:28:59.333925: | local proposal 2 type PRF has 2 transforms Sep 21 07:28:59.333928: | local proposal 2 type INTEG has 1 transforms Sep 21 07:28:59.333930: | local proposal 2 type DH has 8 transforms Sep 21 07:28:59.333933: | local proposal 2 type ESN has 0 transforms Sep 21 07:28:59.333935: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:28:59.333938: | local proposal 3 type ENCR has 1 transforms Sep 21 07:28:59.333941: | local proposal 3 type PRF has 2 transforms Sep 21 07:28:59.333943: | local proposal 3 type INTEG has 2 transforms Sep 21 07:28:59.333945: | local proposal 3 type DH has 8 transforms Sep 21 07:28:59.333948: | local proposal 3 type ESN has 0 transforms Sep 21 07:28:59.333951: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:28:59.333953: | local proposal 4 type ENCR has 1 transforms Sep 21 07:28:59.333956: | local proposal 4 type PRF has 2 transforms Sep 21 07:28:59.333958: | local proposal 4 type INTEG has 2 transforms Sep 21 07:28:59.333960: | local proposal 4 type DH has 8 transforms Sep 21 07:28:59.333963: | local proposal 4 type ESN has 0 transforms Sep 21 07:28:59.333966: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:28:59.333969: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.333971: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.333974: | length: 100 (0x64) Sep 21 07:28:59.333976: | prop #: 1 (0x1) Sep 21 07:28:59.333979: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.333981: | spi size: 0 (0x0) Sep 21 07:28:59.333983: | # transforms: 11 (0xb) Sep 21 07:28:59.333987: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:28:59.333990: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.333992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.333995: | length: 12 (0xc) Sep 21 07:28:59.333997: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.334000: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.334002: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.334005: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.334007: | length/value: 256 (0x100) Sep 21 07:28:59.334012: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:28:59.334015: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334021: | length: 8 (0x8) Sep 21 07:28:59.334024: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334026: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.334030: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:28:59.334033: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:28:59.334036: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:28:59.334039: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:28:59.334042: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334047: | length: 8 (0x8) Sep 21 07:28:59.334049: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334051: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.334054: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334059: | length: 8 (0x8) Sep 21 07:28:59.334061: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334064: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.334067: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:28:59.334070: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:28:59.334073: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:28:59.334076: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:28:59.334079: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334081: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334083: | length: 8 (0x8) Sep 21 07:28:59.334086: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334088: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.334091: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334096: | length: 8 (0x8) Sep 21 07:28:59.334098: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334101: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.334103: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334108: | length: 8 (0x8) Sep 21 07:28:59.334110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334113: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.334116: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334120: | length: 8 (0x8) Sep 21 07:28:59.334123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334125: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.334128: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334132: | length: 8 (0x8) Sep 21 07:28:59.334135: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334137: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.334140: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334144: | length: 8 (0x8) Sep 21 07:28:59.334147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334149: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.334152: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334154: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.334156: | length: 8 (0x8) Sep 21 07:28:59.334159: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334163: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.334167: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:28:59.334172: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:28:59.334174: | remote proposal 1 matches local proposal 1 Sep 21 07:28:59.334177: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.334180: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.334182: | length: 100 (0x64) Sep 21 07:28:59.334184: | prop #: 2 (0x2) Sep 21 07:28:59.334187: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.334189: | spi size: 0 (0x0) Sep 21 07:28:59.334191: | # transforms: 11 (0xb) Sep 21 07:28:59.334194: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:59.334197: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334202: | length: 12 (0xc) Sep 21 07:28:59.334204: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.334207: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.334209: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.334212: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.334214: | length/value: 128 (0x80) Sep 21 07:28:59.334217: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334222: | length: 8 (0x8) Sep 21 07:28:59.334224: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334226: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.334229: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334234: | length: 8 (0x8) Sep 21 07:28:59.334236: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334239: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.334241: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334246: | length: 8 (0x8) Sep 21 07:28:59.334248: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334251: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.334254: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334258: | length: 8 (0x8) Sep 21 07:28:59.334261: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334263: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.334266: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334270: | length: 8 (0x8) Sep 21 07:28:59.334273: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334275: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.334278: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334282: | length: 8 (0x8) Sep 21 07:28:59.334285: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334287: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.334290: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334295: | length: 8 (0x8) Sep 21 07:28:59.334297: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334300: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.334302: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334307: | length: 8 (0x8) Sep 21 07:28:59.334312: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334315: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.334318: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334322: | length: 8 (0x8) Sep 21 07:28:59.334325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334327: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.334330: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334332: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.334334: | length: 8 (0x8) Sep 21 07:28:59.334337: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334339: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.334343: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:28:59.334346: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:28:59.334348: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.334351: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.334353: | length: 116 (0x74) Sep 21 07:28:59.334355: | prop #: 3 (0x3) Sep 21 07:28:59.334357: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.334360: | spi size: 0 (0x0) Sep 21 07:28:59.334362: | # transforms: 13 (0xd) Sep 21 07:28:59.334365: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:59.334368: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334373: | length: 12 (0xc) Sep 21 07:28:59.334375: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.334377: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.334380: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.334382: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.334385: | length/value: 256 (0x100) Sep 21 07:28:59.334387: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334392: | length: 8 (0x8) Sep 21 07:28:59.334394: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334397: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.334399: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334402: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334404: | length: 8 (0x8) Sep 21 07:28:59.334406: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334409: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.334411: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334416: | length: 8 (0x8) Sep 21 07:28:59.334418: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.334421: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.334424: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334426: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334428: | length: 8 (0x8) Sep 21 07:28:59.334431: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.334433: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.334436: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334438: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334440: | length: 8 (0x8) Sep 21 07:28:59.334443: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334445: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.334448: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334452: | length: 8 (0x8) Sep 21 07:28:59.334455: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334459: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.334462: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334466: | length: 8 (0x8) Sep 21 07:28:59.334469: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334471: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.334474: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334478: | length: 8 (0x8) Sep 21 07:28:59.334481: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334483: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.334486: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334490: | length: 8 (0x8) Sep 21 07:28:59.334493: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334495: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.334498: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334503: | length: 8 (0x8) Sep 21 07:28:59.334505: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334507: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.334510: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334515: | length: 8 (0x8) Sep 21 07:28:59.334517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334519: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.334522: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334524: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.334527: | length: 8 (0x8) Sep 21 07:28:59.334529: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334531: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.334535: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:28:59.334538: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:28:59.334541: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.334543: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.334545: | length: 116 (0x74) Sep 21 07:28:59.334547: | prop #: 4 (0x4) Sep 21 07:28:59.334550: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.334552: | spi size: 0 (0x0) Sep 21 07:28:59.334555: | # transforms: 13 (0xd) Sep 21 07:28:59.334558: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:59.334560: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334565: | length: 12 (0xc) Sep 21 07:28:59.334568: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.334570: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.334572: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.334575: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.334577: | length/value: 128 (0x80) Sep 21 07:28:59.334580: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334584: | length: 8 (0x8) Sep 21 07:28:59.334587: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334589: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.334592: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334597: | length: 8 (0x8) Sep 21 07:28:59.334599: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.334601: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.334605: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334608: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334610: | length: 8 (0x8) Sep 21 07:28:59.334612: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.334615: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.334618: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334622: | length: 8 (0x8) Sep 21 07:28:59.334625: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.334627: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.334630: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334634: | length: 8 (0x8) Sep 21 07:28:59.334637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334639: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.334642: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334647: | length: 8 (0x8) Sep 21 07:28:59.334649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334651: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.334654: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334656: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334659: | length: 8 (0x8) Sep 21 07:28:59.334661: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334663: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.334666: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334671: | length: 8 (0x8) Sep 21 07:28:59.334673: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334675: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.334678: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334680: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334683: | length: 8 (0x8) Sep 21 07:28:59.334685: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334687: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.334690: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334695: | length: 8 (0x8) Sep 21 07:28:59.334697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334700: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.334702: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334705: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.334707: | length: 8 (0x8) Sep 21 07:28:59.334709: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334712: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.334714: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.334717: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.334719: | length: 8 (0x8) Sep 21 07:28:59.334721: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.334724: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.334728: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:28:59.334730: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:28:59.334735: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:28:59.334740: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:28:59.334743: | converting proposal to internal trans attrs Sep 21 07:28:59.334746: | natd_hash: rcookie is zero Sep 21 07:28:59.334759: | natd_hash: hasher=0x555bbc5797a0(20) Sep 21 07:28:59.334762: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.334764: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:28:59.334767: | natd_hash: ip= c0 01 02 17 Sep 21 07:28:59.334769: | natd_hash: port= 01 f4 Sep 21 07:28:59.334772: | natd_hash: hash= 22 a7 be 3f f8 cd 4b 80 ea 8f a0 f0 24 76 02 62 Sep 21 07:28:59.334774: | natd_hash: hash= 27 85 61 98 Sep 21 07:28:59.334776: | natd_hash: rcookie is zero Sep 21 07:28:59.334786: | natd_hash: hasher=0x555bbc5797a0(20) Sep 21 07:28:59.334791: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.334794: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:28:59.334796: | natd_hash: ip= c0 01 02 2d Sep 21 07:28:59.334798: | natd_hash: port= 01 f4 Sep 21 07:28:59.334800: | natd_hash: hash= b0 f9 6f 37 89 42 77 c3 64 aa d7 4c 51 5f b1 4e Sep 21 07:28:59.334803: | natd_hash: hash= 9a ee 60 e5 Sep 21 07:28:59.334805: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:28:59.334807: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:28:59.334810: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:28:59.334813: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Sep 21 07:28:59.334818: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:28:59.334822: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555bbe10d2a0 Sep 21 07:28:59.334826: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:28:59.334829: | libevent_malloc: new ptr-libevent@0x555bbe10f4e0 size 128 Sep 21 07:28:59.334840: | #1 spent 1 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:28:59.334847: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.334850: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:28:59.334853: | suspending state #1 and saving MD Sep 21 07:28:59.334855: | #1 is busy; has a suspended MD Sep 21 07:28:59.334859: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:28:59.334863: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:28:59.334867: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:28:59.334871: | #1 spent 1.53 milliseconds in ikev2_process_packet() Sep 21 07:28:59.334876: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:28:59.334878: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:28:59.334881: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:28:59.334885: | spent 1.54 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:28:59.334887: | crypto helper 0 resuming Sep 21 07:28:59.334896: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:28:59.334901: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:28:59.335885: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000983 seconds Sep 21 07:28:59.335899: | (#1) spent 0.994 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:28:59.335903: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:28:59.335906: | scheduling resume sending helper answer for #1 Sep 21 07:28:59.335909: | libevent_malloc: new ptr-libevent@0x7f25f8006900 size 128 Sep 21 07:28:59.335917: | crypto helper 0 waiting (nothing to do) Sep 21 07:28:59.335924: | processing resume sending helper answer for #1 Sep 21 07:28:59.335931: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:28:59.335934: | crypto helper 0 replies to request ID 1 Sep 21 07:28:59.335937: | calling continuation function 0x555bbc4a3630 Sep 21 07:28:59.335940: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:28:59.335970: | **emit ISAKMP Message: Sep 21 07:28:59.335973: | initiator cookie: Sep 21 07:28:59.335975: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.335978: | responder cookie: Sep 21 07:28:59.335980: | e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.335983: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:28:59.335985: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.335988: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:28:59.335991: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:28:59.335993: | Message ID: 0 (0x0) Sep 21 07:28:59.335996: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:28:59.335999: | Emitting ikev2_proposal ... Sep 21 07:28:59.336001: | ***emit IKEv2 Security Association Payload: Sep 21 07:28:59.336004: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.336006: | flags: none (0x0) Sep 21 07:28:59.336009: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:28:59.336012: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.336015: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.336017: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.336020: | prop #: 1 (0x1) Sep 21 07:28:59.336022: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.336024: | spi size: 0 (0x0) Sep 21 07:28:59.336027: | # transforms: 3 (0x3) Sep 21 07:28:59.336030: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.336032: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.336035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.336037: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.336040: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.336043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.336045: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.336048: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.336050: | length/value: 256 (0x100) Sep 21 07:28:59.336053: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.336055: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.336058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.336060: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.336063: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.336066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.336069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.336071: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.336075: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.336078: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.336080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.336083: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.336086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.336088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.336091: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.336094: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:28:59.336096: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.336099: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:28:59.336102: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:28:59.336105: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:28:59.336107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.336110: | flags: none (0x0) Sep 21 07:28:59.336112: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.336115: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:28:59.336118: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.336121: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:28:59.336124: | ikev2 g^x 54 a1 7f 93 c1 5f d9 df 67 39 af 9d 39 4f 19 0b Sep 21 07:28:59.336126: | ikev2 g^x 4c ee 50 74 5a 30 1e f0 6e 00 35 79 3c 09 8c a7 Sep 21 07:28:59.336129: | ikev2 g^x 7d 3a 9e d6 1f b6 1f 46 ea 25 4f e8 54 91 3a 04 Sep 21 07:28:59.336131: | ikev2 g^x 5f 5b 6b 6f 9f a9 48 4e 04 46 6a 3b 36 e5 29 2d Sep 21 07:28:59.336133: | ikev2 g^x b5 db f3 4d 0a c6 b5 0e 03 b2 e5 34 11 1d 37 51 Sep 21 07:28:59.336136: | ikev2 g^x fe 14 95 5b 01 1c 3c dc 26 47 86 35 d2 99 06 3e Sep 21 07:28:59.336138: | ikev2 g^x 4c 8c 00 f2 82 cb af 0f 18 5d 45 a8 64 4b ec 23 Sep 21 07:28:59.336140: | ikev2 g^x 7c 7c fe 7d da bc 1f 90 47 be df 48 df 28 d1 ee Sep 21 07:28:59.336143: | ikev2 g^x e1 11 a6 e8 5e c5 d0 e5 85 2c 11 82 a4 c6 72 14 Sep 21 07:28:59.336145: | ikev2 g^x 20 66 73 4f 0e 66 f2 c1 26 c7 5e d6 69 ef bf be Sep 21 07:28:59.336147: | ikev2 g^x 01 3b 7d a3 4e f3 58 7f 13 1a 23 0e a0 88 f4 ae Sep 21 07:28:59.336150: | ikev2 g^x 09 94 a6 b3 d1 d7 44 79 ee 45 fa 00 23 30 93 5c Sep 21 07:28:59.336152: | ikev2 g^x 50 4b 7b db 9d 57 4c b1 cf ce a7 60 cb 53 06 2c Sep 21 07:28:59.336154: | ikev2 g^x f0 73 63 df e3 e9 1c be 44 b0 85 fb 30 1e 20 31 Sep 21 07:28:59.336157: | ikev2 g^x e9 2e 6d f5 f2 35 67 e4 c4 00 40 00 d8 be 3d a6 Sep 21 07:28:59.336159: | ikev2 g^x bb f5 9b e9 b7 b8 d3 7b 7e b9 8d 88 6c b3 43 b9 Sep 21 07:28:59.336162: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:28:59.336164: | ***emit IKEv2 Nonce Payload: Sep 21 07:28:59.336167: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.336169: | flags: none (0x0) Sep 21 07:28:59.336172: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:28:59.336175: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:28:59.336178: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.336181: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:28:59.336183: | IKEv2 nonce 2d 41 ce db a9 e9 2c 74 4a 49 0d c3 18 c1 88 a9 Sep 21 07:28:59.336187: | IKEv2 nonce 3a aa e3 ef ec 3f 01 1f c9 f0 dc 41 4b 57 78 d1 Sep 21 07:28:59.336189: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:28:59.336192: | Adding a v2N Payload Sep 21 07:28:59.336194: | ***emit IKEv2 Notify Payload: Sep 21 07:28:59.336196: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.336199: | flags: none (0x0) Sep 21 07:28:59.336201: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.336204: | SPI size: 0 (0x0) Sep 21 07:28:59.336206: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:28:59.336209: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:59.336212: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.336215: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:28:59.336217: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:28:59.336226: | natd_hash: hasher=0x555bbc5797a0(20) Sep 21 07:28:59.336229: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.336231: | natd_hash: rcookie= e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.336234: | natd_hash: ip= c0 01 02 17 Sep 21 07:28:59.336236: | natd_hash: port= 01 f4 Sep 21 07:28:59.336238: | natd_hash: hash= 48 79 55 0e d0 38 aa 7c d2 25 39 81 00 56 f9 2c Sep 21 07:28:59.336241: | natd_hash: hash= cb df b3 09 Sep 21 07:28:59.336243: | Adding a v2N Payload Sep 21 07:28:59.336245: | ***emit IKEv2 Notify Payload: Sep 21 07:28:59.336248: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.336250: | flags: none (0x0) Sep 21 07:28:59.336253: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.336255: | SPI size: 0 (0x0) Sep 21 07:28:59.336257: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:28:59.336260: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:59.336263: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.336266: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:28:59.336268: | Notify data 48 79 55 0e d0 38 aa 7c d2 25 39 81 00 56 f9 2c Sep 21 07:28:59.336270: | Notify data cb df b3 09 Sep 21 07:28:59.336273: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:28:59.336278: | natd_hash: hasher=0x555bbc5797a0(20) Sep 21 07:28:59.336281: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.336283: | natd_hash: rcookie= e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.336286: | natd_hash: ip= c0 01 02 2d Sep 21 07:28:59.336288: | natd_hash: port= 01 f4 Sep 21 07:28:59.336290: | natd_hash: hash= b2 79 0b b6 49 e5 c8 db ed 91 59 29 ce bb 4f 0f Sep 21 07:28:59.336293: | natd_hash: hash= ff b4 c6 fc Sep 21 07:28:59.336295: | Adding a v2N Payload Sep 21 07:28:59.336297: | ***emit IKEv2 Notify Payload: Sep 21 07:28:59.336299: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.336302: | flags: none (0x0) Sep 21 07:28:59.336304: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.336306: | SPI size: 0 (0x0) Sep 21 07:28:59.336309: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:28:59.336312: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:59.336315: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.336317: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:28:59.336320: | Notify data b2 79 0b b6 49 e5 c8 db ed 91 59 29 ce bb 4f 0f Sep 21 07:28:59.336322: | Notify data ff b4 c6 fc Sep 21 07:28:59.336324: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:28:59.336327: | emitting length of ISAKMP Message: 432 Sep 21 07:28:59.336333: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.336339: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:28:59.336342: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:28:59.336345: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:28:59.336348: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:28:59.336353: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:28:59.336358: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:28:59.336362: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:28:59.336367: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:28:59.336376: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:28:59.336378: | 41 75 14 23 59 b1 14 ea e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.336381: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:28:59.336383: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:28:59.336385: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:28:59.336388: | 04 00 00 0e 28 00 01 08 00 0e 00 00 54 a1 7f 93 Sep 21 07:28:59.336390: | c1 5f d9 df 67 39 af 9d 39 4f 19 0b 4c ee 50 74 Sep 21 07:28:59.336392: | 5a 30 1e f0 6e 00 35 79 3c 09 8c a7 7d 3a 9e d6 Sep 21 07:28:59.336394: | 1f b6 1f 46 ea 25 4f e8 54 91 3a 04 5f 5b 6b 6f Sep 21 07:28:59.336397: | 9f a9 48 4e 04 46 6a 3b 36 e5 29 2d b5 db f3 4d Sep 21 07:28:59.336399: | 0a c6 b5 0e 03 b2 e5 34 11 1d 37 51 fe 14 95 5b Sep 21 07:28:59.336401: | 01 1c 3c dc 26 47 86 35 d2 99 06 3e 4c 8c 00 f2 Sep 21 07:28:59.336404: | 82 cb af 0f 18 5d 45 a8 64 4b ec 23 7c 7c fe 7d Sep 21 07:28:59.336406: | da bc 1f 90 47 be df 48 df 28 d1 ee e1 11 a6 e8 Sep 21 07:28:59.336408: | 5e c5 d0 e5 85 2c 11 82 a4 c6 72 14 20 66 73 4f Sep 21 07:28:59.336411: | 0e 66 f2 c1 26 c7 5e d6 69 ef bf be 01 3b 7d a3 Sep 21 07:28:59.336413: | 4e f3 58 7f 13 1a 23 0e a0 88 f4 ae 09 94 a6 b3 Sep 21 07:28:59.336415: | d1 d7 44 79 ee 45 fa 00 23 30 93 5c 50 4b 7b db Sep 21 07:28:59.336418: | 9d 57 4c b1 cf ce a7 60 cb 53 06 2c f0 73 63 df Sep 21 07:28:59.336420: | e3 e9 1c be 44 b0 85 fb 30 1e 20 31 e9 2e 6d f5 Sep 21 07:28:59.336422: | f2 35 67 e4 c4 00 40 00 d8 be 3d a6 bb f5 9b e9 Sep 21 07:28:59.336425: | b7 b8 d3 7b 7e b9 8d 88 6c b3 43 b9 29 00 00 24 Sep 21 07:28:59.336427: | 2d 41 ce db a9 e9 2c 74 4a 49 0d c3 18 c1 88 a9 Sep 21 07:28:59.336429: | 3a aa e3 ef ec 3f 01 1f c9 f0 dc 41 4b 57 78 d1 Sep 21 07:28:59.336431: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:28:59.336434: | 48 79 55 0e d0 38 aa 7c d2 25 39 81 00 56 f9 2c Sep 21 07:28:59.336436: | cb df b3 09 00 00 00 1c 00 00 40 05 b2 79 0b b6 Sep 21 07:28:59.336438: | 49 e5 c8 db ed 91 59 29 ce bb 4f 0f ff b4 c6 fc Sep 21 07:28:59.336472: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:28:59.336477: | libevent_free: release ptr-libevent@0x555bbe10f4e0 Sep 21 07:28:59.336479: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555bbe10d2a0 Sep 21 07:28:59.336482: | event_schedule: new EVENT_SO_DISCARD-pe@0x555bbe10d2a0 Sep 21 07:28:59.336486: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:28:59.336489: | libevent_malloc: new ptr-libevent@0x555bbe10f4e0 size 128 Sep 21 07:28:59.336492: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:28:59.336497: | #1 spent 0.546 milliseconds in resume sending helper answer Sep 21 07:28:59.336502: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:28:59.336506: | libevent_free: release ptr-libevent@0x7f25f8006900 Sep 21 07:28:59.339956: | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:28:59.339978: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:28:59.339981: | 41 75 14 23 59 b1 14 ea e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.339984: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:28:59.339986: | d6 b4 58 3a 33 42 7b 6b 37 4d 35 2b 90 34 b8 35 Sep 21 07:28:59.339988: | 55 e0 5e 34 7d c7 57 53 7f 7a d4 f4 5b fa 50 5b Sep 21 07:28:59.339991: | c6 ef 00 be c2 ed a1 3d ff 4f f7 c3 63 3e 21 4f Sep 21 07:28:59.339993: | 0d 26 ef 02 21 6c 08 2f d6 2f 5c 90 db d1 2b 88 Sep 21 07:28:59.339995: | 47 8d 32 a4 bd 01 90 e0 cd 5c 16 db 6e 44 7a af Sep 21 07:28:59.339998: | 22 da 30 dc a0 61 1c eb 16 49 d7 a1 07 a6 5a 39 Sep 21 07:28:59.340000: | 04 34 57 1d 3a 4c d8 82 0e 13 f5 52 f8 73 39 29 Sep 21 07:28:59.340002: | 36 d3 5f 79 ad f6 68 65 93 86 62 59 b1 72 1d 9f Sep 21 07:28:59.340005: | ea f2 09 af 34 9d ae e9 df 3f b6 12 d0 46 1a bd Sep 21 07:28:59.340007: | 22 f0 2e 81 86 99 27 f9 01 18 61 e5 1a b4 87 92 Sep 21 07:28:59.340009: | 09 ab 37 71 f6 7f 50 43 e7 70 31 79 33 58 00 d4 Sep 21 07:28:59.340012: | 28 6c 83 2b c7 41 9e ac cb 23 4d a4 2a 81 cf f7 Sep 21 07:28:59.340014: | 9a 11 c3 4b 2a b7 b0 d6 77 e1 d1 5c cb 49 21 3b Sep 21 07:28:59.340016: | fd d3 37 48 05 71 b9 71 75 00 93 b8 dd 3a 71 78 Sep 21 07:28:59.340019: | bf 28 e8 28 0e 0b 7d e3 bb 40 78 ab a5 85 cd 44 Sep 21 07:28:59.340021: | 6d 30 22 3b 61 64 2d 11 8a 22 4f 76 96 9d 96 db Sep 21 07:28:59.340023: | e3 61 c0 93 bb 56 75 6c 36 13 a2 2e 54 74 c8 0e Sep 21 07:28:59.340025: | 87 b0 c3 c4 6d dc 5b 71 0c 20 14 eb d6 b3 d8 4c Sep 21 07:28:59.340028: | 1c 98 a5 b8 02 55 95 26 9a 8b c0 10 68 56 24 82 Sep 21 07:28:59.340030: | b6 3a f1 ce 58 c5 ee 81 b9 26 97 55 45 61 2f 9d Sep 21 07:28:59.340033: | 4d 90 1e 73 96 7e 77 2a 39 e6 3a c6 39 Sep 21 07:28:59.340037: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:28:59.340041: | **parse ISAKMP Message: Sep 21 07:28:59.340043: | initiator cookie: Sep 21 07:28:59.340046: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.340048: | responder cookie: Sep 21 07:28:59.340050: | e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.340053: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:28:59.340056: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.340058: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:28:59.340061: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:28:59.340064: | Message ID: 1 (0x1) Sep 21 07:28:59.340066: | length: 365 (0x16d) Sep 21 07:28:59.340069: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:28:59.340072: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:28:59.340076: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:28:59.340082: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:28:59.340085: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:28:59.340090: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:28:59.340093: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:28:59.340097: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:28:59.340100: | unpacking clear payload Sep 21 07:28:59.340102: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:28:59.340105: | ***parse IKEv2 Encryption Payload: Sep 21 07:28:59.340108: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:28:59.340112: | flags: none (0x0) Sep 21 07:28:59.340115: | length: 337 (0x151) Sep 21 07:28:59.340117: | processing payload: ISAKMP_NEXT_v2SK (len=333) Sep 21 07:28:59.340122: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:28:59.340125: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:28:59.340128: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:28:59.340130: | Now let's proceed with state specific processing Sep 21 07:28:59.340132: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:28:59.340136: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:28:59.340139: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:28:59.340143: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:28:59.340146: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:28:59.340149: | libevent_free: release ptr-libevent@0x555bbe10f4e0 Sep 21 07:28:59.340152: | free_event_entry: release EVENT_SO_DISCARD-pe@0x555bbe10d2a0 Sep 21 07:28:59.340155: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555bbe10d2a0 Sep 21 07:28:59.340158: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:28:59.340161: | libevent_malloc: new ptr-libevent@0x555bbe10f4e0 size 128 Sep 21 07:28:59.340170: | #1 spent 0.0328 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:28:59.340175: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.340179: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:28:59.340181: | suspending state #1 and saving MD Sep 21 07:28:59.340183: | #1 is busy; has a suspended MD Sep 21 07:28:59.340188: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:28:59.340191: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:28:59.340196: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:28:59.340200: | #1 spent 0.232 milliseconds in ikev2_process_packet() Sep 21 07:28:59.340204: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:28:59.340207: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:28:59.340210: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:28:59.340214: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:28:59.340224: | crypto helper 1 resuming Sep 21 07:28:59.340228: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:28:59.340232: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:28:59.341181: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:28:59.341610: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001378 seconds Sep 21 07:28:59.341617: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:28:59.341620: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:28:59.341622: | scheduling resume sending helper answer for #1 Sep 21 07:28:59.341625: | libevent_malloc: new ptr-libevent@0x7f25f0006b90 size 128 Sep 21 07:28:59.341633: | crypto helper 1 waiting (nothing to do) Sep 21 07:28:59.341641: | processing resume sending helper answer for #1 Sep 21 07:28:59.341647: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:28:59.341653: | crypto helper 1 replies to request ID 2 Sep 21 07:28:59.341655: | calling continuation function 0x555bbc4a3630 Sep 21 07:28:59.341658: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:28:59.341661: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:28:59.341671: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:28:59.341674: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:28:59.341677: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:28:59.341679: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:28:59.341682: | flags: none (0x0) Sep 21 07:28:59.341684: | length: 12 (0xc) Sep 21 07:28:59.341687: | ID type: ID_FQDN (0x2) Sep 21 07:28:59.341689: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:28:59.341692: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:28:59.341694: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:28:59.341697: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:28:59.341699: | flags: none (0x0) Sep 21 07:28:59.341702: | length: 12 (0xc) Sep 21 07:28:59.341704: | ID type: ID_FQDN (0x2) Sep 21 07:28:59.341706: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:28:59.341709: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:28:59.341711: | **parse IKEv2 Authentication Payload: Sep 21 07:28:59.341714: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:59.341716: | flags: none (0x0) Sep 21 07:28:59.341719: | length: 72 (0x48) Sep 21 07:28:59.341721: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:28:59.341724: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:28:59.341726: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:28:59.341729: | **parse IKEv2 Security Association Payload: Sep 21 07:28:59.341731: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:28:59.341734: | flags: none (0x0) Sep 21 07:28:59.341736: | length: 164 (0xa4) Sep 21 07:28:59.341738: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:28:59.341741: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:28:59.341743: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:28:59.341746: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:28:59.341748: | flags: none (0x0) Sep 21 07:28:59.341750: | length: 24 (0x18) Sep 21 07:28:59.341753: | number of TS: 1 (0x1) Sep 21 07:28:59.341755: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:28:59.341758: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:28:59.341760: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:28:59.341763: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.341765: | flags: none (0x0) Sep 21 07:28:59.341767: | length: 24 (0x18) Sep 21 07:28:59.341770: | number of TS: 1 (0x1) Sep 21 07:28:59.341772: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:28:59.341775: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:28:59.341777: | Now let's proceed with state specific processing Sep 21 07:28:59.341779: | calling processor Responder: process IKE_AUTH request Sep 21 07:28:59.341788: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:28:59.341797: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:28:59.341801: | received IDr payload - extracting our alleged ID Sep 21 07:28:59.341804: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:59.341808: | match_id a=@west Sep 21 07:28:59.341811: | b=@west Sep 21 07:28:59.341813: | results matched Sep 21 07:28:59.341817: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:28:59.341820: | Warning: not switching back to template of current instance Sep 21 07:28:59.341826: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:28:59.341829: | This connection's local id is @east (ID_FQDN) Sep 21 07:28:59.341832: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Sep 21 07:28:59.341836: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:59.341839: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:59.341842: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:28:59.341846: | 1: compared key @west to @east / @west -> 004 Sep 21 07:28:59.341849: | 2: compared key @east to @east / @west -> 014 Sep 21 07:28:59.341852: | line 1: match=014 Sep 21 07:28:59.341855: | match 014 beats previous best_match 000 match=0x555bbe0ff2f0 (line=1) Sep 21 07:28:59.341858: | concluding with best_match=014 best=0x555bbe0ff2f0 (lineno=1) Sep 21 07:28:59.341860: | returning because exact peer id match Sep 21 07:28:59.341863: | offered CA: '%none' Sep 21 07:28:59.341866: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Sep 21 07:28:59.341883: | verifying AUTH payload Sep 21 07:28:59.341887: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Sep 21 07:28:59.341890: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:59.341893: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:59.341895: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:28:59.341899: | 1: compared key @west to @east / @west -> 004 Sep 21 07:28:59.341902: | 2: compared key @east to @east / @west -> 014 Sep 21 07:28:59.341904: | line 1: match=014 Sep 21 07:28:59.341907: | match 014 beats previous best_match 000 match=0x555bbe0ff2f0 (line=1) Sep 21 07:28:59.341910: | concluding with best_match=014 best=0x555bbe0ff2f0 (lineno=1) Sep 21 07:28:59.341969: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Sep 21 07:28:59.341974: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:28:59.341979: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:28:59.341981: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:28:59.341985: | libevent_free: release ptr-libevent@0x555bbe10f4e0 Sep 21 07:28:59.341987: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555bbe10d2a0 Sep 21 07:28:59.341990: | event_schedule: new EVENT_SA_REKEY-pe@0x555bbe10d2a0 Sep 21 07:28:59.341993: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:28:59.341996: | libevent_malloc: new ptr-libevent@0x555bbe10f4e0 size 128 Sep 21 07:28:59.342086: | pstats #1 ikev2.ike established Sep 21 07:28:59.342092: | **emit ISAKMP Message: Sep 21 07:28:59.342095: | initiator cookie: Sep 21 07:28:59.342098: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.342100: | responder cookie: Sep 21 07:28:59.342102: | e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.342105: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:28:59.342107: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.342110: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:28:59.342112: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:28:59.342115: | Message ID: 1 (0x1) Sep 21 07:28:59.342118: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:28:59.342120: | IKEv2 CERT: send a certificate? Sep 21 07:28:59.342124: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:28:59.342126: | ***emit IKEv2 Encryption Payload: Sep 21 07:28:59.342129: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.342131: | flags: none (0x0) Sep 21 07:28:59.342134: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:28:59.342137: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.342142: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:28:59.342150: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:28:59.342162: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:28:59.342165: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.342168: | flags: none (0x0) Sep 21 07:28:59.342170: | ID type: ID_FQDN (0x2) Sep 21 07:28:59.342173: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:28:59.342176: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.342179: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:28:59.342181: | my identity 65 61 73 74 Sep 21 07:28:59.342184: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:28:59.342191: | assembled IDr payload Sep 21 07:28:59.342194: | CHILD SA proposals received Sep 21 07:28:59.342196: | going to assemble AUTH payload Sep 21 07:28:59.342198: | ****emit IKEv2 Authentication Payload: Sep 21 07:28:59.342201: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:59.342203: | flags: none (0x0) Sep 21 07:28:59.342206: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:28:59.342209: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:28:59.342212: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:28:59.342215: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.342218: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Sep 21 07:28:59.342221: | started looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:59.342224: | actually looking for secret for @east->@west of kind PKK_PSK Sep 21 07:28:59.342227: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:28:59.342231: | 1: compared key @west to @east / @west -> 004 Sep 21 07:28:59.342234: | 2: compared key @east to @east / @west -> 014 Sep 21 07:28:59.342236: | line 1: match=014 Sep 21 07:28:59.342239: | match 014 beats previous best_match 000 match=0x555bbe0ff2f0 (line=1) Sep 21 07:28:59.342241: | concluding with best_match=014 best=0x555bbe0ff2f0 (lineno=1) Sep 21 07:28:59.342295: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:28:59.342298: | PSK auth 0e 02 e9 71 fa 85 86 92 99 de 23 a3 16 a8 2f 9f Sep 21 07:28:59.342300: | PSK auth 1a 39 40 9f dd 80 62 fd 0f 8d 49 fb 21 5b 44 8a Sep 21 07:28:59.342303: | PSK auth 64 20 eb 79 4f 2a 09 5f 0a aa 43 89 61 2b 10 24 Sep 21 07:28:59.342305: | PSK auth f6 59 35 67 4c 16 27 4c 36 a0 e9 22 8f 69 9c 17 Sep 21 07:28:59.342308: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:28:59.342314: | creating state object #2 at 0x555bbe110870 Sep 21 07:28:59.342316: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:28:59.342320: | pstats #2 ikev2.child started Sep 21 07:28:59.342323: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:28:59.342328: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:28:59.342334: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:28:59.342339: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:28:59.342343: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:28:59.342348: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:28:59.342351: | TSi: parsing 1 traffic selectors Sep 21 07:28:59.342354: | ***parse IKEv2 Traffic Selector: Sep 21 07:28:59.342356: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.342359: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.342361: | length: 16 (0x10) Sep 21 07:28:59.342363: | start port: 0 (0x0) Sep 21 07:28:59.342366: | end port: 65535 (0xffff) Sep 21 07:28:59.342369: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:28:59.342371: | TS low c0 00 01 00 Sep 21 07:28:59.342374: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:28:59.342376: | TS high c0 00 01 ff Sep 21 07:28:59.342378: | TSi: parsed 1 traffic selectors Sep 21 07:28:59.342381: | TSr: parsing 1 traffic selectors Sep 21 07:28:59.342383: | ***parse IKEv2 Traffic Selector: Sep 21 07:28:59.342385: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.342388: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.342390: | length: 16 (0x10) Sep 21 07:28:59.342392: | start port: 0 (0x0) Sep 21 07:28:59.342395: | end port: 65535 (0xffff) Sep 21 07:28:59.342397: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:28:59.342400: | TS low c0 00 02 00 Sep 21 07:28:59.342402: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:28:59.342404: | TS high c0 00 02 ff Sep 21 07:28:59.342407: | TSr: parsed 1 traffic selectors Sep 21 07:28:59.342409: | looking for best SPD in current connection Sep 21 07:28:59.342415: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:28:59.342421: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:59.342427: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:28:59.342430: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:28:59.342433: | TSi[0] port match: YES fitness 65536 Sep 21 07:28:59.342436: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:28:59.342439: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:59.342443: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:59.342449: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:28:59.342452: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:28:59.342454: | TSr[0] port match: YES fitness 65536 Sep 21 07:28:59.342457: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:28:59.342460: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:59.342463: | best fit so far: TSi[0] TSr[0] Sep 21 07:28:59.342465: | found better spd route for TSi[0],TSr[0] Sep 21 07:28:59.342467: | looking for better host pair Sep 21 07:28:59.342473: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:28:59.342478: | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found Sep 21 07:28:59.342480: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Sep 21 07:28:59.342483: | match_id a=@west Sep 21 07:28:59.342485: | b=@west Sep 21 07:28:59.342488: | results matched Sep 21 07:28:59.342493: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:28:59.342497: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:59.342503: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:28:59.342506: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:28:59.342508: | TSi[0] port match: YES fitness 65536 Sep 21 07:28:59.342511: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:28:59.342516: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:59.342520: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:59.342526: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:28:59.342529: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:28:59.342531: | TSr[0] port match: YES fitness 65536 Sep 21 07:28:59.342534: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:28:59.342537: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:59.342539: | best fit so far: TSi[0] TSr[0] Sep 21 07:28:59.342542: | did not find a better connection using host pair Sep 21 07:28:59.342544: | printing contents struct traffic_selector Sep 21 07:28:59.342547: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:28:59.342549: | ipprotoid: 0 Sep 21 07:28:59.342551: | port range: 0-65535 Sep 21 07:28:59.342555: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:28:59.342557: | printing contents struct traffic_selector Sep 21 07:28:59.342560: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:28:59.342562: | ipprotoid: 0 Sep 21 07:28:59.342564: | port range: 0-65535 Sep 21 07:28:59.342568: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:28:59.342572: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:28:59.342577: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:28:59.342583: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:28:59.342586: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:28:59.342590: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:28:59.342593: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:28:59.342597: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.342600: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:28:59.342604: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.342612: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.342616: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:28:59.342619: | local proposal 1 type ENCR has 1 transforms Sep 21 07:28:59.342621: | local proposal 1 type PRF has 0 transforms Sep 21 07:28:59.342624: | local proposal 1 type INTEG has 1 transforms Sep 21 07:28:59.342626: | local proposal 1 type DH has 1 transforms Sep 21 07:28:59.342629: | local proposal 1 type ESN has 1 transforms Sep 21 07:28:59.342632: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:28:59.342634: | local proposal 2 type ENCR has 1 transforms Sep 21 07:28:59.342637: | local proposal 2 type PRF has 0 transforms Sep 21 07:28:59.342639: | local proposal 2 type INTEG has 1 transforms Sep 21 07:28:59.342641: | local proposal 2 type DH has 1 transforms Sep 21 07:28:59.342644: | local proposal 2 type ESN has 1 transforms Sep 21 07:28:59.342647: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:28:59.342649: | local proposal 3 type ENCR has 1 transforms Sep 21 07:28:59.342652: | local proposal 3 type PRF has 0 transforms Sep 21 07:28:59.342654: | local proposal 3 type INTEG has 2 transforms Sep 21 07:28:59.342657: | local proposal 3 type DH has 1 transforms Sep 21 07:28:59.342661: | local proposal 3 type ESN has 1 transforms Sep 21 07:28:59.342664: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:28:59.342666: | local proposal 4 type ENCR has 1 transforms Sep 21 07:28:59.342669: | local proposal 4 type PRF has 0 transforms Sep 21 07:28:59.342671: | local proposal 4 type INTEG has 2 transforms Sep 21 07:28:59.342673: | local proposal 4 type DH has 1 transforms Sep 21 07:28:59.342676: | local proposal 4 type ESN has 1 transforms Sep 21 07:28:59.342679: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:28:59.342681: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.342684: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.342687: | length: 32 (0x20) Sep 21 07:28:59.342689: | prop #: 1 (0x1) Sep 21 07:28:59.342692: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.342694: | spi size: 4 (0x4) Sep 21 07:28:59.342696: | # transforms: 2 (0x2) Sep 21 07:28:59.342699: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:59.342702: | remote SPI 5e 01 09 7a Sep 21 07:28:59.342705: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:28:59.342708: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342710: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342713: | length: 12 (0xc) Sep 21 07:28:59.342715: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.342718: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.342720: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.342723: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.342726: | length/value: 256 (0x100) Sep 21 07:28:59.342730: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:28:59.342733: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342735: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.342737: | length: 8 (0x8) Sep 21 07:28:59.342740: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.342742: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.342746: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:28:59.342749: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:28:59.342752: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:28:59.342755: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:28:59.342758: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:28:59.342762: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:28:59.342765: | remote proposal 1 matches local proposal 1 Sep 21 07:28:59.342768: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.342770: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.342772: | length: 32 (0x20) Sep 21 07:28:59.342775: | prop #: 2 (0x2) Sep 21 07:28:59.342777: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.342779: | spi size: 4 (0x4) Sep 21 07:28:59.342782: | # transforms: 2 (0x2) Sep 21 07:28:59.342791: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:59.342793: | remote SPI 5e 01 09 7a Sep 21 07:28:59.342796: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:59.342799: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342804: | length: 12 (0xc) Sep 21 07:28:59.342806: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.342808: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.342812: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.342815: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.342817: | length/value: 128 (0x80) Sep 21 07:28:59.342820: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342823: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.342825: | length: 8 (0x8) Sep 21 07:28:59.342827: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.342830: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.342833: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:28:59.342836: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:28:59.342838: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.342841: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.342843: | length: 48 (0x30) Sep 21 07:28:59.342845: | prop #: 3 (0x3) Sep 21 07:28:59.342847: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.342850: | spi size: 4 (0x4) Sep 21 07:28:59.342852: | # transforms: 4 (0x4) Sep 21 07:28:59.342855: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:59.342857: | remote SPI 5e 01 09 7a Sep 21 07:28:59.342860: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:59.342862: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342867: | length: 12 (0xc) Sep 21 07:28:59.342870: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.342872: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.342874: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.342877: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.342879: | length/value: 256 (0x100) Sep 21 07:28:59.342882: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342887: | length: 8 (0x8) Sep 21 07:28:59.342889: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.342892: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.342894: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342899: | length: 8 (0x8) Sep 21 07:28:59.342901: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.342904: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.342907: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342909: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.342911: | length: 8 (0x8) Sep 21 07:28:59.342914: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.342916: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.342920: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:28:59.342922: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:28:59.342925: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.342927: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.342930: | length: 48 (0x30) Sep 21 07:28:59.342932: | prop #: 4 (0x4) Sep 21 07:28:59.342934: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.342936: | spi size: 4 (0x4) Sep 21 07:28:59.342939: | # transforms: 4 (0x4) Sep 21 07:28:59.342942: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:59.342944: | remote SPI 5e 01 09 7a Sep 21 07:28:59.342946: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:28:59.342949: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342954: | length: 12 (0xc) Sep 21 07:28:59.342958: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.342960: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.342963: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.342965: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.342968: | length/value: 128 (0x80) Sep 21 07:28:59.342970: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342975: | length: 8 (0x8) Sep 21 07:28:59.342977: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.342980: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.342983: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.342987: | length: 8 (0x8) Sep 21 07:28:59.342990: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.342992: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.342995: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.342997: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.342999: | length: 8 (0x8) Sep 21 07:28:59.343002: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.343004: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.343008: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:28:59.343010: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:28:59.343015: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=5e01097a;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:28:59.343020: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=5e01097a;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:28:59.343022: | converting proposal to internal trans attrs Sep 21 07:28:59.343040: | netlink_get_spi: allocated 0x844df304 for esp.0@192.1.2.23 Sep 21 07:28:59.343043: | Emitting ikev2_proposal ... Sep 21 07:28:59.343045: | ****emit IKEv2 Security Association Payload: Sep 21 07:28:59.343048: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.343050: | flags: none (0x0) Sep 21 07:28:59.343053: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:28:59.343056: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.343059: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.343062: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.343064: | prop #: 1 (0x1) Sep 21 07:28:59.343066: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.343069: | spi size: 4 (0x4) Sep 21 07:28:59.343071: | # transforms: 2 (0x2) Sep 21 07:28:59.343074: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.343077: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:28:59.343079: | our spi 84 4d f3 04 Sep 21 07:28:59.343082: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.343084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.343086: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.343089: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.343092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.343094: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.343097: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.343099: | length/value: 256 (0x100) Sep 21 07:28:59.343104: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.343107: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.343109: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.343112: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.343114: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.343117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.343120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.343122: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.343125: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:28:59.343128: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.343130: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:28:59.343133: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:28:59.343136: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:28:59.343138: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.343140: | flags: none (0x0) Sep 21 07:28:59.343143: | number of TS: 1 (0x1) Sep 21 07:28:59.343146: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:28:59.343149: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.343151: | *****emit IKEv2 Traffic Selector: Sep 21 07:28:59.343154: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.343156: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.343158: | start port: 0 (0x0) Sep 21 07:28:59.343161: | end port: 65535 (0xffff) Sep 21 07:28:59.343164: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:28:59.343166: | IP start c0 00 01 00 Sep 21 07:28:59.343169: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:28:59.343171: | IP end c0 00 01 ff Sep 21 07:28:59.343174: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:28:59.343176: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:28:59.343179: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:28:59.343181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.343183: | flags: none (0x0) Sep 21 07:28:59.343186: | number of TS: 1 (0x1) Sep 21 07:28:59.343189: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:28:59.343191: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.343194: | *****emit IKEv2 Traffic Selector: Sep 21 07:28:59.343196: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.343199: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.343201: | start port: 0 (0x0) Sep 21 07:28:59.343203: | end port: 65535 (0xffff) Sep 21 07:28:59.343206: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:28:59.343208: | IP start c0 00 02 00 Sep 21 07:28:59.343211: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:28:59.343213: | IP end c0 00 02 ff Sep 21 07:28:59.343215: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:28:59.343218: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:28:59.343220: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:28:59.343223: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:28:59.343377: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:28:59.343384: | #1 spent 1.59 milliseconds Sep 21 07:28:59.343387: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:28:59.343390: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:28:59.343392: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:28:59.343395: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:28:59.343398: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:28:59.343404: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:28:59.343407: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:28:59.343411: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:28:59.343414: | AES_GCM_16 requires 4 salt bytes Sep 21 07:28:59.343416: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:28:59.343420: | setting IPsec SA replay-window to 32 Sep 21 07:28:59.343423: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:28:59.343426: | netlink: enabling tunnel mode Sep 21 07:28:59.343429: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:28:59.343431: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:28:59.343645: | netlink response for Add SA esp.5e01097a@192.1.2.45 included non-error error Sep 21 07:28:59.343652: | set up outgoing SA, ref=0/0 Sep 21 07:28:59.343656: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:28:59.343659: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:28:59.343661: | AES_GCM_16 requires 4 salt bytes Sep 21 07:28:59.343664: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:28:59.343668: | setting IPsec SA replay-window to 32 Sep 21 07:28:59.343671: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:28:59.343674: | netlink: enabling tunnel mode Sep 21 07:28:59.343676: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:28:59.343679: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:28:59.343853: | netlink response for Add SA esp.844df304@192.1.2.23 included non-error error Sep 21 07:28:59.343862: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:28:59.343870: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:28:59.343874: | IPsec Sa SPD priority set to 1042407 Sep 21 07:28:59.344126: | raw_eroute result=success Sep 21 07:28:59.344132: | set up incoming SA, ref=0/0 Sep 21 07:28:59.344135: | sr for #2: unrouted Sep 21 07:28:59.344138: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:28:59.344141: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:28:59.344144: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:28:59.344147: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:28:59.344151: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:28:59.344154: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:28:59.344158: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:28:59.344166: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Sep 21 07:28:59.344169: | IPsec Sa SPD priority set to 1042407 Sep 21 07:28:59.344290: | raw_eroute result=success Sep 21 07:28:59.344296: | running updown command "ipsec _updown" for verb up Sep 21 07:28:59.344299: | command executing up-client Sep 21 07:28:59.344326: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Sep 21 07:28:59.344332: | popen cmd is 1046 chars long Sep 21 07:28:59.344335: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:28:59.344338: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Sep 21 07:28:59.344341: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Sep 21 07:28:59.344344: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Sep 21 07:28:59.344346: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Sep 21 07:28:59.344349: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Sep 21 07:28:59.344352: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:28:59.344354: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Sep 21 07:28:59.344357: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:28:59.344360: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:28:59.344362: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:28:59.344365: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:28:59.344367: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5e01097a SPI_OUT=0x844df304 ipsec _updow: Sep 21 07:28:59.344370: | cmd(1040):n 2>&1: Sep 21 07:28:59.377511: | route_and_eroute: firewall_notified: true Sep 21 07:28:59.377524: | running updown command "ipsec _updown" for verb prepare Sep 21 07:28:59.377528: | command executing prepare-client Sep 21 07:28:59.377561: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:28:59.377565: | popen cmd is 1051 chars long Sep 21 07:28:59.377568: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:28:59.377571: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Sep 21 07:28:59.377577: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:28:59.377579: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:28:59.377582: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Sep 21 07:28:59.377585: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:28:59.377588: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:28:59.377591: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:28:59.377594: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:28:59.377596: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:28:59.377599: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:28:59.377602: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:28:59.377605: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5e01097a SPI_OUT=0x844df304 ipsec _: Sep 21 07:28:59.377607: | cmd(1040):updown 2>&1: Sep 21 07:28:59.391532: | running updown command "ipsec _updown" for verb route Sep 21 07:28:59.391548: | command executing route-client Sep 21 07:28:59.391579: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:28:59.391583: | popen cmd is 1049 chars long Sep 21 07:28:59.391586: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:28:59.391588: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Sep 21 07:28:59.391591: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Sep 21 07:28:59.391594: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Sep 21 07:28:59.391596: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Sep 21 07:28:59.391599: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:28:59.391601: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:28:59.391604: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:28:59.391606: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:28:59.391609: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:28:59.391611: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:28:59.391614: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:28:59.391617: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5e01097a SPI_OUT=0x844df304 ipsec _up: Sep 21 07:28:59.391622: | cmd(1040):down 2>&1: Sep 21 07:28:59.427818: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x555bbe10ac20,sr=0x555bbe10ac20} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:28:59.428135: | #1 spent 0.975 milliseconds in install_ipsec_sa() Sep 21 07:28:59.428145: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:28:59.428149: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:28:59.428154: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:28:59.428157: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:28:59.428160: | emitting length of IKEv2 Encryption Payload: 197 Sep 21 07:28:59.428163: | emitting length of ISAKMP Message: 225 Sep 21 07:28:59.428183: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:28:59.428189: | #1 spent 2.62 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:28:59.428198: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.428203: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.428208: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:28:59.428212: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:28:59.428216: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:28:59.428219: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:28:59.428225: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:28:59.428230: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:28:59.428234: | pstats #2 ikev2.child established Sep 21 07:28:59.428243: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Sep 21 07:28:59.428247: | NAT-T: encaps is 'auto' Sep 21 07:28:59.428253: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x5e01097a <0x844df304 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:28:59.428259: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:28:59.428265: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:28:59.428268: | 41 75 14 23 59 b1 14 ea e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.428271: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:28:59.428273: | f1 55 d7 8c 5f dc e1 a2 b2 96 62 ca c6 0a 99 b5 Sep 21 07:28:59.428276: | 27 f3 45 6d f0 7f d0 3a 4c ab 75 56 5b b8 91 ef Sep 21 07:28:59.428278: | 67 74 f1 13 84 23 f8 fb e8 23 47 13 44 44 1f a1 Sep 21 07:28:59.428281: | c9 f9 86 a5 34 e6 0f 5c b4 c0 11 a1 0d fc f1 56 Sep 21 07:28:59.428283: | 14 22 fc 62 66 a9 b1 85 86 c4 52 77 23 79 fd 42 Sep 21 07:28:59.428286: | 33 7a 9e df b4 7d ec 0e f7 52 50 fb fd 9d 90 38 Sep 21 07:28:59.428288: | eb 41 03 d5 33 45 1b c0 43 4c e4 96 ec 68 5d c3 Sep 21 07:28:59.428291: | da da 51 fa 2a 10 c5 e9 13 08 c1 f3 30 5e 8e 8c Sep 21 07:28:59.428293: | 7a da 87 ca eb a5 1a c1 df 91 73 b3 b8 e9 4d 51 Sep 21 07:28:59.428296: | d9 41 a0 98 15 ba cd a9 73 17 94 b9 35 99 e0 67 Sep 21 07:28:59.428299: | ad 28 b1 26 d8 26 0a 89 b1 5d 66 5d 2b 71 38 a5 Sep 21 07:28:59.428301: | 14 23 ed 58 b1 57 25 af 36 d4 14 07 c1 fe 3c 91 Sep 21 07:28:59.428307: | 59 Sep 21 07:28:59.428349: | releasing whack for #2 (sock=fd@-1) Sep 21 07:28:59.428354: | releasing whack and unpending for parent #1 Sep 21 07:28:59.428358: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:59.428362: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:28:59.428366: | event_schedule: new EVENT_SA_REKEY-pe@0x7f25f8002b20 Sep 21 07:28:59.428370: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:28:59.428373: | libevent_malloc: new ptr-libevent@0x555bbe114300 size 128 Sep 21 07:28:59.428380: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:28:59.428385: | #1 spent 2.93 milliseconds in resume sending helper answer Sep 21 07:28:59.428390: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:28:59.428395: | libevent_free: release ptr-libevent@0x7f25f0006b90 Sep 21 07:28:59.428406: | processing signal PLUTO_SIGCHLD Sep 21 07:28:59.428411: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:59.428415: | spent 0.00489 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:59.428417: | processing signal PLUTO_SIGCHLD Sep 21 07:28:59.428421: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:59.428424: | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:59.428427: | processing signal PLUTO_SIGCHLD Sep 21 07:28:59.428431: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:59.428434: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD [New LWP 16045] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf'. Program terminated with signal SIGABRT, Aborted. #0 0x00007fee8faa4e75 in raise () from /lib64/libc.so.6 #0 0x00007fee8faa4e75 in raise () from /lib64/libc.so.6 Backtrace stopped: Cannot access memory at address 0x7ffe8ac564e8 [New LWP 16412] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f2b3bc2ee75 in raise () from /lib64/libc.so.6 #0 0x00007f2b3bc2ee75 in raise () from /lib64/libc.so.6 #1 0x00007f2b3bc19895 in abort () from /lib64/libc.so.6 #2 0x000055632d550ecb in lswlog_passert_suffix (buf=buf@entry=0x7ffe80c37340, where=...) at /home/build/libreswan/lib/libswan/lswlog_passert.c:32 #3 0x000055632d5422e8 in lsw_passert_fail (where=..., fmt=fmt@entry=0x55632d59f624 "%s") at /home/build/libreswan/lib/libswan/lsw_passert_fail.c:31 #4 0x000055632d4de586 in free_signal_handlers () at /home/build/libreswan/programs/pluto/server.c:624 #5 free_pluto_event_list () at /home/build/libreswan/programs/pluto/server.c:671 #6 0x000055632d4db0c9 in exit_pluto (status=10) at /home/build/libreswan/programs/pluto/plutomain.c:1850 #7 0x000055632d4a1907 in create_lock () at /home/build/libreswan/programs/pluto/plutomain.c:272 #8 main (argc=, argv=) at /home/build/libreswan/programs/pluto/plutomain.c:1458