Sep 21 07:28:58.775120: FIPS Product: YES Sep 21 07:28:58.775159: FIPS Kernel: NO Sep 21 07:28:58.775162: FIPS Mode: NO Sep 21 07:28:58.775165: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:28:58.775335: Initializing NSS Sep 21 07:28:58.775339: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:28:58.820400: NSS initialized Sep 21 07:28:58.820415: NSS crypto library initialized Sep 21 07:28:58.820418: FIPS HMAC integrity support [enabled] Sep 21 07:28:58.820420: FIPS mode disabled for pluto daemon Sep 21 07:28:58.907102: FIPS HMAC integrity verification self-test FAILED Sep 21 07:28:58.907213: libcap-ng support [enabled] Sep 21 07:28:58.907225: Linux audit support [enabled] Sep 21 07:28:58.907252: Linux audit activated Sep 21 07:28:58.907261: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13155 Sep 21 07:28:58.907264: core dump dir: /tmp Sep 21 07:28:58.907266: secrets file: /etc/ipsec.secrets Sep 21 07:28:58.907268: leak-detective disabled Sep 21 07:28:58.907270: NSS crypto [enabled] Sep 21 07:28:58.907272: XAUTH PAM support [enabled] Sep 21 07:28:58.907353: | libevent is using pluto's memory allocator Sep 21 07:28:58.907361: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:28:58.907375: | libevent_malloc: new ptr-libevent@0x557ab3226070 size 40 Sep 21 07:28:58.907379: | libevent_malloc: new ptr-libevent@0x557ab32260a0 size 40 Sep 21 07:28:58.907382: | libevent_malloc: new ptr-libevent@0x557ab3227390 size 40 Sep 21 07:28:58.907385: | creating event base Sep 21 07:28:58.907388: | libevent_malloc: new ptr-libevent@0x557ab3227350 size 56 Sep 21 07:28:58.907391: | libevent_malloc: new ptr-libevent@0x557ab32273c0 size 664 Sep 21 07:28:58.907404: | libevent_malloc: new ptr-libevent@0x557ab3227660 size 24 Sep 21 07:28:58.907408: | libevent_malloc: new ptr-libevent@0x557ab3218d90 size 384 Sep 21 07:28:58.907418: | libevent_malloc: new ptr-libevent@0x557ab3227680 size 16 Sep 21 07:28:58.907421: | libevent_malloc: new ptr-libevent@0x557ab32276a0 size 40 Sep 21 07:28:58.907424: | libevent_malloc: new ptr-libevent@0x557ab32276d0 size 48 Sep 21 07:28:58.907431: | libevent_realloc: new ptr-libevent@0x557ab31a9370 size 256 Sep 21 07:28:58.907434: | libevent_malloc: new ptr-libevent@0x557ab3227710 size 16 Sep 21 07:28:58.907440: | libevent_free: release ptr-libevent@0x557ab3227350 Sep 21 07:28:58.907444: | libevent initialized Sep 21 07:28:58.907448: | libevent_realloc: new ptr-libevent@0x557ab3227730 size 64 Sep 21 07:28:58.907451: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:28:58.907470: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:28:58.907473: NAT-Traversal support [enabled] Sep 21 07:28:58.907476: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:28:58.907488: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:28:58.907492: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:28:58.907531: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:28:58.907535: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:28:58.907538: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:28:58.907592: Encryption algorithms: Sep 21 07:28:58.907603: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:28:58.907607: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:28:58.907611: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:28:58.907614: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:28:58.907618: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:28:58.907627: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:28:58.907631: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:28:58.907635: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:28:58.907639: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:28:58.907642: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:28:58.907646: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:28:58.907650: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:28:58.907653: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:28:58.907657: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:28:58.907661: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:28:58.907664: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:28:58.907667: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:28:58.907675: Hash algorithms: Sep 21 07:28:58.907678: MD5 IKEv1: IKE IKEv2: Sep 21 07:28:58.907680: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:28:58.907684: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:28:58.907686: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:28:58.907689: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:28:58.907702: PRF algorithms: Sep 21 07:28:58.907705: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:28:58.907708: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:28:58.907711: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:28:58.907715: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:28:58.907738: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:28:58.907742: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:28:58.907767: Integrity algorithms: Sep 21 07:28:58.907771: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:28:58.907775: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:28:58.907779: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:28:58.907791: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:28:58.907804: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:28:58.907807: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:28:58.907810: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:28:58.907813: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:28:58.907816: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:28:58.907828: DH algorithms: Sep 21 07:28:58.907832: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:28:58.907835: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:28:58.907838: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:28:58.907845: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:28:58.907848: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:28:58.907850: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:28:58.907853: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:28:58.907856: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:28:58.907859: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:28:58.907862: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:28:58.907865: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:28:58.907868: testing CAMELLIA_CBC: Sep 21 07:28:58.907870: Camellia: 16 bytes with 128-bit key Sep 21 07:28:58.908000: Camellia: 16 bytes with 128-bit key Sep 21 07:28:58.908032: Camellia: 16 bytes with 256-bit key Sep 21 07:28:58.908065: Camellia: 16 bytes with 256-bit key Sep 21 07:28:58.908094: testing AES_GCM_16: Sep 21 07:28:58.908098: empty string Sep 21 07:28:58.908128: one block Sep 21 07:28:58.908156: two blocks Sep 21 07:28:58.908184: two blocks with associated data Sep 21 07:28:58.908212: testing AES_CTR: Sep 21 07:28:58.908216: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:28:58.908243: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:28:58.908272: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:28:58.908302: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:28:58.908328: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:28:58.908356: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:28:58.908384: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:28:58.908411: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:28:58.908440: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:28:58.908472: testing AES_CBC: Sep 21 07:28:58.908475: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:28:58.908503: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:28:58.908534: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:28:58.908568: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:28:58.908601: testing AES_XCBC: Sep 21 07:28:58.908605: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:28:58.908728: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:28:58.908887: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:28:58.909027: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:28:58.909165: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:28:58.909303: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:28:58.909441: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:28:58.909744: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:28:58.909891: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:28:58.910040: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:28:58.914606: testing HMAC_MD5: Sep 21 07:28:58.914624: RFC 2104: MD5_HMAC test 1 Sep 21 07:28:58.914973: RFC 2104: MD5_HMAC test 2 Sep 21 07:28:58.915135: RFC 2104: MD5_HMAC test 3 Sep 21 07:28:58.915337: 8 CPU cores online Sep 21 07:28:58.915343: starting up 7 crypto helpers Sep 21 07:28:58.915391: started thread for crypto helper 0 Sep 21 07:28:58.915416: started thread for crypto helper 1 Sep 21 07:28:58.915439: started thread for crypto helper 2 Sep 21 07:28:58.915465: started thread for crypto helper 3 Sep 21 07:28:58.915491: started thread for crypto helper 4 Sep 21 07:28:58.915512: started thread for crypto helper 5 Sep 21 07:28:58.915537: started thread for crypto helper 6 Sep 21 07:28:58.915542: | checking IKEv1 state table Sep 21 07:28:58.915550: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915553: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:28:58.915555: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915558: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:28:58.915561: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:28:58.915563: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:28:58.915565: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:58.915568: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:58.915570: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:28:58.915572: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:28:58.915575: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:58.915577: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:28:58.915579: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:28:58.915582: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:58.915584: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:58.915586: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:28:58.915589: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:28:58.915591: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:58.915593: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:58.915596: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:28:58.915598: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:28:58.915601: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915603: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:28:58.915606: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915608: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915611: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:28:58.915613: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915616: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:28:58.915618: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:28:58.915621: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:28:58.915623: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:28:58.915625: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:28:58.915628: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:28:58.915630: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915633: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:28:58.915635: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915638: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:28:58.915640: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:28:58.915643: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:28:58.915645: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:28:58.915648: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:28:58.915650: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:28:58.915653: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:28:58.915655: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915658: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:28:58.915660: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915663: | INFO: category: informational flags: 0: Sep 21 07:28:58.915665: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915668: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:28:58.915670: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915672: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:28:58.915675: | -> XAUTH_R1 EVENT_NULL Sep 21 07:28:58.915677: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:28:58.915680: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:28:58.915682: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:28:58.915685: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:28:58.915687: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:28:58.915689: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:28:58.915692: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:28:58.915694: | -> UNDEFINED EVENT_NULL Sep 21 07:28:58.915697: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:28:58.915702: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:28:58.915705: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:28:58.915707: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:28:58.915710: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:28:58.915712: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:28:58.915719: | checking IKEv2 state table Sep 21 07:28:58.915725: | PARENT_I0: category: ignore flags: 0: Sep 21 07:28:58.915728: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:28:58.915730: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915733: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:28:58.915736: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:28:58.915739: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:28:58.915742: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:28:58.915744: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:28:58.915747: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:28:58.915749: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:28:58.915752: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:28:58.915755: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:28:58.915757: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:28:58.915760: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:28:58.915762: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:28:58.915765: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:28:58.915767: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915770: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:28:58.915773: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:28:58.915775: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:28:58.915778: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:28:58.915781: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:28:58.915790: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:28:58.915794: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:28:58.915797: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:28:58.915799: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:28:58.915802: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:28:58.915804: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:28:58.915807: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:28:58.915809: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:28:58.915812: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:28:58.915814: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:28:58.915817: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:28:58.915819: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:28:58.915822: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:28:58.915824: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:28:58.915827: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:28:58.915830: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:28:58.915832: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:28:58.915838: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:28:58.915840: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:28:58.915843: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:28:58.915846: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:28:58.915849: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:28:58.915851: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:28:58.915854: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:28:58.915857: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:28:58.915910: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:28:58.915967: | Hard-wiring algorithms Sep 21 07:28:58.915971: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:28:58.915975: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:28:58.915977: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:28:58.915980: | adding 3DES_CBC to kernel algorithm db Sep 21 07:28:58.915983: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:28:58.915985: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:28:58.915987: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:28:58.915989: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:28:58.915992: | adding AES_CTR to kernel algorithm db Sep 21 07:28:58.915994: | adding AES_CBC to kernel algorithm db Sep 21 07:28:58.915996: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:28:58.915999: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:28:58.916001: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:28:58.916004: | adding NULL to kernel algorithm db Sep 21 07:28:58.916006: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:28:58.916009: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:28:58.916011: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:28:58.916013: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:28:58.916016: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:28:58.916018: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:28:58.916021: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:28:58.916023: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:28:58.916026: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:28:58.916028: | adding NONE to kernel algorithm db Sep 21 07:28:58.916051: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:28:58.916058: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:28:58.916061: | setup kernel fd callback Sep 21 07:28:58.916064: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x557ab322ce90 Sep 21 07:28:58.916069: | libevent_malloc: new ptr-libevent@0x557ab3238fb0 size 128 Sep 21 07:28:58.916073: | libevent_malloc: new ptr-libevent@0x557ab322c170 size 16 Sep 21 07:28:58.916080: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x557ab322ce50 Sep 21 07:28:58.916083: | libevent_malloc: new ptr-libevent@0x557ab3239040 size 128 Sep 21 07:28:58.916086: | libevent_malloc: new ptr-libevent@0x557ab322c190 size 16 Sep 21 07:28:58.916318: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:28:58.916330: selinux support is enabled. Sep 21 07:28:58.916416: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:28:58.916593: | unbound context created - setting debug level to 5 Sep 21 07:28:58.916622: | /etc/hosts lookups activated Sep 21 07:28:58.916643: | /etc/resolv.conf usage activated Sep 21 07:28:58.916701: | outgoing-port-avoid set 0-65535 Sep 21 07:28:58.916731: | outgoing-port-permit set 32768-60999 Sep 21 07:28:58.916734: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:28:58.916737: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:28:58.916740: | Setting up events, loop start Sep 21 07:28:58.916744: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x557ab3227350 Sep 21 07:28:58.916750: | libevent_malloc: new ptr-libevent@0x557ab3243530 size 128 Sep 21 07:28:58.916754: | libevent_malloc: new ptr-libevent@0x557ab32435c0 size 16 Sep 21 07:28:58.916762: | libevent_realloc: new ptr-libevent@0x557ab31a76c0 size 256 Sep 21 07:28:58.916765: | libevent_malloc: new ptr-libevent@0x557ab32435e0 size 8 Sep 21 07:28:58.916768: | libevent_realloc: new ptr-libevent@0x557ab32383b0 size 144 Sep 21 07:28:58.916770: | libevent_malloc: new ptr-libevent@0x557ab3243600 size 152 Sep 21 07:28:58.916774: | libevent_malloc: new ptr-libevent@0x557ab32436a0 size 16 Sep 21 07:28:58.916778: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:28:58.916781: | libevent_malloc: new ptr-libevent@0x557ab32436c0 size 8 Sep 21 07:28:58.916798: | libevent_malloc: new ptr-libevent@0x557ab32436e0 size 152 Sep 21 07:28:58.916804: | signal event handler PLUTO_SIGTERM installed Sep 21 07:28:58.916807: | libevent_malloc: new ptr-libevent@0x557ab3243780 size 8 Sep 21 07:28:58.916809: | libevent_malloc: new ptr-libevent@0x557ab32437a0 size 152 Sep 21 07:28:58.916812: | signal event handler PLUTO_SIGHUP installed Sep 21 07:28:58.916815: | libevent_malloc: new ptr-libevent@0x557ab3243840 size 8 Sep 21 07:28:58.916817: | libevent_realloc: release ptr-libevent@0x557ab32383b0 Sep 21 07:28:58.916820: | libevent_realloc: new ptr-libevent@0x557ab3243860 size 256 Sep 21 07:28:58.916822: | libevent_malloc: new ptr-libevent@0x557ab32383b0 size 152 Sep 21 07:28:58.916825: | signal event handler PLUTO_SIGSYS installed Sep 21 07:28:58.917224: | created addconn helper (pid:13293) using fork+execve Sep 21 07:28:58.917238: | forked child 13293 Sep 21 07:28:58.917282: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:58.922566: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:28:58.922589: listening for IKE messages Sep 21 07:28:58.922664: | Inspecting interface lo Sep 21 07:28:58.922673: | found lo with address 127.0.0.1 Sep 21 07:28:58.922677: | Inspecting interface eth0 Sep 21 07:28:58.922682: | found eth0 with address 192.0.1.254 Sep 21 07:28:58.922684: | Inspecting interface eth1 Sep 21 07:28:58.922688: | found eth1 with address 192.1.2.45 Sep 21 07:28:58.922743: Kernel supports NIC esp-hw-offload Sep 21 07:28:58.922764: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:28:58.922801: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:58.922809: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:58.922814: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:28:58.922850: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:28:58.922881: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:58.922887: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:58.922891: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:28:58.922924: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:28:58.922954: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:28:58.922959: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:28:58.922963: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:28:58.923038: | no interfaces to sort Sep 21 07:28:58.923044: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:28:58.923053: | add_fd_read_event_handler: new ethX-pe@0x557ab3243bd0 Sep 21 07:28:58.923058: | libevent_malloc: new ptr-libevent@0x557ab3243c10 size 128 Sep 21 07:28:58.923062: | libevent_malloc: new ptr-libevent@0x557ab3243ca0 size 16 Sep 21 07:28:58.923074: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:28:58.923078: | add_fd_read_event_handler: new ethX-pe@0x557ab3243cc0 Sep 21 07:28:58.923080: | libevent_malloc: new ptr-libevent@0x557ab3243d00 size 128 Sep 21 07:28:58.923083: | libevent_malloc: new ptr-libevent@0x557ab3243d90 size 16 Sep 21 07:28:58.923094: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:28:58.923097: | add_fd_read_event_handler: new ethX-pe@0x557ab3243db0 Sep 21 07:28:58.923100: | libevent_malloc: new ptr-libevent@0x557ab3243df0 size 128 Sep 21 07:28:58.923103: | libevent_malloc: new ptr-libevent@0x557ab3243e80 size 16 Sep 21 07:28:58.923107: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:28:58.923110: | add_fd_read_event_handler: new ethX-pe@0x557ab3243ea0 Sep 21 07:28:58.923113: | libevent_malloc: new ptr-libevent@0x557ab3243ee0 size 128 Sep 21 07:28:58.923115: | libevent_malloc: new ptr-libevent@0x557ab3243f70 size 16 Sep 21 07:28:58.923120: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:28:58.923123: | add_fd_read_event_handler: new ethX-pe@0x557ab3243f90 Sep 21 07:28:58.923126: | libevent_malloc: new ptr-libevent@0x557ab3243fd0 size 128 Sep 21 07:28:58.923128: | libevent_malloc: new ptr-libevent@0x557ab3244060 size 16 Sep 21 07:28:58.923133: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:28:58.923135: | add_fd_read_event_handler: new ethX-pe@0x557ab3244080 Sep 21 07:28:58.923138: | libevent_malloc: new ptr-libevent@0x557ab32440c0 size 128 Sep 21 07:28:58.923140: | libevent_malloc: new ptr-libevent@0x557ab3244150 size 16 Sep 21 07:28:58.923145: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:28:58.923150: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:28:58.923153: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:28:58.923174: loading secrets from "/etc/ipsec.secrets" Sep 21 07:28:58.923195: | id type added to secret(0x557ab3239170) PKK_PSK: @east Sep 21 07:28:58.923200: | id type added to secret(0x557ab3239170) PKK_PSK: @west Sep 21 07:28:58.923204: | Processing PSK at line 1: passed Sep 21 07:28:58.923207: | certs and keys locked by 'process_secret' Sep 21 07:28:58.923212: | certs and keys unlocked by 'process_secret' Sep 21 07:28:58.923217: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:28:58.923903: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:58.923917: | spent 0.651 milliseconds in whack Sep 21 07:28:58.928533: | starting up helper thread 0 Sep 21 07:28:58.928551: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:28:58.928556: | crypto helper 0 waiting (nothing to do) Sep 21 07:28:58.928565: | starting up helper thread 1 Sep 21 07:28:58.928570: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:28:58.928572: | crypto helper 1 waiting (nothing to do) Sep 21 07:28:58.928580: | starting up helper thread 4 Sep 21 07:28:58.928585: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:28:58.928587: | crypto helper 4 waiting (nothing to do) Sep 21 07:28:58.928594: | starting up helper thread 5 Sep 21 07:28:58.928599: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:28:58.928601: | crypto helper 5 waiting (nothing to do) Sep 21 07:28:58.929799: | starting up helper thread 2 Sep 21 07:28:58.929817: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:28:58.929820: | crypto helper 2 waiting (nothing to do) Sep 21 07:28:58.929829: | starting up helper thread 3 Sep 21 07:28:58.929834: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:28:58.929836: | crypto helper 3 waiting (nothing to do) Sep 21 07:28:58.929843: | starting up helper thread 6 Sep 21 07:28:58.929848: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:28:58.929850: | crypto helper 6 waiting (nothing to do) Sep 21 07:28:58.973542: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:58.973570: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:28:58.973576: listening for IKE messages Sep 21 07:28:58.973610: | Inspecting interface lo Sep 21 07:28:58.973621: | found lo with address 127.0.0.1 Sep 21 07:28:58.973625: | Inspecting interface eth0 Sep 21 07:28:58.973629: | found eth0 with address 192.0.1.254 Sep 21 07:28:58.973631: | Inspecting interface eth1 Sep 21 07:28:58.973635: | found eth1 with address 192.1.2.45 Sep 21 07:28:58.973697: | no interfaces to sort Sep 21 07:28:58.973705: | libevent_free: release ptr-libevent@0x557ab3243c10 Sep 21 07:28:58.973709: | free_event_entry: release EVENT_NULL-pe@0x557ab3243bd0 Sep 21 07:28:58.973712: | add_fd_read_event_handler: new ethX-pe@0x557ab3243bd0 Sep 21 07:28:58.973715: | libevent_malloc: new ptr-libevent@0x557ab3243c10 size 128 Sep 21 07:28:58.973722: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:28:58.973726: | libevent_free: release ptr-libevent@0x557ab3243d00 Sep 21 07:28:58.973729: | free_event_entry: release EVENT_NULL-pe@0x557ab3243cc0 Sep 21 07:28:58.973731: | add_fd_read_event_handler: new ethX-pe@0x557ab3243cc0 Sep 21 07:28:58.973734: | libevent_malloc: new ptr-libevent@0x557ab3243d00 size 128 Sep 21 07:28:58.973738: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:28:58.973742: | libevent_free: release ptr-libevent@0x557ab3243df0 Sep 21 07:28:58.973745: | free_event_entry: release EVENT_NULL-pe@0x557ab3243db0 Sep 21 07:28:58.973747: | add_fd_read_event_handler: new ethX-pe@0x557ab3243db0 Sep 21 07:28:58.973750: | libevent_malloc: new ptr-libevent@0x557ab3243df0 size 128 Sep 21 07:28:58.973754: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:28:58.973757: | libevent_free: release ptr-libevent@0x557ab3243ee0 Sep 21 07:28:58.973760: | free_event_entry: release EVENT_NULL-pe@0x557ab3243ea0 Sep 21 07:28:58.973762: | add_fd_read_event_handler: new ethX-pe@0x557ab3243ea0 Sep 21 07:28:58.973765: | libevent_malloc: new ptr-libevent@0x557ab3243ee0 size 128 Sep 21 07:28:58.973769: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:28:58.973773: | libevent_free: release ptr-libevent@0x557ab3243fd0 Sep 21 07:28:58.973775: | free_event_entry: release EVENT_NULL-pe@0x557ab3243f90 Sep 21 07:28:58.973778: | add_fd_read_event_handler: new ethX-pe@0x557ab3243f90 Sep 21 07:28:58.973780: | libevent_malloc: new ptr-libevent@0x557ab3243fd0 size 128 Sep 21 07:28:58.973792: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:28:58.973798: | libevent_free: release ptr-libevent@0x557ab32440c0 Sep 21 07:28:58.973801: | free_event_entry: release EVENT_NULL-pe@0x557ab3244080 Sep 21 07:28:58.973803: | add_fd_read_event_handler: new ethX-pe@0x557ab3244080 Sep 21 07:28:58.973806: | libevent_malloc: new ptr-libevent@0x557ab32440c0 size 128 Sep 21 07:28:58.973810: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:28:58.973813: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:28:58.973815: forgetting secrets Sep 21 07:28:58.973821: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:28:58.973834: loading secrets from "/etc/ipsec.secrets" Sep 21 07:28:58.973841: | id type added to secret(0x557ab3239170) PKK_PSK: @east Sep 21 07:28:58.973844: | id type added to secret(0x557ab3239170) PKK_PSK: @west Sep 21 07:28:58.973848: | Processing PSK at line 1: passed Sep 21 07:28:58.973850: | certs and keys locked by 'process_secret' Sep 21 07:28:58.973853: | certs and keys unlocked by 'process_secret' Sep 21 07:28:58.973858: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:28:58.973863: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:58.973870: | spent 0.324 milliseconds in whack Sep 21 07:28:58.975073: | processing signal PLUTO_SIGCHLD Sep 21 07:28:58.975090: | waitpid returned pid 13293 (exited with status 0) Sep 21 07:28:58.975095: | reaped addconn helper child (status 0) Sep 21 07:28:58.975100: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:58.975106: | spent 0.019 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:59.051134: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:59.051167: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:59.051171: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:28:59.051173: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:59.051176: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:28:59.051179: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:59.051187: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:28:59.051243: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:28:59.051246: | from whack: got --esp= Sep 21 07:28:59.051285: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:28:59.051290: | counting wild cards for @west is 0 Sep 21 07:28:59.051293: | counting wild cards for @east is 0 Sep 21 07:28:59.051305: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:28:59.051309: | new hp@0x557ab3210470 Sep 21 07:28:59.051313: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:59.051324: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:28:59.051336: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:28:59.051343: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:59.051350: | spent 0.226 milliseconds in whack Sep 21 07:28:59.159519: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:59.159547: | old debugging base+cpu-usage + none Sep 21 07:28:59.159552: | base debugging = base+cpu-usage Sep 21 07:28:59.159555: | old impairing none + suppress-retransmits Sep 21 07:28:59.159557: | base impairing = suppress-retransmits Sep 21 07:28:59.159564: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:59.159571: | spent 0.0553 milliseconds in whack Sep 21 07:28:59.330346: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:28:59.330369: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:28:59.330373: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:28:59.330379: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:28:59.330382: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:28:59.330385: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:28:59.330388: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:28:59.330410: | creating state object #1 at 0x557ab3245880 Sep 21 07:28:59.330414: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:28:59.330421: | pstats #1 ikev2.ike started Sep 21 07:28:59.330424: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:28:59.330427: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:28:59.330433: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:28:59.330441: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:28:59.330446: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:28:59.330454: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:28:59.330459: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:59.330463: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Sep 21 07:28:59.330472: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Sep 21 07:28:59.330479: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.330488: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.330492: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.330497: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.330501: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.330506: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.330510: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:28:59.330515: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.330526: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.330532: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:28:59.330536: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557ab3247f30 Sep 21 07:28:59.330540: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:28:59.330543: | libevent_malloc: new ptr-libevent@0x557ab3247f70 size 128 Sep 21 07:28:59.330557: | #1 spent 0.177 milliseconds in ikev2_parent_outI1() Sep 21 07:28:59.330558: | crypto helper 0 resuming Sep 21 07:28:59.330570: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:28:59.330575: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:28:59.331626: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00105 seconds Sep 21 07:28:59.331637: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:28:59.331641: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:28:59.331644: | scheduling resume sending helper answer for #1 Sep 21 07:28:59.331647: | libevent_malloc: new ptr-libevent@0x7fcbac006900 size 128 Sep 21 07:28:59.331653: | crypto helper 0 waiting (nothing to do) Sep 21 07:28:59.330560: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:28:59.331666: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:28:59.331672: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:28:59.331676: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:28:59.331680: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:28:59.331683: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:28:59.331688: | spent 0.258 milliseconds in whack Sep 21 07:28:59.331696: | processing resume sending helper answer for #1 Sep 21 07:28:59.331702: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:28:59.331705: | crypto helper 0 replies to request ID 1 Sep 21 07:28:59.331707: | calling continuation function 0x557ab1a87630 Sep 21 07:28:59.331710: | ikev2_parent_outI1_continue for #1 Sep 21 07:28:59.331739: | **emit ISAKMP Message: Sep 21 07:28:59.331742: | initiator cookie: Sep 21 07:28:59.331745: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.331747: | responder cookie: Sep 21 07:28:59.331749: | 00 00 00 00 00 00 00 00 Sep 21 07:28:59.331752: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:28:59.331755: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.331757: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:28:59.331761: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:28:59.331763: | Message ID: 0 (0x0) Sep 21 07:28:59.331766: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:28:59.331789: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.331794: | Emitting ikev2_proposals ... Sep 21 07:28:59.331797: | ***emit IKEv2 Security Association Payload: Sep 21 07:28:59.331800: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.331802: | flags: none (0x0) Sep 21 07:28:59.331806: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:28:59.331808: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.331811: | discarding INTEG=NONE Sep 21 07:28:59.331814: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.331816: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.331819: | prop #: 1 (0x1) Sep 21 07:28:59.331821: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.331823: | spi size: 0 (0x0) Sep 21 07:28:59.331826: | # transforms: 11 (0xb) Sep 21 07:28:59.331829: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.331831: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331836: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.331839: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.331841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331844: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.331849: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.331851: | length/value: 256 (0x100) Sep 21 07:28:59.331854: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.331857: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331862: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.331864: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.331867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331872: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331875: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331880: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.331882: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.331885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331890: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331892: | discarding INTEG=NONE Sep 21 07:28:59.331894: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331899: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.331902: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.331904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331907: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331910: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331912: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331917: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.331919: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.331922: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331927: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331930: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331934: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.331937: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.331940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331942: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331945: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331947: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331950: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331952: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.331954: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.331959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331964: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331966: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331971: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.331973: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.331976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331981: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.331984: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.331986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331988: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.331991: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.331994: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.331996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.331999: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332001: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332008: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.332011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332014: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332016: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332019: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332021: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.332023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332026: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.332029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332034: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332036: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:28:59.332039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.332041: | discarding INTEG=NONE Sep 21 07:28:59.332044: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.332046: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.332049: | prop #: 2 (0x2) Sep 21 07:28:59.332051: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.332053: | spi size: 0 (0x0) Sep 21 07:28:59.332056: | # transforms: 11 (0xb) Sep 21 07:28:59.332059: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.332063: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.332065: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332068: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332070: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.332073: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.332075: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332078: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.332080: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.332083: | length/value: 128 (0x80) Sep 21 07:28:59.332085: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.332088: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332092: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.332095: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.332098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332103: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332105: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332110: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.332112: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.332115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332120: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332122: | discarding INTEG=NONE Sep 21 07:28:59.332125: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332129: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332132: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.332135: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332140: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332142: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332145: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332149: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.332152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332157: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332160: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332162: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332164: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332167: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.332171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332176: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332179: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332183: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332186: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.332189: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332192: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332194: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332197: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332201: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332204: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.332206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332212: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332214: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332219: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332221: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.332224: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332229: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332232: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332234: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332236: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332239: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.332242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332247: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332249: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332251: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.332254: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332256: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.332259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332264: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332267: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:28:59.332269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.332275: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.332278: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.332280: | prop #: 3 (0x3) Sep 21 07:28:59.332282: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.332285: | spi size: 0 (0x0) Sep 21 07:28:59.332287: | # transforms: 13 (0xd) Sep 21 07:28:59.332290: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.332293: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.332295: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332297: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332300: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.332302: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.332305: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332307: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.332310: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.332312: | length/value: 256 (0x100) Sep 21 07:28:59.332315: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.332317: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332319: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332322: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.332324: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.332327: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332330: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332332: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332334: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332339: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.332342: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.332344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332347: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332350: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332352: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332357: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.332359: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.332362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332367: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332369: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332374: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.332377: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.332379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332387: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332390: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332394: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332397: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.332400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332405: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332407: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332409: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332412: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332414: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.332417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332420: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332422: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332425: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332429: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332432: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.332434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332437: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332440: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332442: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332449: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.332452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332458: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332460: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332467: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.332470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332473: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332475: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332477: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332482: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332486: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.332489: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332494: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332496: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332501: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332503: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.332506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332511: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332514: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332516: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.332518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332521: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.332524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332529: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332531: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:28:59.332534: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.332536: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.332539: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.332541: | prop #: 4 (0x4) Sep 21 07:28:59.332543: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.332546: | spi size: 0 (0x0) Sep 21 07:28:59.332548: | # transforms: 13 (0xd) Sep 21 07:28:59.332551: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.332554: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.332556: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332558: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332561: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.332563: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.332566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332568: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.332571: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.332573: | length/value: 128 (0x80) Sep 21 07:28:59.332575: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.332578: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332580: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332583: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.332585: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.332588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332594: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332597: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332602: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.332604: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:28:59.332607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332612: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332614: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332619: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.332621: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.332624: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332630: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332632: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332637: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.332639: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.332642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332647: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332650: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332657: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.332660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332665: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332667: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332672: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332674: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:28:59.332677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332685: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332689: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332692: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:28:59.332695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332701: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332703: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332708: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332711: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:28:59.332714: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332719: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332721: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332726: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332729: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:28:59.332731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332734: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332737: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332739: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332744: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332746: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:28:59.332749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332754: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332757: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332759: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332761: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332764: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:28:59.332766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332772: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332774: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.332776: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.332779: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.332781: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:28:59.332788: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.332790: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.332792: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.332794: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:28:59.332797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.332800: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:28:59.332802: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:28:59.332805: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:28:59.332807: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.332809: | flags: none (0x0) Sep 21 07:28:59.332811: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.332814: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:28:59.332817: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.332820: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:28:59.332823: | ikev2 g^x d9 26 98 e6 7f 2e 20 e5 4a b6 c1 5b 0a 72 f4 15 Sep 21 07:28:59.332825: | ikev2 g^x 69 bf 7c a2 c0 9c b6 c6 81 b4 e6 47 59 58 01 6a Sep 21 07:28:59.332827: | ikev2 g^x b3 07 4d 2b 7b 5b 87 c9 34 91 ae 82 03 e7 3b 93 Sep 21 07:28:59.332830: | ikev2 g^x f4 db 84 c5 8b af da 94 bf b2 a3 15 07 f9 72 2b Sep 21 07:28:59.332832: | ikev2 g^x 37 bc 8a 8d ba 87 12 51 19 50 d7 11 1f 9d 71 40 Sep 21 07:28:59.332834: | ikev2 g^x a5 d3 d5 5d b7 5e 1c de 04 b7 bd 2d 19 98 80 66 Sep 21 07:28:59.332837: | ikev2 g^x 8e 3f b5 9d 7c fd d3 45 bb f7 00 0e c9 a3 5e 99 Sep 21 07:28:59.332839: | ikev2 g^x e7 07 f0 f6 59 f5 c0 d9 2e 39 79 30 37 23 a5 3b Sep 21 07:28:59.332841: | ikev2 g^x a6 ce 26 5f 01 e5 28 14 7d 39 ac 4f be cb 48 64 Sep 21 07:28:59.332843: | ikev2 g^x 08 a6 4b bc 88 63 85 ea 3a 3d f5 dc f8 26 62 c4 Sep 21 07:28:59.332846: | ikev2 g^x 6d 50 1b 20 3a 6d e7 c3 49 6e 2d b0 8a 8e e6 b9 Sep 21 07:28:59.332848: | ikev2 g^x b1 c9 bf 5c ef 49 8b 1f 54 be 67 02 9d ff 78 90 Sep 21 07:28:59.332850: | ikev2 g^x 64 b9 b8 00 1e f3 c5 7d 67 18 bd e7 ba 75 2c 18 Sep 21 07:28:59.332852: | ikev2 g^x 6f d3 b0 95 6c 87 f5 2a 96 96 f1 e2 ea aa 7e 1d Sep 21 07:28:59.332855: | ikev2 g^x 0d 31 98 02 26 3d 0e 08 8f 1a bd eb 63 d2 71 fc Sep 21 07:28:59.332857: | ikev2 g^x 68 44 9b 91 74 98 e1 ba f5 6c c7 89 52 06 ab d1 Sep 21 07:28:59.332859: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:28:59.332862: | ***emit IKEv2 Nonce Payload: Sep 21 07:28:59.332864: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.332867: | flags: none (0x0) Sep 21 07:28:59.332869: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:28:59.332872: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:28:59.332875: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.332878: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:28:59.332880: | IKEv2 nonce 32 43 8d be 0d ff 43 ba b9 f1 03 c1 50 88 16 7b Sep 21 07:28:59.332883: | IKEv2 nonce b2 7e 44 07 4e f6 78 fa 0f 5e cb 01 7f c4 c9 12 Sep 21 07:28:59.332885: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:28:59.332888: | Adding a v2N Payload Sep 21 07:28:59.332890: | ***emit IKEv2 Notify Payload: Sep 21 07:28:59.332893: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.332895: | flags: none (0x0) Sep 21 07:28:59.332897: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.332900: | SPI size: 0 (0x0) Sep 21 07:28:59.332902: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:28:59.332905: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:59.332908: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.332912: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:28:59.332915: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:28:59.332918: | natd_hash: rcookie is zero Sep 21 07:28:59.332930: | natd_hash: hasher=0x557ab1b5d7a0(20) Sep 21 07:28:59.332933: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.332936: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:28:59.332938: | natd_hash: ip= c0 01 02 2d Sep 21 07:28:59.332940: | natd_hash: port= 01 f4 Sep 21 07:28:59.332943: | natd_hash: hash= b0 f9 6f 37 89 42 77 c3 64 aa d7 4c 51 5f b1 4e Sep 21 07:28:59.332945: | natd_hash: hash= 9a ee 60 e5 Sep 21 07:28:59.332947: | Adding a v2N Payload Sep 21 07:28:59.332950: | ***emit IKEv2 Notify Payload: Sep 21 07:28:59.332952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.332954: | flags: none (0x0) Sep 21 07:28:59.332957: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.332959: | SPI size: 0 (0x0) Sep 21 07:28:59.332961: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:28:59.332964: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:59.332967: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.332970: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:28:59.332972: | Notify data b0 f9 6f 37 89 42 77 c3 64 aa d7 4c 51 5f b1 4e Sep 21 07:28:59.332974: | Notify data 9a ee 60 e5 Sep 21 07:28:59.332976: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:28:59.332979: | natd_hash: rcookie is zero Sep 21 07:28:59.332984: | natd_hash: hasher=0x557ab1b5d7a0(20) Sep 21 07:28:59.332987: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.332989: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:28:59.332991: | natd_hash: ip= c0 01 02 17 Sep 21 07:28:59.332993: | natd_hash: port= 01 f4 Sep 21 07:28:59.332996: | natd_hash: hash= 22 a7 be 3f f8 cd 4b 80 ea 8f a0 f0 24 76 02 62 Sep 21 07:28:59.332998: | natd_hash: hash= 27 85 61 98 Sep 21 07:28:59.333000: | Adding a v2N Payload Sep 21 07:28:59.333002: | ***emit IKEv2 Notify Payload: Sep 21 07:28:59.333005: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.333007: | flags: none (0x0) Sep 21 07:28:59.333010: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.333012: | SPI size: 0 (0x0) Sep 21 07:28:59.333014: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:28:59.333017: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:28:59.333020: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.333023: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:28:59.333025: | Notify data 22 a7 be 3f f8 cd 4b 80 ea 8f a0 f0 24 76 02 62 Sep 21 07:28:59.333027: | Notify data 27 85 61 98 Sep 21 07:28:59.333029: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:28:59.333032: | emitting length of ISAKMP Message: 828 Sep 21 07:28:59.333039: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:28:59.333047: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.333051: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:28:59.333054: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:28:59.333057: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:28:59.333060: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:28:59.333062: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:28:59.333067: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:28:59.333072: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:28:59.333085: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:28:59.333093: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:28:59.333096: | 41 75 14 23 59 b1 14 ea 00 00 00 00 00 00 00 00 Sep 21 07:28:59.333098: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:28:59.333100: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:28:59.333102: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:28:59.333105: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:28:59.333107: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:28:59.333109: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:28:59.333111: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:28:59.333114: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:28:59.333116: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:28:59.333118: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:28:59.333121: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:28:59.333123: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:28:59.333125: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:28:59.333127: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:28:59.333130: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:28:59.333132: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:28:59.333134: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:28:59.333136: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:28:59.333139: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:28:59.333141: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:28:59.333143: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:28:59.333145: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:28:59.333148: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:28:59.333150: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:28:59.333152: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:28:59.333154: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:28:59.333157: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:28:59.333159: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:28:59.333161: | 28 00 01 08 00 0e 00 00 d9 26 98 e6 7f 2e 20 e5 Sep 21 07:28:59.333164: | 4a b6 c1 5b 0a 72 f4 15 69 bf 7c a2 c0 9c b6 c6 Sep 21 07:28:59.333166: | 81 b4 e6 47 59 58 01 6a b3 07 4d 2b 7b 5b 87 c9 Sep 21 07:28:59.333168: | 34 91 ae 82 03 e7 3b 93 f4 db 84 c5 8b af da 94 Sep 21 07:28:59.333170: | bf b2 a3 15 07 f9 72 2b 37 bc 8a 8d ba 87 12 51 Sep 21 07:28:59.333173: | 19 50 d7 11 1f 9d 71 40 a5 d3 d5 5d b7 5e 1c de Sep 21 07:28:59.333175: | 04 b7 bd 2d 19 98 80 66 8e 3f b5 9d 7c fd d3 45 Sep 21 07:28:59.333177: | bb f7 00 0e c9 a3 5e 99 e7 07 f0 f6 59 f5 c0 d9 Sep 21 07:28:59.333179: | 2e 39 79 30 37 23 a5 3b a6 ce 26 5f 01 e5 28 14 Sep 21 07:28:59.333182: | 7d 39 ac 4f be cb 48 64 08 a6 4b bc 88 63 85 ea Sep 21 07:28:59.333184: | 3a 3d f5 dc f8 26 62 c4 6d 50 1b 20 3a 6d e7 c3 Sep 21 07:28:59.333186: | 49 6e 2d b0 8a 8e e6 b9 b1 c9 bf 5c ef 49 8b 1f Sep 21 07:28:59.333188: | 54 be 67 02 9d ff 78 90 64 b9 b8 00 1e f3 c5 7d Sep 21 07:28:59.333190: | 67 18 bd e7 ba 75 2c 18 6f d3 b0 95 6c 87 f5 2a Sep 21 07:28:59.333193: | 96 96 f1 e2 ea aa 7e 1d 0d 31 98 02 26 3d 0e 08 Sep 21 07:28:59.333195: | 8f 1a bd eb 63 d2 71 fc 68 44 9b 91 74 98 e1 ba Sep 21 07:28:59.333197: | f5 6c c7 89 52 06 ab d1 29 00 00 24 32 43 8d be Sep 21 07:28:59.333200: | 0d ff 43 ba b9 f1 03 c1 50 88 16 7b b2 7e 44 07 Sep 21 07:28:59.333203: | 4e f6 78 fa 0f 5e cb 01 7f c4 c9 12 29 00 00 08 Sep 21 07:28:59.333205: | 00 00 40 2e 29 00 00 1c 00 00 40 04 b0 f9 6f 37 Sep 21 07:28:59.333207: | 89 42 77 c3 64 aa d7 4c 51 5f b1 4e 9a ee 60 e5 Sep 21 07:28:59.333210: | 00 00 00 1c 00 00 40 05 22 a7 be 3f f8 cd 4b 80 Sep 21 07:28:59.333212: | ea 8f a0 f0 24 76 02 62 27 85 61 98 Sep 21 07:28:59.333255: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:28:59.333260: | libevent_free: release ptr-libevent@0x557ab3247f70 Sep 21 07:28:59.333263: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557ab3247f30 Sep 21 07:28:59.333266: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:28:59.333268: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:28:59.333275: | event_schedule: new EVENT_RETRANSMIT-pe@0x557ab3247f30 Sep 21 07:28:59.333278: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:28:59.333281: | libevent_malloc: new ptr-libevent@0x557ab3247f70 size 128 Sep 21 07:28:59.333286: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49585.701538 Sep 21 07:28:59.333289: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:28:59.333295: | #1 spent 1.56 milliseconds in resume sending helper answer Sep 21 07:28:59.333300: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:28:59.333303: | libevent_free: release ptr-libevent@0x7fcbac006900 Sep 21 07:28:59.336524: | spent 0.00218 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:28:59.336543: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:28:59.336546: | 41 75 14 23 59 b1 14 ea e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.336549: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:28:59.336551: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:28:59.336553: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:28:59.336556: | 04 00 00 0e 28 00 01 08 00 0e 00 00 54 a1 7f 93 Sep 21 07:28:59.336558: | c1 5f d9 df 67 39 af 9d 39 4f 19 0b 4c ee 50 74 Sep 21 07:28:59.336560: | 5a 30 1e f0 6e 00 35 79 3c 09 8c a7 7d 3a 9e d6 Sep 21 07:28:59.336563: | 1f b6 1f 46 ea 25 4f e8 54 91 3a 04 5f 5b 6b 6f Sep 21 07:28:59.336565: | 9f a9 48 4e 04 46 6a 3b 36 e5 29 2d b5 db f3 4d Sep 21 07:28:59.336567: | 0a c6 b5 0e 03 b2 e5 34 11 1d 37 51 fe 14 95 5b Sep 21 07:28:59.336569: | 01 1c 3c dc 26 47 86 35 d2 99 06 3e 4c 8c 00 f2 Sep 21 07:28:59.336572: | 82 cb af 0f 18 5d 45 a8 64 4b ec 23 7c 7c fe 7d Sep 21 07:28:59.336574: | da bc 1f 90 47 be df 48 df 28 d1 ee e1 11 a6 e8 Sep 21 07:28:59.336576: | 5e c5 d0 e5 85 2c 11 82 a4 c6 72 14 20 66 73 4f Sep 21 07:28:59.336579: | 0e 66 f2 c1 26 c7 5e d6 69 ef bf be 01 3b 7d a3 Sep 21 07:28:59.336581: | 4e f3 58 7f 13 1a 23 0e a0 88 f4 ae 09 94 a6 b3 Sep 21 07:28:59.336583: | d1 d7 44 79 ee 45 fa 00 23 30 93 5c 50 4b 7b db Sep 21 07:28:59.336586: | 9d 57 4c b1 cf ce a7 60 cb 53 06 2c f0 73 63 df Sep 21 07:28:59.336588: | e3 e9 1c be 44 b0 85 fb 30 1e 20 31 e9 2e 6d f5 Sep 21 07:28:59.336590: | f2 35 67 e4 c4 00 40 00 d8 be 3d a6 bb f5 9b e9 Sep 21 07:28:59.336592: | b7 b8 d3 7b 7e b9 8d 88 6c b3 43 b9 29 00 00 24 Sep 21 07:28:59.336595: | 2d 41 ce db a9 e9 2c 74 4a 49 0d c3 18 c1 88 a9 Sep 21 07:28:59.336597: | 3a aa e3 ef ec 3f 01 1f c9 f0 dc 41 4b 57 78 d1 Sep 21 07:28:59.336599: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:28:59.336601: | 48 79 55 0e d0 38 aa 7c d2 25 39 81 00 56 f9 2c Sep 21 07:28:59.336604: | cb df b3 09 00 00 00 1c 00 00 40 05 b2 79 0b b6 Sep 21 07:28:59.336606: | 49 e5 c8 db ed 91 59 29 ce bb 4f 0f ff b4 c6 fc Sep 21 07:28:59.336612: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:28:59.336616: | **parse ISAKMP Message: Sep 21 07:28:59.336618: | initiator cookie: Sep 21 07:28:59.336620: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.336623: | responder cookie: Sep 21 07:28:59.336625: | e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.336628: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:59.336630: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.336633: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:28:59.336635: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:28:59.336638: | Message ID: 0 (0x0) Sep 21 07:28:59.336640: | length: 432 (0x1b0) Sep 21 07:28:59.336643: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:28:59.336647: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:28:59.336650: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:28:59.336656: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:28:59.336661: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:28:59.336663: | #1 is idle Sep 21 07:28:59.336665: | #1 idle Sep 21 07:28:59.336668: | unpacking clear payload Sep 21 07:28:59.336670: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:28:59.336673: | ***parse IKEv2 Security Association Payload: Sep 21 07:28:59.336676: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:28:59.336678: | flags: none (0x0) Sep 21 07:28:59.336680: | length: 40 (0x28) Sep 21 07:28:59.336683: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:28:59.336685: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:28:59.336688: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:28:59.336690: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:28:59.336692: | flags: none (0x0) Sep 21 07:28:59.336695: | length: 264 (0x108) Sep 21 07:28:59.336697: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.336699: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:28:59.336702: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:28:59.336704: | ***parse IKEv2 Nonce Payload: Sep 21 07:28:59.336706: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.336709: | flags: none (0x0) Sep 21 07:28:59.336711: | length: 36 (0x24) Sep 21 07:28:59.336714: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:28:59.336716: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:59.336719: | ***parse IKEv2 Notify Payload: Sep 21 07:28:59.336721: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.336723: | flags: none (0x0) Sep 21 07:28:59.336725: | length: 8 (0x8) Sep 21 07:28:59.336728: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.336730: | SPI size: 0 (0x0) Sep 21 07:28:59.336733: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:28:59.336735: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:28:59.336738: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:59.336740: | ***parse IKEv2 Notify Payload: Sep 21 07:28:59.336742: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:28:59.336745: | flags: none (0x0) Sep 21 07:28:59.336747: | length: 28 (0x1c) Sep 21 07:28:59.336749: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.336752: | SPI size: 0 (0x0) Sep 21 07:28:59.336754: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:28:59.336757: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:28:59.336759: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:28:59.336762: | ***parse IKEv2 Notify Payload: Sep 21 07:28:59.336764: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.336766: | flags: none (0x0) Sep 21 07:28:59.336770: | length: 28 (0x1c) Sep 21 07:28:59.336772: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:28:59.336775: | SPI size: 0 (0x0) Sep 21 07:28:59.336777: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:28:59.336780: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:28:59.336782: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:28:59.336795: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:28:59.336798: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:28:59.336800: | Now let's proceed with state specific processing Sep 21 07:28:59.336803: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:28:59.336806: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:28:59.336823: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:28:59.336827: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:28:59.336830: | local proposal 1 type ENCR has 1 transforms Sep 21 07:28:59.336832: | local proposal 1 type PRF has 2 transforms Sep 21 07:28:59.336835: | local proposal 1 type INTEG has 1 transforms Sep 21 07:28:59.336837: | local proposal 1 type DH has 8 transforms Sep 21 07:28:59.336840: | local proposal 1 type ESN has 0 transforms Sep 21 07:28:59.336843: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:28:59.336845: | local proposal 2 type ENCR has 1 transforms Sep 21 07:28:59.336848: | local proposal 2 type PRF has 2 transforms Sep 21 07:28:59.336850: | local proposal 2 type INTEG has 1 transforms Sep 21 07:28:59.336853: | local proposal 2 type DH has 8 transforms Sep 21 07:28:59.336855: | local proposal 2 type ESN has 0 transforms Sep 21 07:28:59.336858: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:28:59.336860: | local proposal 3 type ENCR has 1 transforms Sep 21 07:28:59.336863: | local proposal 3 type PRF has 2 transforms Sep 21 07:28:59.336865: | local proposal 3 type INTEG has 2 transforms Sep 21 07:28:59.336868: | local proposal 3 type DH has 8 transforms Sep 21 07:28:59.336870: | local proposal 3 type ESN has 0 transforms Sep 21 07:28:59.336873: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:28:59.336875: | local proposal 4 type ENCR has 1 transforms Sep 21 07:28:59.336878: | local proposal 4 type PRF has 2 transforms Sep 21 07:28:59.336880: | local proposal 4 type INTEG has 2 transforms Sep 21 07:28:59.336883: | local proposal 4 type DH has 8 transforms Sep 21 07:28:59.336885: | local proposal 4 type ESN has 0 transforms Sep 21 07:28:59.336888: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:28:59.336890: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.336893: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.336895: | length: 36 (0x24) Sep 21 07:28:59.336898: | prop #: 1 (0x1) Sep 21 07:28:59.336900: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:28:59.336903: | spi size: 0 (0x0) Sep 21 07:28:59.336905: | # transforms: 3 (0x3) Sep 21 07:28:59.336908: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:28:59.336911: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.336915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.336917: | length: 12 (0xc) Sep 21 07:28:59.336920: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.336922: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.336925: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.336927: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.336930: | length/value: 256 (0x100) Sep 21 07:28:59.336934: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:28:59.336936: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.336939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.336941: | length: 8 (0x8) Sep 21 07:28:59.336944: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:28:59.336946: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:28:59.336949: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:28:59.336952: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.336954: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.336956: | length: 8 (0x8) Sep 21 07:28:59.336959: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:28:59.336961: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:28:59.336965: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:28:59.336968: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:28:59.336973: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:28:59.336975: | remote proposal 1 matches local proposal 1 Sep 21 07:28:59.336978: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:28:59.336981: | converting proposal to internal trans attrs Sep 21 07:28:59.336995: | natd_hash: hasher=0x557ab1b5d7a0(20) Sep 21 07:28:59.336998: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.337000: | natd_hash: rcookie= e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.337002: | natd_hash: ip= c0 01 02 2d Sep 21 07:28:59.337005: | natd_hash: port= 01 f4 Sep 21 07:28:59.337007: | natd_hash: hash= b2 79 0b b6 49 e5 c8 db ed 91 59 29 ce bb 4f 0f Sep 21 07:28:59.337009: | natd_hash: hash= ff b4 c6 fc Sep 21 07:28:59.337015: | natd_hash: hasher=0x557ab1b5d7a0(20) Sep 21 07:28:59.337017: | natd_hash: icookie= 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.337019: | natd_hash: rcookie= e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.337022: | natd_hash: ip= c0 01 02 17 Sep 21 07:28:59.337024: | natd_hash: port= 01 f4 Sep 21 07:28:59.337026: | natd_hash: hash= 48 79 55 0e d0 38 aa 7c d2 25 39 81 00 56 f9 2c Sep 21 07:28:59.337028: | natd_hash: hash= cb df b3 09 Sep 21 07:28:59.337031: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:28:59.337033: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:28:59.337035: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:28:59.337039: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:28:59.337044: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:28:59.337047: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:28:59.337050: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:28:59.337053: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:28:59.337056: | libevent_free: release ptr-libevent@0x557ab3247f70 Sep 21 07:28:59.337059: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557ab3247f30 Sep 21 07:28:59.337062: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557ab3247f30 Sep 21 07:28:59.337065: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:28:59.337068: | libevent_malloc: new ptr-libevent@0x557ab3247f70 size 128 Sep 21 07:28:59.337077: | #1 spent 0.269 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:28:59.337083: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.337087: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:28:59.337089: | suspending state #1 and saving MD Sep 21 07:28:59.337092: | #1 is busy; has a suspended MD Sep 21 07:28:59.337096: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:28:59.337100: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:28:59.337104: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:28:59.337108: | #1 spent 0.57 milliseconds in ikev2_process_packet() Sep 21 07:28:59.337112: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:28:59.337115: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:28:59.337118: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:28:59.337121: | spent 0.584 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:28:59.337129: | crypto helper 1 resuming Sep 21 07:28:59.337133: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:28:59.337137: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:28:59.338095: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:28:59.338534: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001396 seconds Sep 21 07:28:59.338541: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:28:59.338544: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:28:59.338547: | scheduling resume sending helper answer for #1 Sep 21 07:28:59.338550: | libevent_malloc: new ptr-libevent@0x7fcba4006b90 size 128 Sep 21 07:28:59.338557: | crypto helper 1 waiting (nothing to do) Sep 21 07:28:59.338777: | processing resume sending helper answer for #1 Sep 21 07:28:59.338791: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:28:59.338798: | crypto helper 1 replies to request ID 2 Sep 21 07:28:59.338800: | calling continuation function 0x557ab1a87630 Sep 21 07:28:59.338803: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:28:59.338811: | creating state object #2 at 0x557ab324a870 Sep 21 07:28:59.338814: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:28:59.338818: | pstats #2 ikev2.child started Sep 21 07:28:59.338820: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:28:59.338825: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:28:59.338832: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:28:59.338836: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:28:59.338841: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:28:59.338844: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:28:59.338847: | libevent_free: release ptr-libevent@0x557ab3247f70 Sep 21 07:28:59.338850: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557ab3247f30 Sep 21 07:28:59.338853: | event_schedule: new EVENT_SA_REPLACE-pe@0x557ab3247f30 Sep 21 07:28:59.338861: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:28:59.338864: | libevent_malloc: new ptr-libevent@0x557ab3247f70 size 128 Sep 21 07:28:59.338867: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:28:59.338873: | **emit ISAKMP Message: Sep 21 07:28:59.338876: | initiator cookie: Sep 21 07:28:59.338878: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.338880: | responder cookie: Sep 21 07:28:59.338883: | e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.338885: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:28:59.338888: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.338891: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:28:59.338893: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:28:59.338896: | Message ID: 1 (0x1) Sep 21 07:28:59.338898: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:28:59.338902: | ***emit IKEv2 Encryption Payload: Sep 21 07:28:59.338904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.338907: | flags: none (0x0) Sep 21 07:28:59.338910: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:28:59.338912: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.338916: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:28:59.338923: | IKEv2 CERT: send a certificate? Sep 21 07:28:59.338926: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:28:59.338928: | IDr payload will be sent Sep 21 07:28:59.338945: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:28:59.338948: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.338950: | flags: none (0x0) Sep 21 07:28:59.338953: | ID type: ID_FQDN (0x2) Sep 21 07:28:59.338956: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:28:59.338959: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.338962: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:28:59.338964: | my identity 77 65 73 74 Sep 21 07:28:59.338967: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:28:59.338975: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:28:59.338978: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:28:59.338980: | flags: none (0x0) Sep 21 07:28:59.338982: | ID type: ID_FQDN (0x2) Sep 21 07:28:59.338985: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:28:59.338988: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:28:59.338991: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.338994: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:28:59.338996: | IDr 65 61 73 74 Sep 21 07:28:59.338999: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:28:59.339001: | not sending INITIAL_CONTACT Sep 21 07:28:59.339004: | ****emit IKEv2 Authentication Payload: Sep 21 07:28:59.339006: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.339009: | flags: none (0x0) Sep 21 07:28:59.339011: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:28:59.339014: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:28:59.339017: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.339023: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:28:59.339027: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:28:59.339030: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:28:59.339033: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:28:59.339037: | 1: compared key @west to @west / @east -> 010 Sep 21 07:28:59.339040: | 2: compared key @east to @west / @east -> 014 Sep 21 07:28:59.339043: | line 1: match=014 Sep 21 07:28:59.339046: | match 014 beats previous best_match 000 match=0x557ab3239170 (line=1) Sep 21 07:28:59.339048: | concluding with best_match=014 best=0x557ab3239170 (lineno=1) Sep 21 07:28:59.339111: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:28:59.339115: | PSK auth 3e e8 14 cb 0e 20 cc 37 f1 50 dc ef 75 cb c8 9e Sep 21 07:28:59.339117: | PSK auth 51 83 b2 a8 cf 3c 77 c4 17 74 9d a8 70 c8 9a c3 Sep 21 07:28:59.339119: | PSK auth 7f 34 f7 53 f7 6a 77 2d 07 90 85 c0 2f 54 3c f5 Sep 21 07:28:59.339122: | PSK auth 01 6d 1e 49 df 83 3a c1 4e 09 d4 1e c2 7e de aa Sep 21 07:28:59.339124: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:28:59.339127: | getting first pending from state #1 Sep 21 07:28:59.339146: | netlink_get_spi: allocated 0x5e01097a for esp.0@192.1.2.45 Sep 21 07:28:59.339150: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:28:59.339157: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:28:59.339163: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:28:59.339166: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:28:59.339170: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:28:59.339173: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:28:59.339177: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.339180: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:28:59.339184: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.339192: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.339202: | Emitting ikev2_proposals ... Sep 21 07:28:59.339205: | ****emit IKEv2 Security Association Payload: Sep 21 07:28:59.339207: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.339209: | flags: none (0x0) Sep 21 07:28:59.339212: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:28:59.339215: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.339218: | discarding INTEG=NONE Sep 21 07:28:59.339220: | discarding DH=NONE Sep 21 07:28:59.339222: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.339225: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.339227: | prop #: 1 (0x1) Sep 21 07:28:59.339230: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.339232: | spi size: 4 (0x4) Sep 21 07:28:59.339235: | # transforms: 2 (0x2) Sep 21 07:28:59.339237: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.339242: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:28:59.339245: | our spi 5e 01 09 7a Sep 21 07:28:59.339247: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339252: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.339255: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.339257: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339260: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.339263: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.339265: | length/value: 256 (0x100) Sep 21 07:28:59.339268: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.339270: | discarding INTEG=NONE Sep 21 07:28:59.339272: | discarding DH=NONE Sep 21 07:28:59.339275: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339277: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.339279: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.339282: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.339285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339288: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339290: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339293: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:28:59.339296: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.339298: | discarding INTEG=NONE Sep 21 07:28:59.339300: | discarding DH=NONE Sep 21 07:28:59.339302: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.339305: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.339307: | prop #: 2 (0x2) Sep 21 07:28:59.339309: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.339312: | spi size: 4 (0x4) Sep 21 07:28:59.339314: | # transforms: 2 (0x2) Sep 21 07:28:59.339317: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.339320: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.339323: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:28:59.339325: | our spi 5e 01 09 7a Sep 21 07:28:59.339327: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339329: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339332: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.339334: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.339337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339339: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.339342: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.339344: | length/value: 128 (0x80) Sep 21 07:28:59.339347: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.339349: | discarding INTEG=NONE Sep 21 07:28:59.339351: | discarding DH=NONE Sep 21 07:28:59.339353: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339355: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.339358: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.339360: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.339363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339370: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339372: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:28:59.339375: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.339377: | discarding DH=NONE Sep 21 07:28:59.339380: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.339382: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.339384: | prop #: 3 (0x3) Sep 21 07:28:59.339387: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.339389: | spi size: 4 (0x4) Sep 21 07:28:59.339391: | # transforms: 4 (0x4) Sep 21 07:28:59.339394: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.339397: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.339399: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:28:59.339402: | our spi 5e 01 09 7a Sep 21 07:28:59.339404: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339409: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.339411: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.339414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339416: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.339419: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.339421: | length/value: 256 (0x100) Sep 21 07:28:59.339423: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.339426: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339431: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.339433: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.339436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339441: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339444: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339448: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.339451: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.339454: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339459: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339461: | discarding DH=NONE Sep 21 07:28:59.339463: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339466: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.339468: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.339470: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.339473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339480: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339482: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:28:59.339485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.339487: | discarding DH=NONE Sep 21 07:28:59.339489: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.339492: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.339494: | prop #: 4 (0x4) Sep 21 07:28:59.339496: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.339499: | spi size: 4 (0x4) Sep 21 07:28:59.339501: | # transforms: 4 (0x4) Sep 21 07:28:59.339504: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:28:59.339506: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:28:59.339509: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:28:59.339511: | our spi 5e 01 09 7a Sep 21 07:28:59.339514: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339518: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.339521: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:28:59.339523: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339526: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.339528: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.339531: | length/value: 128 (0x80) Sep 21 07:28:59.339533: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:28:59.339535: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339540: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.339543: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:28:59.339545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339551: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339553: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339558: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:28:59.339560: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:28:59.339563: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339568: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339570: | discarding DH=NONE Sep 21 07:28:59.339573: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:28:59.339575: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.339577: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.339580: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.339583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.339585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:28:59.339589: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:28:59.339591: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:28:59.339594: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:28:59.339597: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:28:59.339599: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:28:59.339603: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:28:59.339605: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.339607: | flags: none (0x0) Sep 21 07:28:59.339610: | number of TS: 1 (0x1) Sep 21 07:28:59.339613: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:28:59.339616: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.339618: | *****emit IKEv2 Traffic Selector: Sep 21 07:28:59.339621: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.339623: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.339626: | start port: 0 (0x0) Sep 21 07:28:59.339628: | end port: 65535 (0xffff) Sep 21 07:28:59.339631: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:28:59.339633: | IP start c0 00 01 00 Sep 21 07:28:59.339636: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:28:59.339638: | IP end c0 00 01 ff Sep 21 07:28:59.339640: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:28:59.339643: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:28:59.339645: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:28:59.339648: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.339650: | flags: none (0x0) Sep 21 07:28:59.339652: | number of TS: 1 (0x1) Sep 21 07:28:59.339655: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:28:59.339658: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:28:59.339660: | *****emit IKEv2 Traffic Selector: Sep 21 07:28:59.339663: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.339665: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.339667: | start port: 0 (0x0) Sep 21 07:28:59.339670: | end port: 65535 (0xffff) Sep 21 07:28:59.339672: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:28:59.339674: | IP start c0 00 02 00 Sep 21 07:28:59.339677: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:28:59.339679: | IP end c0 00 02 ff Sep 21 07:28:59.339681: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:28:59.339684: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:28:59.339687: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:28:59.339689: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:28:59.339692: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:28:59.339695: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:28:59.339698: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:28:59.339700: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:28:59.339703: | emitting length of ISAKMP Message: 365 Sep 21 07:28:59.339718: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.339723: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.339728: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:28:59.339731: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:28:59.339734: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:28:59.339737: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:28:59.339742: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:28:59.339747: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:28:59.339752: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:28:59.339759: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:28:59.339765: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:28:59.339768: | 41 75 14 23 59 b1 14 ea e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.339770: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:28:59.339772: | d6 b4 58 3a 33 42 7b 6b 37 4d 35 2b 90 34 b8 35 Sep 21 07:28:59.339775: | 55 e0 5e 34 7d c7 57 53 7f 7a d4 f4 5b fa 50 5b Sep 21 07:28:59.339777: | c6 ef 00 be c2 ed a1 3d ff 4f f7 c3 63 3e 21 4f Sep 21 07:28:59.339779: | 0d 26 ef 02 21 6c 08 2f d6 2f 5c 90 db d1 2b 88 Sep 21 07:28:59.339782: | 47 8d 32 a4 bd 01 90 e0 cd 5c 16 db 6e 44 7a af Sep 21 07:28:59.339790: | 22 da 30 dc a0 61 1c eb 16 49 d7 a1 07 a6 5a 39 Sep 21 07:28:59.339792: | 04 34 57 1d 3a 4c d8 82 0e 13 f5 52 f8 73 39 29 Sep 21 07:28:59.339794: | 36 d3 5f 79 ad f6 68 65 93 86 62 59 b1 72 1d 9f Sep 21 07:28:59.339796: | ea f2 09 af 34 9d ae e9 df 3f b6 12 d0 46 1a bd Sep 21 07:28:59.339799: | 22 f0 2e 81 86 99 27 f9 01 18 61 e5 1a b4 87 92 Sep 21 07:28:59.339801: | 09 ab 37 71 f6 7f 50 43 e7 70 31 79 33 58 00 d4 Sep 21 07:28:59.339803: | 28 6c 83 2b c7 41 9e ac cb 23 4d a4 2a 81 cf f7 Sep 21 07:28:59.339805: | 9a 11 c3 4b 2a b7 b0 d6 77 e1 d1 5c cb 49 21 3b Sep 21 07:28:59.339808: | fd d3 37 48 05 71 b9 71 75 00 93 b8 dd 3a 71 78 Sep 21 07:28:59.339810: | bf 28 e8 28 0e 0b 7d e3 bb 40 78 ab a5 85 cd 44 Sep 21 07:28:59.339813: | 6d 30 22 3b 61 64 2d 11 8a 22 4f 76 96 9d 96 db Sep 21 07:28:59.339815: | e3 61 c0 93 bb 56 75 6c 36 13 a2 2e 54 74 c8 0e Sep 21 07:28:59.339817: | 87 b0 c3 c4 6d dc 5b 71 0c 20 14 eb d6 b3 d8 4c Sep 21 07:28:59.339819: | 1c 98 a5 b8 02 55 95 26 9a 8b c0 10 68 56 24 82 Sep 21 07:28:59.339822: | b6 3a f1 ce 58 c5 ee 81 b9 26 97 55 45 61 2f 9d Sep 21 07:28:59.339824: | 4d 90 1e 73 96 7e 77 2a 39 e6 3a c6 39 Sep 21 07:28:59.339862: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:28:59.339866: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:28:59.339872: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fcbac002b20 Sep 21 07:28:59.339875: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:28:59.339878: | libevent_malloc: new ptr-libevent@0x557ab3247d50 size 128 Sep 21 07:28:59.339883: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49585.708135 Sep 21 07:28:59.339886: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:28:59.339892: | #1 spent 1.07 milliseconds in resume sending helper answer Sep 21 07:28:59.339897: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:28:59.339902: | libevent_free: release ptr-libevent@0x7fcba4006b90 Sep 21 07:28:59.428455: | spent 0.00255 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:28:59.428475: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:28:59.428478: | 41 75 14 23 59 b1 14 ea e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.428481: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:28:59.428483: | f1 55 d7 8c 5f dc e1 a2 b2 96 62 ca c6 0a 99 b5 Sep 21 07:28:59.428486: | 27 f3 45 6d f0 7f d0 3a 4c ab 75 56 5b b8 91 ef Sep 21 07:28:59.428488: | 67 74 f1 13 84 23 f8 fb e8 23 47 13 44 44 1f a1 Sep 21 07:28:59.428490: | c9 f9 86 a5 34 e6 0f 5c b4 c0 11 a1 0d fc f1 56 Sep 21 07:28:59.428492: | 14 22 fc 62 66 a9 b1 85 86 c4 52 77 23 79 fd 42 Sep 21 07:28:59.428494: | 33 7a 9e df b4 7d ec 0e f7 52 50 fb fd 9d 90 38 Sep 21 07:28:59.428496: | eb 41 03 d5 33 45 1b c0 43 4c e4 96 ec 68 5d c3 Sep 21 07:28:59.428499: | da da 51 fa 2a 10 c5 e9 13 08 c1 f3 30 5e 8e 8c Sep 21 07:28:59.428501: | 7a da 87 ca eb a5 1a c1 df 91 73 b3 b8 e9 4d 51 Sep 21 07:28:59.428504: | d9 41 a0 98 15 ba cd a9 73 17 94 b9 35 99 e0 67 Sep 21 07:28:59.428506: | ad 28 b1 26 d8 26 0a 89 b1 5d 66 5d 2b 71 38 a5 Sep 21 07:28:59.428508: | 14 23 ed 58 b1 57 25 af 36 d4 14 07 c1 fe 3c 91 Sep 21 07:28:59.428510: | 59 Sep 21 07:28:59.428515: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:28:59.428519: | **parse ISAKMP Message: Sep 21 07:28:59.428521: | initiator cookie: Sep 21 07:28:59.428523: | 41 75 14 23 59 b1 14 ea Sep 21 07:28:59.428526: | responder cookie: Sep 21 07:28:59.428528: | e2 9b c3 98 4f 1e 16 7b Sep 21 07:28:59.428531: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:28:59.428534: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:28:59.428536: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:28:59.428539: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:28:59.428541: | Message ID: 1 (0x1) Sep 21 07:28:59.428543: | length: 225 (0xe1) Sep 21 07:28:59.428546: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:28:59.428550: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:28:59.428554: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:28:59.428561: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:28:59.428564: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:28:59.428568: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:28:59.428572: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:28:59.428575: | #2 is idle Sep 21 07:28:59.428576: | #2 idle Sep 21 07:28:59.428578: | unpacking clear payload Sep 21 07:28:59.428580: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:28:59.428582: | ***parse IKEv2 Encryption Payload: Sep 21 07:28:59.428583: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:28:59.428585: | flags: none (0x0) Sep 21 07:28:59.428587: | length: 197 (0xc5) Sep 21 07:28:59.428588: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:28:59.428590: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:28:59.428602: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:28:59.428604: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:28:59.428606: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:28:59.428608: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:28:59.428609: | flags: none (0x0) Sep 21 07:28:59.428611: | length: 12 (0xc) Sep 21 07:28:59.428612: | ID type: ID_FQDN (0x2) Sep 21 07:28:59.428614: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:28:59.428617: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:28:59.428619: | **parse IKEv2 Authentication Payload: Sep 21 07:28:59.428621: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:28:59.428622: | flags: none (0x0) Sep 21 07:28:59.428624: | length: 72 (0x48) Sep 21 07:28:59.428625: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:28:59.428627: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:28:59.428628: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:28:59.428630: | **parse IKEv2 Security Association Payload: Sep 21 07:28:59.428631: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:28:59.428632: | flags: none (0x0) Sep 21 07:28:59.428634: | length: 36 (0x24) Sep 21 07:28:59.428635: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:28:59.428637: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:28:59.428638: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:28:59.428640: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:28:59.428641: | flags: none (0x0) Sep 21 07:28:59.428642: | length: 24 (0x18) Sep 21 07:28:59.428644: | number of TS: 1 (0x1) Sep 21 07:28:59.428645: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:28:59.428647: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:28:59.428648: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:28:59.428650: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:28:59.428651: | flags: none (0x0) Sep 21 07:28:59.428652: | length: 24 (0x18) Sep 21 07:28:59.428654: | number of TS: 1 (0x1) Sep 21 07:28:59.428655: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:28:59.428657: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:28:59.428659: | Now let's proceed with state specific processing Sep 21 07:28:59.428660: | calling processor Initiator: process IKE_AUTH response Sep 21 07:28:59.428664: | offered CA: '%none' Sep 21 07:28:59.428667: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:28:59.428700: | verifying AUTH payload Sep 21 07:28:59.428704: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:28:59.428708: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:28:59.428711: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:28:59.428713: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:28:59.428716: | 1: compared key @west to @west / @east -> 010 Sep 21 07:28:59.428719: | 2: compared key @east to @west / @east -> 014 Sep 21 07:28:59.428721: | line 1: match=014 Sep 21 07:28:59.428724: | match 014 beats previous best_match 000 match=0x557ab3239170 (line=1) Sep 21 07:28:59.428726: | concluding with best_match=014 best=0x557ab3239170 (lineno=1) Sep 21 07:28:59.428788: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Sep 21 07:28:59.428798: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:28:59.428803: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:28:59.428806: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:28:59.428809: | libevent_free: release ptr-libevent@0x557ab3247f70 Sep 21 07:28:59.428811: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557ab3247f30 Sep 21 07:28:59.428814: | event_schedule: new EVENT_SA_REKEY-pe@0x557ab3247f30 Sep 21 07:28:59.428817: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:28:59.428820: | libevent_malloc: new ptr-libevent@0x557ab3247f70 size 128 Sep 21 07:28:59.429036: | pstats #1 ikev2.ike established Sep 21 07:28:59.429043: | TSi: parsing 1 traffic selectors Sep 21 07:28:59.429046: | ***parse IKEv2 Traffic Selector: Sep 21 07:28:59.429049: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.429051: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.429053: | length: 16 (0x10) Sep 21 07:28:59.429055: | start port: 0 (0x0) Sep 21 07:28:59.429060: | end port: 65535 (0xffff) Sep 21 07:28:59.429062: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:28:59.429064: | TS low c0 00 01 00 Sep 21 07:28:59.429067: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:28:59.429069: | TS high c0 00 01 ff Sep 21 07:28:59.429072: | TSi: parsed 1 traffic selectors Sep 21 07:28:59.429074: | TSr: parsing 1 traffic selectors Sep 21 07:28:59.429076: | ***parse IKEv2 Traffic Selector: Sep 21 07:28:59.429079: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:28:59.429081: | IP Protocol ID: 0 (0x0) Sep 21 07:28:59.429083: | length: 16 (0x10) Sep 21 07:28:59.429085: | start port: 0 (0x0) Sep 21 07:28:59.429087: | end port: 65535 (0xffff) Sep 21 07:28:59.429089: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:28:59.429092: | TS low c0 00 02 00 Sep 21 07:28:59.429094: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:28:59.429096: | TS high c0 00 02 ff Sep 21 07:28:59.429098: | TSr: parsed 1 traffic selectors Sep 21 07:28:59.429105: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:28:59.429109: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:59.429116: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:28:59.429119: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:28:59.429122: | TSi[0] port match: YES fitness 65536 Sep 21 07:28:59.429124: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:28:59.429127: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:59.429131: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:28:59.429137: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:28:59.429140: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:28:59.429142: | TSr[0] port match: YES fitness 65536 Sep 21 07:28:59.429145: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:28:59.429147: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:28:59.429150: | best fit so far: TSi[0] TSr[0] Sep 21 07:28:59.429152: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:28:59.429154: | printing contents struct traffic_selector Sep 21 07:28:59.429157: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:28:59.429159: | ipprotoid: 0 Sep 21 07:28:59.429161: | port range: 0-65535 Sep 21 07:28:59.429165: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:28:59.429168: | printing contents struct traffic_selector Sep 21 07:28:59.429170: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:28:59.429172: | ipprotoid: 0 Sep 21 07:28:59.429174: | port range: 0-65535 Sep 21 07:28:59.429177: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:28:59.429187: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:28:59.429189: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:28:59.429192: | local proposal 1 type ENCR has 1 transforms Sep 21 07:28:59.429193: | local proposal 1 type PRF has 0 transforms Sep 21 07:28:59.429195: | local proposal 1 type INTEG has 1 transforms Sep 21 07:28:59.429196: | local proposal 1 type DH has 1 transforms Sep 21 07:28:59.429198: | local proposal 1 type ESN has 1 transforms Sep 21 07:28:59.429200: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:28:59.429202: | local proposal 2 type ENCR has 1 transforms Sep 21 07:28:59.429205: | local proposal 2 type PRF has 0 transforms Sep 21 07:28:59.429206: | local proposal 2 type INTEG has 1 transforms Sep 21 07:28:59.429208: | local proposal 2 type DH has 1 transforms Sep 21 07:28:59.429209: | local proposal 2 type ESN has 1 transforms Sep 21 07:28:59.429211: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:28:59.429212: | local proposal 3 type ENCR has 1 transforms Sep 21 07:28:59.429214: | local proposal 3 type PRF has 0 transforms Sep 21 07:28:59.429215: | local proposal 3 type INTEG has 2 transforms Sep 21 07:28:59.429217: | local proposal 3 type DH has 1 transforms Sep 21 07:28:59.429218: | local proposal 3 type ESN has 1 transforms Sep 21 07:28:59.429220: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:28:59.429222: | local proposal 4 type ENCR has 1 transforms Sep 21 07:28:59.429223: | local proposal 4 type PRF has 0 transforms Sep 21 07:28:59.429224: | local proposal 4 type INTEG has 2 transforms Sep 21 07:28:59.429226: | local proposal 4 type DH has 1 transforms Sep 21 07:28:59.429227: | local proposal 4 type ESN has 1 transforms Sep 21 07:28:59.429229: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:28:59.429231: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:28:59.429233: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:28:59.429235: | length: 32 (0x20) Sep 21 07:28:59.429236: | prop #: 1 (0x1) Sep 21 07:28:59.429238: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:28:59.429239: | spi size: 4 (0x4) Sep 21 07:28:59.429241: | # transforms: 2 (0x2) Sep 21 07:28:59.429243: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:28:59.429244: | remote SPI 84 4d f3 04 Sep 21 07:28:59.429246: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:28:59.429248: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.429250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:28:59.429251: | length: 12 (0xc) Sep 21 07:28:59.429253: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:28:59.429254: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:28:59.429256: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:28:59.429257: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:28:59.429259: | length/value: 256 (0x100) Sep 21 07:28:59.429262: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:28:59.429263: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:28:59.429265: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:28:59.429266: | length: 8 (0x8) Sep 21 07:28:59.429268: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:28:59.429269: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:28:59.429272: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:28:59.429274: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:28:59.429276: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:28:59.429278: | remote proposal 1 matches local proposal 1 Sep 21 07:28:59.429280: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:28:59.429283: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=844df304;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:28:59.429284: | converting proposal to internal trans attrs Sep 21 07:28:59.429288: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:28:59.429411: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:28:59.429415: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:28:59.429417: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:28:59.429419: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:28:59.429422: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:28:59.429427: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:28:59.429429: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:28:59.429431: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:28:59.429434: | AES_GCM_16 requires 4 salt bytes Sep 21 07:28:59.429435: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:28:59.429438: | setting IPsec SA replay-window to 32 Sep 21 07:28:59.429440: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:28:59.429442: | netlink: enabling tunnel mode Sep 21 07:28:59.429444: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:28:59.429446: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:28:59.429519: | netlink response for Add SA esp.844df304@192.1.2.23 included non-error error Sep 21 07:28:59.429527: | set up outgoing SA, ref=0/0 Sep 21 07:28:59.429531: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:28:59.429535: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:28:59.429538: | AES_GCM_16 requires 4 salt bytes Sep 21 07:28:59.429542: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:28:59.429546: | setting IPsec SA replay-window to 32 Sep 21 07:28:59.429550: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:28:59.429556: | netlink: enabling tunnel mode Sep 21 07:28:59.429560: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:28:59.429563: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:28:59.429617: | netlink response for Add SA esp.5e01097a@192.1.2.45 included non-error error Sep 21 07:28:59.429622: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:28:59.429632: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:28:59.429639: | IPsec Sa SPD priority set to 1042407 Sep 21 07:28:59.429696: | raw_eroute result=success Sep 21 07:28:59.429702: | set up incoming SA, ref=0/0 Sep 21 07:28:59.429705: | sr for #2: unrouted Sep 21 07:28:59.429708: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:28:59.429711: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:28:59.429714: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:28:59.429717: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:28:59.429721: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:28:59.429728: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:28:59.429733: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:28:59.429742: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:28:59.429746: | IPsec Sa SPD priority set to 1042407 Sep 21 07:28:59.429775: | raw_eroute result=success Sep 21 07:28:59.429781: | running updown command "ipsec _updown" for verb up Sep 21 07:28:59.429788: | command executing up-client Sep 21 07:28:59.429824: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:28:59.429831: | popen cmd is 1049 chars long Sep 21 07:28:59.429836: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:28:59.429839: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Sep 21 07:28:59.429843: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Sep 21 07:28:59.429846: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Sep 21 07:28:59.429850: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Sep 21 07:28:59.429853: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Sep 21 07:28:59.429857: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:28:59.429861: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Sep 21 07:28:59.429864: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:28:59.429868: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:28:59.429871: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:28:59.429874: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:28:59.429876: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x844df304 SPI_OUT=0x5e01097a ipsec _up: Sep 21 07:28:59.429879: | cmd(1040):down 2>&1: Sep 21 07:28:59.443221: | route_and_eroute: firewall_notified: true Sep 21 07:28:59.443234: | running updown command "ipsec _updown" for verb prepare Sep 21 07:28:59.443238: | command executing prepare-client Sep 21 07:28:59.443268: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Sep 21 07:28:59.443272: | popen cmd is 1054 chars long Sep 21 07:28:59.443275: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:28:59.443278: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:28:59.443280: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:28:59.443283: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:28:59.443285: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Sep 21 07:28:59.443288: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:28:59.443293: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:28:59.443295: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:28:59.443298: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:28:59.443300: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:28:59.443303: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:28:59.443306: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:28:59.443308: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x844df304 SPI_OUT=0x5e01097a ipse: Sep 21 07:28:59.443310: | cmd(1040):c _updown 2>&1: Sep 21 07:28:59.467549: | running updown command "ipsec _updown" for verb route Sep 21 07:28:59.467560: | command executing route-client Sep 21 07:28:59.467591: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Sep 21 07:28:59.467595: | popen cmd is 1052 chars long Sep 21 07:28:59.467598: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:28:59.467601: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Sep 21 07:28:59.467603: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Sep 21 07:28:59.467605: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Sep 21 07:28:59.467608: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Sep 21 07:28:59.467611: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:28:59.467613: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:28:59.467615: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:28:59.467618: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Sep 21 07:28:59.467620: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:28:59.467622: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:28:59.467625: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:28:59.467627: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x844df304 SPI_OUT=0x5e01097a ipsec : Sep 21 07:28:59.467629: | cmd(1040):_updown 2>&1: Sep 21 07:28:59.481822: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x557ab3244aa0,sr=0x557ab3244aa0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:28:59.481905: | #1 spent 0.943 milliseconds in install_ipsec_sa() Sep 21 07:28:59.481912: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:28:59.481918: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:28:59.481921: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:28:59.481926: | libevent_free: release ptr-libevent@0x557ab3247d50 Sep 21 07:28:59.481929: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fcbac002b20 Sep 21 07:28:59.481934: | #2 spent 1.59 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:28:59.481942: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:28:59.481945: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:28:59.481948: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:28:59.481952: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:28:59.481955: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:28:59.481960: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:28:59.481965: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:28:59.481968: | pstats #2 ikev2.child established Sep 21 07:28:59.481976: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:28:59.481988: | NAT-T: encaps is 'auto' Sep 21 07:28:59.481993: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x844df304 <0x5e01097a xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:28:59.481997: | releasing whack for #2 (sock=fd@25) Sep 21 07:28:59.482000: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:28:59.482185: | releasing whack and unpending for parent #1 Sep 21 07:28:59.482189: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:59.482194: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:28:59.482197: | removing pending policy for no connection {0x557ab3217740} Sep 21 07:28:59.482206: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:28:59.482211: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:28:59.482214: | event_schedule: new EVENT_SA_REKEY-pe@0x7fcbac002b20 Sep 21 07:28:59.482217: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:28:59.482221: | libevent_malloc: new ptr-libevent@0x557ab3247d50 size 128 Sep 21 07:28:59.482227: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:28:59.482232: | #1 spent 1.9 milliseconds in ikev2_process_packet() Sep 21 07:28:59.482237: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:28:59.482240: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:28:59.482243: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:28:59.482247: | spent 1.92 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:28:59.482260: | processing signal PLUTO_SIGCHLD Sep 21 07:28:59.482265: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:59.482269: | spent 0.0053 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:59.482272: | processing signal PLUTO_SIGCHLD Sep 21 07:28:59.482275: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:59.482279: | spent 0.00353 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:28:59.482281: | processing signal PLUTO_SIGCHLD Sep 21 07:28:59.482284: | waitpid returned ECHILD (no child processes left) Sep 21 07:28:59.482287: | spent 0.00331 milliseconds in signal handler PLUTO_SIGCHLD