Sep 21 07:25:29.831344: FIPS Product: YES Sep 21 07:25:29.831373: FIPS Kernel: NO Sep 21 07:25:29.831375: FIPS Mode: NO Sep 21 07:25:29.831376: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:29.831517: Initializing NSS Sep 21 07:25:29.831520: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:29.861440: NSS initialized Sep 21 07:25:29.861449: NSS crypto library initialized Sep 21 07:25:29.861451: FIPS HMAC integrity support [enabled] Sep 21 07:25:29.861452: FIPS mode disabled for pluto daemon Sep 21 07:25:29.904676: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:29.904762: libcap-ng support [enabled] Sep 21 07:25:29.904774: Linux audit support [enabled] Sep 21 07:25:29.904825: Linux audit activated Sep 21 07:25:29.904835: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8539 Sep 21 07:25:29.904838: core dump dir: /tmp Sep 21 07:25:29.904841: secrets file: /etc/ipsec.secrets Sep 21 07:25:29.904843: leak-detective disabled Sep 21 07:25:29.904844: NSS crypto [enabled] Sep 21 07:25:29.904846: XAUTH PAM support [enabled] Sep 21 07:25:29.904919: | libevent is using pluto's memory allocator Sep 21 07:25:29.904925: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:29.904938: | libevent_malloc: new ptr-libevent@0x5638c7e0c1c0 size 40 Sep 21 07:25:29.904940: | libevent_malloc: new ptr-libevent@0x5638c7e0d470 size 40 Sep 21 07:25:29.904942: | libevent_malloc: new ptr-libevent@0x5638c7e0d4a0 size 40 Sep 21 07:25:29.904944: | creating event base Sep 21 07:25:29.904946: | libevent_malloc: new ptr-libevent@0x5638c7e0d430 size 56 Sep 21 07:25:29.904948: | libevent_malloc: new ptr-libevent@0x5638c7e0d4d0 size 664 Sep 21 07:25:29.904956: | libevent_malloc: new ptr-libevent@0x5638c7e0d770 size 24 Sep 21 07:25:29.904959: | libevent_malloc: new ptr-libevent@0x5638c7dfef80 size 384 Sep 21 07:25:29.904966: | libevent_malloc: new ptr-libevent@0x5638c7e0d790 size 16 Sep 21 07:25:29.904968: | libevent_malloc: new ptr-libevent@0x5638c7e0d7b0 size 40 Sep 21 07:25:29.904969: | libevent_malloc: new ptr-libevent@0x5638c7e0d7e0 size 48 Sep 21 07:25:29.904975: | libevent_realloc: new ptr-libevent@0x5638c7d8f370 size 256 Sep 21 07:25:29.904976: | libevent_malloc: new ptr-libevent@0x5638c7e0d820 size 16 Sep 21 07:25:29.904980: | libevent_free: release ptr-libevent@0x5638c7e0d430 Sep 21 07:25:29.904983: | libevent initialized Sep 21 07:25:29.904985: | libevent_realloc: new ptr-libevent@0x5638c7e0d840 size 64 Sep 21 07:25:29.904987: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:29.905001: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:29.905003: NAT-Traversal support [enabled] Sep 21 07:25:29.905005: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:29.905009: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:29.905011: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:29.905039: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:29.905041: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:29.905043: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:29.905079: Encryption algorithms: Sep 21 07:25:29.905085: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:29.905087: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:29.905090: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:29.905092: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:29.905094: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:29.905100: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:29.905102: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:29.905104: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:29.905107: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:29.905109: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:29.905111: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:29.905113: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:29.905115: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:29.905117: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:29.905119: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:29.905121: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:29.905123: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:29.905128: Hash algorithms: Sep 21 07:25:29.905130: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:29.905132: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:29.905133: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:29.905135: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:29.905137: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:29.905146: PRF algorithms: Sep 21 07:25:29.905147: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:29.905149: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:29.905151: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:29.905153: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:29.905155: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:29.905157: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:29.905172: Integrity algorithms: Sep 21 07:25:29.905174: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:29.905177: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:29.905179: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:29.905181: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:29.905184: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:29.905185: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:29.905188: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:29.905189: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:29.905191: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:29.905199: DH algorithms: Sep 21 07:25:29.905201: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:29.905202: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:29.905204: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:29.905207: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:29.905209: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:29.905211: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:29.905212: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:29.905214: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:29.905216: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:29.905218: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:29.905220: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:29.905221: testing CAMELLIA_CBC: Sep 21 07:25:29.905223: Camellia: 16 bytes with 128-bit key Sep 21 07:25:29.905311: Camellia: 16 bytes with 128-bit key Sep 21 07:25:29.905329: Camellia: 16 bytes with 256-bit key Sep 21 07:25:29.905349: Camellia: 16 bytes with 256-bit key Sep 21 07:25:29.905367: testing AES_GCM_16: Sep 21 07:25:29.905370: empty string Sep 21 07:25:29.905388: one block Sep 21 07:25:29.905405: two blocks Sep 21 07:25:29.905422: two blocks with associated data Sep 21 07:25:29.905439: testing AES_CTR: Sep 21 07:25:29.905441: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:29.905458: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:29.905477: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:29.905495: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:29.905512: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:29.905530: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:29.905548: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:29.905567: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:29.905584: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:29.905600: testing AES_CBC: Sep 21 07:25:29.905602: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:29.905618: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:29.905634: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:29.905651: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:29.905674: testing AES_XCBC: Sep 21 07:25:29.905676: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:29.905750: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:29.905837: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:29.905914: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:29.906003: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:29.906144: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:29.906373: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:29.906710: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:29.906892: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:29.907049: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:29.907314: testing HMAC_MD5: Sep 21 07:25:29.907318: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:29.907512: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:29.907692: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:29.907937: 8 CPU cores online Sep 21 07:25:29.907945: starting up 7 crypto helpers Sep 21 07:25:29.907988: started thread for crypto helper 0 Sep 21 07:25:29.908018: started thread for crypto helper 1 Sep 21 07:25:29.908019: | starting up helper thread 0 Sep 21 07:25:29.908039: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:29.908039: started thread for crypto helper 2 Sep 21 07:25:29.908066: | starting up helper thread 2 Sep 21 07:25:29.908094: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:29.908058: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:29.908126: | starting up helper thread 1 Sep 21 07:25:29.908125: | starting up helper thread 3 Sep 21 07:25:29.908119: started thread for crypto helper 3 Sep 21 07:25:29.908171: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:29.908148: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:29.908208: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:29.908173: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:29.908230: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:29.908233: | starting up helper thread 4 Sep 21 07:25:29.908243: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:29.908246: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:29.908231: started thread for crypto helper 4 Sep 21 07:25:29.908327: started thread for crypto helper 5 Sep 21 07:25:29.908346: | starting up helper thread 5 Sep 21 07:25:29.908352: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:29.908353: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:29.908359: started thread for crypto helper 6 Sep 21 07:25:29.908362: | checking IKEv1 state table Sep 21 07:25:29.908365: | starting up helper thread 6 Sep 21 07:25:29.908374: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:29.908376: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:29.908368: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908382: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:29.908385: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908386: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:29.908388: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:29.908389: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:29.908391: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.908392: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.908407: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:29.908408: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:29.908409: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.908411: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.908412: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:29.908414: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:29.908415: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:29.908416: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:29.908418: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:29.908419: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:29.908420: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:29.908422: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:29.908423: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:29.908424: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908426: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:29.908427: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908429: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908430: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:29.908432: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908433: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:29.908434: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:29.908436: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:29.908437: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:29.908439: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:29.908440: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:29.908441: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908443: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:29.908444: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908446: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:29.908450: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:29.908452: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:29.908453: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:29.908455: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:29.908456: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:29.908458: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:29.908459: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908460: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:29.908462: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908463: | INFO: category: informational flags: 0: Sep 21 07:25:29.908465: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908466: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:29.908467: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908469: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:29.908470: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:29.908472: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:29.908473: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:29.908475: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:29.908476: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:29.908478: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:29.908479: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:29.908481: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:29.908482: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.908483: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:29.908485: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:29.908486: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.908488: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:29.908489: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:29.908491: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:29.908495: | checking IKEv2 state table Sep 21 07:25:29.908499: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:29.908501: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:29.908503: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908505: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:29.908506: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:29.908508: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:29.908510: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:29.908511: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:29.908513: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:29.908514: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:29.908516: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:29.908518: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:29.908519: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:29.908521: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:29.908522: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:29.908524: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:29.908525: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908527: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:29.908528: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.908530: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:29.908531: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:29.908533: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:29.908536: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:29.908538: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:29.908539: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:29.908541: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:29.908542: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.908544: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:29.908545: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:29.908547: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:29.908549: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.908550: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:29.908552: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:29.908553: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:29.908555: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.908557: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:29.908558: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:29.908560: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:29.908561: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:29.908563: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:29.908565: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:29.908566: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:29.908568: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:29.908569: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:29.908571: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:29.908573: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:29.908574: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:29.908632: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:29.908679: | Hard-wiring algorithms Sep 21 07:25:29.908682: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:29.908685: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:29.908686: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:29.908687: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:29.908689: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:29.908690: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:29.908692: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:29.908693: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:29.908694: | adding AES_CTR to kernel algorithm db Sep 21 07:25:29.908696: | adding AES_CBC to kernel algorithm db Sep 21 07:25:29.908697: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:29.908699: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:29.908700: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:29.908702: | adding NULL to kernel algorithm db Sep 21 07:25:29.908703: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:29.908705: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:29.908706: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:29.908708: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:29.908709: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:29.908711: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:29.908713: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:29.908714: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:29.908715: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:29.908717: | adding NONE to kernel algorithm db Sep 21 07:25:29.908736: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:29.908740: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:29.908741: | setup kernel fd callback Sep 21 07:25:29.908743: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5638c7e17be0 Sep 21 07:25:29.908747: | libevent_malloc: new ptr-libevent@0x5638c7e1efb0 size 128 Sep 21 07:25:29.908749: | libevent_malloc: new ptr-libevent@0x5638c7e12e50 size 16 Sep 21 07:25:29.908753: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5638c7e12480 Sep 21 07:25:29.908755: | libevent_malloc: new ptr-libevent@0x5638c7e1f040 size 128 Sep 21 07:25:29.908756: | libevent_malloc: new ptr-libevent@0x5638c7e0d890 size 16 Sep 21 07:25:29.908964: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:29.908974: selinux support is enabled. Sep 21 07:25:29.909035: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:29.909159: | unbound context created - setting debug level to 5 Sep 21 07:25:29.909179: | /etc/hosts lookups activated Sep 21 07:25:29.909190: | /etc/resolv.conf usage activated Sep 21 07:25:29.909222: | outgoing-port-avoid set 0-65535 Sep 21 07:25:29.909238: | outgoing-port-permit set 32768-60999 Sep 21 07:25:29.909240: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:29.909242: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:29.909244: | Setting up events, loop start Sep 21 07:25:29.909246: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5638c7e121d0 Sep 21 07:25:29.909248: | libevent_malloc: new ptr-libevent@0x5638c7e295b0 size 128 Sep 21 07:25:29.909249: | libevent_malloc: new ptr-libevent@0x5638c7e29640 size 16 Sep 21 07:25:29.909253: | libevent_realloc: new ptr-libevent@0x5638c7d8d6c0 size 256 Sep 21 07:25:29.909255: | libevent_malloc: new ptr-libevent@0x5638c7e29660 size 8 Sep 21 07:25:29.909257: | libevent_realloc: new ptr-libevent@0x5638c7e1e3b0 size 144 Sep 21 07:25:29.909258: | libevent_malloc: new ptr-libevent@0x5638c7e29680 size 152 Sep 21 07:25:29.909261: | libevent_malloc: new ptr-libevent@0x5638c7e29720 size 16 Sep 21 07:25:29.909263: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:29.909265: | libevent_malloc: new ptr-libevent@0x5638c7e29740 size 8 Sep 21 07:25:29.909267: | libevent_malloc: new ptr-libevent@0x5638c7e29760 size 152 Sep 21 07:25:29.909268: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:29.909270: | libevent_malloc: new ptr-libevent@0x5638c7e29800 size 8 Sep 21 07:25:29.909271: | libevent_malloc: new ptr-libevent@0x5638c7e29820 size 152 Sep 21 07:25:29.909273: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:29.909275: | libevent_malloc: new ptr-libevent@0x5638c7e298c0 size 8 Sep 21 07:25:29.909276: | libevent_realloc: release ptr-libevent@0x5638c7e1e3b0 Sep 21 07:25:29.909278: | libevent_realloc: new ptr-libevent@0x5638c7e298e0 size 256 Sep 21 07:25:29.909279: | libevent_malloc: new ptr-libevent@0x5638c7e1e3b0 size 152 Sep 21 07:25:29.909281: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:29.909545: | created addconn helper (pid:8609) using fork+execve Sep 21 07:25:29.909555: | forked child 8609 Sep 21 07:25:29.909584: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.909595: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:29.909605: listening for IKE messages Sep 21 07:25:29.912298: | Inspecting interface lo Sep 21 07:25:29.912317: | found lo with address 127.0.0.1 Sep 21 07:25:29.912323: | Inspecting interface eth0 Sep 21 07:25:29.912328: | found eth0 with address 192.0.2.254 Sep 21 07:25:29.912331: | Inspecting interface eth0 Sep 21 07:25:29.912336: | found eth0 with address 192.0.22.251 Sep 21 07:25:29.912339: | Inspecting interface eth0 Sep 21 07:25:29.912344: | found eth0 with address 192.0.22.254 Sep 21 07:25:29.912346: | Inspecting interface eth0 Sep 21 07:25:29.912351: | found eth0 with address 192.0.2.251 Sep 21 07:25:29.912360: | Inspecting interface eth1 Sep 21 07:25:29.912366: | found eth1 with address 192.1.2.23 Sep 21 07:25:29.912430: Kernel supports NIC esp-hw-offload Sep 21 07:25:29.912444: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:25:29.912464: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.912468: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.912470: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:29.912500: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.251:500 Sep 21 07:25:29.912527: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.912532: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.912536: adding interface eth0/eth0 192.0.2.251:4500 Sep 21 07:25:29.912563: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.254:500 Sep 21 07:25:29.912585: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.912590: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.912594: adding interface eth0/eth0 192.0.22.254:4500 Sep 21 07:25:29.912621: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.251:500 Sep 21 07:25:29.912644: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.912650: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.912654: adding interface eth0/eth0 192.0.22.251:4500 Sep 21 07:25:29.912681: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:25:29.912705: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.912711: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.912715: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:29.912741: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:29.912762: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.912768: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.912773: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:29.912862: | no interfaces to sort Sep 21 07:25:29.912869: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:29.912883: | add_fd_read_event_handler: new ethX-pe@0x5638c7e29fb0 Sep 21 07:25:29.912887: | libevent_malloc: new ptr-libevent@0x5638c7e29ff0 size 128 Sep 21 07:25:29.912892: | libevent_malloc: new ptr-libevent@0x5638c7e2a080 size 16 Sep 21 07:25:29.912901: | setup callback for interface lo 127.0.0.1:4500 fd 28 Sep 21 07:25:29.912905: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a0a0 Sep 21 07:25:29.912908: | libevent_malloc: new ptr-libevent@0x5638c7e2a0e0 size 128 Sep 21 07:25:29.912915: | libevent_malloc: new ptr-libevent@0x5638c7e2a170 size 16 Sep 21 07:25:29.912922: | setup callback for interface lo 127.0.0.1:500 fd 27 Sep 21 07:25:29.912926: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a190 Sep 21 07:25:29.912929: | libevent_malloc: new ptr-libevent@0x5638c7e2a1d0 size 128 Sep 21 07:25:29.912932: | libevent_malloc: new ptr-libevent@0x5638c7e2a260 size 16 Sep 21 07:25:29.912938: | setup callback for interface eth0 192.0.2.254:4500 fd 26 Sep 21 07:25:29.912941: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a280 Sep 21 07:25:29.912945: | libevent_malloc: new ptr-libevent@0x5638c7e2a2c0 size 128 Sep 21 07:25:29.912948: | libevent_malloc: new ptr-libevent@0x5638c7e2a350 size 16 Sep 21 07:25:29.912953: | setup callback for interface eth0 192.0.2.254:500 fd 25 Sep 21 07:25:29.912957: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a370 Sep 21 07:25:29.912960: | libevent_malloc: new ptr-libevent@0x5638c7e2aa70 size 128 Sep 21 07:25:29.912964: | libevent_malloc: new ptr-libevent@0x5638c7e2a3b0 size 16 Sep 21 07:25:29.912969: | setup callback for interface eth0 192.0.22.251:4500 fd 24 Sep 21 07:25:29.912973: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2ab00 Sep 21 07:25:29.912981: | libevent_malloc: new ptr-libevent@0x5638c7e2ab40 size 128 Sep 21 07:25:29.912986: | libevent_malloc: new ptr-libevent@0x5638c7e2a3d0 size 16 Sep 21 07:25:29.912992: | setup callback for interface eth0 192.0.22.251:500 fd 23 Sep 21 07:25:29.912995: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2abd0 Sep 21 07:25:29.912998: | libevent_malloc: new ptr-libevent@0x5638c7e2ac10 size 128 Sep 21 07:25:29.913001: | libevent_malloc: new ptr-libevent@0x5638c7e2aca0 size 16 Sep 21 07:25:29.913007: | setup callback for interface eth0 192.0.22.254:4500 fd 22 Sep 21 07:25:29.913010: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2acc0 Sep 21 07:25:29.913013: | libevent_malloc: new ptr-libevent@0x5638c7e2ad00 size 128 Sep 21 07:25:29.913016: | libevent_malloc: new ptr-libevent@0x5638c7e2ad90 size 16 Sep 21 07:25:29.913022: | setup callback for interface eth0 192.0.22.254:500 fd 21 Sep 21 07:25:29.913026: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2adb0 Sep 21 07:25:29.913029: | libevent_malloc: new ptr-libevent@0x5638c7e2adf0 size 128 Sep 21 07:25:29.913033: | libevent_malloc: new ptr-libevent@0x5638c7e2ae80 size 16 Sep 21 07:25:29.913039: | setup callback for interface eth0 192.0.2.251:4500 fd 20 Sep 21 07:25:29.913042: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2aea0 Sep 21 07:25:29.913045: | libevent_malloc: new ptr-libevent@0x5638c7e2aee0 size 128 Sep 21 07:25:29.913049: | libevent_malloc: new ptr-libevent@0x5638c7e2af70 size 16 Sep 21 07:25:29.913055: | setup callback for interface eth0 192.0.2.251:500 fd 19 Sep 21 07:25:29.913059: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2af90 Sep 21 07:25:29.913065: | libevent_malloc: new ptr-libevent@0x5638c7e2afd0 size 128 Sep 21 07:25:29.913069: | libevent_malloc: new ptr-libevent@0x5638c7e2b060 size 16 Sep 21 07:25:29.913075: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:29.913078: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2b080 Sep 21 07:25:29.913082: | libevent_malloc: new ptr-libevent@0x5638c7e2b0c0 size 128 Sep 21 07:25:29.913085: | libevent_malloc: new ptr-libevent@0x5638c7e2b150 size 16 Sep 21 07:25:29.913090: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:29.913094: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:29.913096: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:29.913113: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:29.913126: | saving Modulus Sep 21 07:25:29.913129: | saving PublicExponent Sep 21 07:25:29.913131: | ignoring PrivateExponent Sep 21 07:25:29.913133: | ignoring Prime1 Sep 21 07:25:29.913134: | ignoring Prime2 Sep 21 07:25:29.913136: | ignoring Exponent1 Sep 21 07:25:29.913138: | ignoring Exponent2 Sep 21 07:25:29.913140: | ignoring Coefficient Sep 21 07:25:29.913142: | ignoring CKAIDNSS Sep 21 07:25:29.913173: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.913175: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:29.913178: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:29.913183: | certs and keys locked by 'process_secret' Sep 21 07:25:29.913185: | certs and keys unlocked by 'process_secret' Sep 21 07:25:29.913190: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:29.913197: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.913203: | spent 0.985 milliseconds in whack Sep 21 07:25:29.937087: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.937106: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.937110: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.937112: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.937114: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.937117: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.937124: | Added new connection north-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.937131: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:29.937153: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Sep 21 07:25:29.937156: | from whack: got --esp=aes128-sha2_512;modp3072 Sep 21 07:25:29.937167: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Sep 21 07:25:29.937171: | counting wild cards for @north is 0 Sep 21 07:25:29.937173: | counting wild cards for @east is 0 Sep 21 07:25:29.937182: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:25:29.937185: | new hp@0x5638c7df6660 Sep 21 07:25:29.937188: added connection description "north-eastnets/0x1" Sep 21 07:25:29.937198: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.937208: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Sep 21 07:25:29.937216: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.937223: | spent 0.141 milliseconds in whack Sep 21 07:25:29.937254: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.937262: add keyid @north Sep 21 07:25:29.937265: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:29.937267: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:29.937268: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:29.937270: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:29.937271: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:29.937273: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:29.937275: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:29.937277: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:29.937279: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:29.937280: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:29.937282: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:29.937283: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:29.937284: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:29.937286: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:29.937288: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:29.937290: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:29.937292: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:29.937293: | add pubkey c7 5e a5 99 Sep 21 07:25:29.937311: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.937313: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:29.937319: | keyid: *AQPl33O2P Sep 21 07:25:29.937321: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:29.937322: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:29.937324: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:29.937325: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:29.937327: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:29.937328: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:29.937330: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:29.937333: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:29.937334: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:29.937336: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:29.937337: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:29.937338: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:29.937343: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:29.937345: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:29.937346: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:29.937348: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:29.937349: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:29.937350: | n a5 99 Sep 21 07:25:29.937352: | e 03 Sep 21 07:25:29.937354: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.937356: | CKAID 88 aa 7c 5d Sep 21 07:25:29.937363: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.937367: | spent 0.116 milliseconds in whack Sep 21 07:25:29.937397: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.937404: add keyid @east Sep 21 07:25:29.937407: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:29.937409: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:29.937411: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:29.937413: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:29.937415: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:29.937417: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:29.937419: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:29.937420: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:29.937422: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:29.937424: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:29.937426: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:29.937428: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:29.937430: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:29.937432: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:29.937433: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:29.937435: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:29.937437: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:29.937439: | add pubkey 51 51 48 ef Sep 21 07:25:29.937448: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.937450: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:29.937454: | keyid: *AQO9bJbr3 Sep 21 07:25:29.937456: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:29.937457: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:29.937459: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:29.937460: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:29.937461: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:29.937463: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:29.937465: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:29.937467: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:29.937469: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:29.937470: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:29.937471: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:29.937473: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:29.937474: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:29.937476: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:29.937478: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:29.937480: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:29.937482: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:29.937485: | n 48 ef Sep 21 07:25:29.937487: | e 03 Sep 21 07:25:29.937489: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.937491: | CKAID 8a 82 25 f1 Sep 21 07:25:29.937497: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.937501: | spent 0.107 milliseconds in whack Sep 21 07:25:29.937529: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.937537: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.937539: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.937541: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.937542: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.937544: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.937548: | Added new connection north-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.937551: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:29.937563: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Sep 21 07:25:29.937565: | from whack: got --esp=aes128-sha2_512;modp3072 Sep 21 07:25:29.937574: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Sep 21 07:25:29.937577: | counting wild cards for @north is 0 Sep 21 07:25:29.937580: | counting wild cards for @east is 0 Sep 21 07:25:29.937584: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:29.937588: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x5638c7df6660: north-eastnets/0x1 Sep 21 07:25:29.937590: added connection description "north-eastnets/0x2" Sep 21 07:25:29.937595: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.937604: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Sep 21 07:25:29.937608: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.937612: | spent 0.0849 milliseconds in whack Sep 21 07:25:29.937654: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.937663: add keyid @north Sep 21 07:25:29.937667: | unreference key: 0x5638c7d848f0 @north cnt 1-- Sep 21 07:25:29.937671: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:29.937672: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:29.937673: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:29.937675: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:29.937676: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:29.937678: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:29.937680: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:29.937682: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:29.937684: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:29.937686: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:29.937688: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:29.937691: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:29.937693: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:29.937695: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:29.937697: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:29.937698: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:29.937701: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:29.937703: | add pubkey c7 5e a5 99 Sep 21 07:25:29.937710: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.937715: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:29.937717: | keyid: *AQPl33O2P Sep 21 07:25:29.937719: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:29.937720: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:29.937722: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:29.937723: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:29.937724: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:29.937726: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:29.937727: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:29.937728: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:29.937730: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:29.937731: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:29.937732: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:29.937734: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:29.937735: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:29.937737: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:29.937738: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:29.937739: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:29.937741: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:29.937742: | n a5 99 Sep 21 07:25:29.937743: | e 03 Sep 21 07:25:29.937745: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.937746: | CKAID 88 aa 7c 5d Sep 21 07:25:29.937752: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.937756: | spent 0.107 milliseconds in whack Sep 21 07:25:29.937780: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.937796: add keyid @east Sep 21 07:25:29.937803: | unreference key: 0x5638c7d88940 @east cnt 1-- Sep 21 07:25:29.937805: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:29.937807: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:29.937809: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:29.937811: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:29.937813: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:29.937815: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:29.937816: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:29.937818: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:29.937820: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:29.937822: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:29.937824: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:29.937826: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:29.937828: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:29.937830: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:29.937832: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:29.937834: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:29.937836: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:29.937838: | add pubkey 51 51 48 ef Sep 21 07:25:29.937846: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.937849: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:29.937852: | keyid: *AQO9bJbr3 Sep 21 07:25:29.937854: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:29.937857: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:29.937859: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:29.937864: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:29.937866: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:29.937868: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:29.937870: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:29.937872: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:29.937874: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:29.937876: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:29.937878: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:29.937880: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:29.937882: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:29.937884: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:29.937886: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:29.937888: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:29.937891: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:29.937892: | n 48 ef Sep 21 07:25:29.937894: | e 03 Sep 21 07:25:29.937896: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.937898: | CKAID 8a 82 25 f1 Sep 21 07:25:29.937906: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.937911: | spent 0.126 milliseconds in whack Sep 21 07:25:29.938533: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.938548: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:29.938553: listening for IKE messages Sep 21 07:25:29.938603: | Inspecting interface lo Sep 21 07:25:29.938608: | found lo with address 127.0.0.1 Sep 21 07:25:29.938610: | Inspecting interface eth0 Sep 21 07:25:29.938613: | found eth0 with address 192.0.2.254 Sep 21 07:25:29.938614: | Inspecting interface eth0 Sep 21 07:25:29.938616: | found eth0 with address 192.0.22.251 Sep 21 07:25:29.938618: | Inspecting interface eth0 Sep 21 07:25:29.938620: | found eth0 with address 192.0.22.254 Sep 21 07:25:29.938621: | Inspecting interface eth0 Sep 21 07:25:29.938624: | found eth0 with address 192.0.2.251 Sep 21 07:25:29.938625: | Inspecting interface eth1 Sep 21 07:25:29.938628: | found eth1 with address 192.1.2.23 Sep 21 07:25:29.938694: | no interfaces to sort Sep 21 07:25:29.938701: | libevent_free: release ptr-libevent@0x5638c7e29ff0 Sep 21 07:25:29.938703: | free_event_entry: release EVENT_NULL-pe@0x5638c7e29fb0 Sep 21 07:25:29.938705: | add_fd_read_event_handler: new ethX-pe@0x5638c7e29fb0 Sep 21 07:25:29.938707: | libevent_malloc: new ptr-libevent@0x5638c7e29ff0 size 128 Sep 21 07:25:29.938713: | setup callback for interface lo 127.0.0.1:4500 fd 28 Sep 21 07:25:29.938715: | libevent_free: release ptr-libevent@0x5638c7e2a0e0 Sep 21 07:25:29.938717: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2a0a0 Sep 21 07:25:29.938718: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a0a0 Sep 21 07:25:29.938720: | libevent_malloc: new ptr-libevent@0x5638c7e2a0e0 size 128 Sep 21 07:25:29.938723: | setup callback for interface lo 127.0.0.1:500 fd 27 Sep 21 07:25:29.938725: | libevent_free: release ptr-libevent@0x5638c7e2a1d0 Sep 21 07:25:29.938727: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2a190 Sep 21 07:25:29.938728: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a190 Sep 21 07:25:29.938730: | libevent_malloc: new ptr-libevent@0x5638c7e2a1d0 size 128 Sep 21 07:25:29.938733: | setup callback for interface eth0 192.0.2.254:4500 fd 26 Sep 21 07:25:29.938735: | libevent_free: release ptr-libevent@0x5638c7e2a2c0 Sep 21 07:25:29.938737: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2a280 Sep 21 07:25:29.938738: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a280 Sep 21 07:25:29.938739: | libevent_malloc: new ptr-libevent@0x5638c7e2a2c0 size 128 Sep 21 07:25:29.938742: | setup callback for interface eth0 192.0.2.254:500 fd 25 Sep 21 07:25:29.938748: | libevent_free: release ptr-libevent@0x5638c7e2aa70 Sep 21 07:25:29.938750: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2a370 Sep 21 07:25:29.938751: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2a370 Sep 21 07:25:29.938753: | libevent_malloc: new ptr-libevent@0x5638c7e2aa70 size 128 Sep 21 07:25:29.938756: | setup callback for interface eth0 192.0.22.251:4500 fd 24 Sep 21 07:25:29.938758: | libevent_free: release ptr-libevent@0x5638c7e2ab40 Sep 21 07:25:29.938759: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2ab00 Sep 21 07:25:29.938761: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2ab00 Sep 21 07:25:29.938762: | libevent_malloc: new ptr-libevent@0x5638c7e2ab40 size 128 Sep 21 07:25:29.938765: | setup callback for interface eth0 192.0.22.251:500 fd 23 Sep 21 07:25:29.938768: | libevent_free: release ptr-libevent@0x5638c7e2ac10 Sep 21 07:25:29.938769: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2abd0 Sep 21 07:25:29.938771: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2abd0 Sep 21 07:25:29.938772: | libevent_malloc: new ptr-libevent@0x5638c7e2ac10 size 128 Sep 21 07:25:29.938775: | setup callback for interface eth0 192.0.22.254:4500 fd 22 Sep 21 07:25:29.938777: | libevent_free: release ptr-libevent@0x5638c7e2ad00 Sep 21 07:25:29.938779: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2acc0 Sep 21 07:25:29.938780: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2acc0 Sep 21 07:25:29.938782: | libevent_malloc: new ptr-libevent@0x5638c7e2ad00 size 128 Sep 21 07:25:29.938793: | setup callback for interface eth0 192.0.22.254:500 fd 21 Sep 21 07:25:29.938798: | libevent_free: release ptr-libevent@0x5638c7e2adf0 Sep 21 07:25:29.938800: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2adb0 Sep 21 07:25:29.938801: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2adb0 Sep 21 07:25:29.938803: | libevent_malloc: new ptr-libevent@0x5638c7e2adf0 size 128 Sep 21 07:25:29.938806: | setup callback for interface eth0 192.0.2.251:4500 fd 20 Sep 21 07:25:29.938808: | libevent_free: release ptr-libevent@0x5638c7e2aee0 Sep 21 07:25:29.938809: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2aea0 Sep 21 07:25:29.938811: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2aea0 Sep 21 07:25:29.938812: | libevent_malloc: new ptr-libevent@0x5638c7e2aee0 size 128 Sep 21 07:25:29.938815: | setup callback for interface eth0 192.0.2.251:500 fd 19 Sep 21 07:25:29.938817: | libevent_free: release ptr-libevent@0x5638c7e2afd0 Sep 21 07:25:29.938819: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2af90 Sep 21 07:25:29.938820: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2af90 Sep 21 07:25:29.938822: | libevent_malloc: new ptr-libevent@0x5638c7e2afd0 size 128 Sep 21 07:25:29.938825: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:29.938828: | libevent_free: release ptr-libevent@0x5638c7e2b0c0 Sep 21 07:25:29.938829: | free_event_entry: release EVENT_NULL-pe@0x5638c7e2b080 Sep 21 07:25:29.938831: | add_fd_read_event_handler: new ethX-pe@0x5638c7e2b080 Sep 21 07:25:29.938832: | libevent_malloc: new ptr-libevent@0x5638c7e2b0c0 size 128 Sep 21 07:25:29.938835: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:29.938837: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:29.938838: forgetting secrets Sep 21 07:25:29.938843: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:29.938855: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:29.938866: | saving Modulus Sep 21 07:25:29.938869: | saving PublicExponent Sep 21 07:25:29.938873: | ignoring PrivateExponent Sep 21 07:25:29.938876: | ignoring Prime1 Sep 21 07:25:29.938880: | ignoring Prime2 Sep 21 07:25:29.938883: | ignoring Exponent1 Sep 21 07:25:29.938886: | ignoring Exponent2 Sep 21 07:25:29.938889: | ignoring Coefficient Sep 21 07:25:29.938892: | ignoring CKAIDNSS Sep 21 07:25:29.938907: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.938909: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:29.938918: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:29.938926: | certs and keys locked by 'process_secret' Sep 21 07:25:29.938929: | certs and keys unlocked by 'process_secret' Sep 21 07:25:29.938936: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:29.938942: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.938947: | spent 0.415 milliseconds in whack Sep 21 07:25:29.938992: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.939002: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.939006: | start processing: connection "north-eastnets/0x1" (in whack_route_connection() at rcv_whack.c:106) Sep 21 07:25:29.939008: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:25:29.939010: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.939012: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.939013: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.939015: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.939017: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.939021: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:29.939023: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:29.939025: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.939026: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.939028: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.939030: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.939031: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.939033: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:29.939035: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Sep 21 07:25:29.939039: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:25:29.939043: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:25:29.939045: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.939051: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.939095: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.939100: | route_and_eroute: firewall_notified: true Sep 21 07:25:29.939105: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:29.939108: | command executing prepare-client Sep 21 07:25:29.939141: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:29.939145: | popen cmd is 1030 chars long Sep 21 07:25:29.939150: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:25:29.939156: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' P: Sep 21 07:25:29.939164: | cmd( 160):LUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0: Sep 21 07:25:29.939168: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:29.939171: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID: Sep 21 07:25:29.939174: | cmd( 400):='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLU: Sep 21 07:25:29.939178: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:25:29.939181: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASI: Sep 21 07:25:29.939184: | cmd( 640):G+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_K: Sep 21 07:25:29.939187: | cmd( 720):IND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CIS: Sep 21 07:25:29.939190: | cmd( 800):CO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLU: Sep 21 07:25:29.939194: | cmd( 880):TO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_: Sep 21 07:25:29.939197: | cmd( 960):ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:29.951564: | running updown command "ipsec _updown" for verb route Sep 21 07:25:29.951578: | command executing route-client Sep 21 07:25:29.951612: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN Sep 21 07:25:29.951617: | popen cmd is 1028 chars long Sep 21 07:25:29.951620: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Sep 21 07:25:29.951623: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLU: Sep 21 07:25:29.951626: | cmd( 160):TO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' : Sep 21 07:25:29.951629: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:29.951631: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID=': Sep 21 07:25:29.951635: | cmd( 400):@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO: Sep 21 07:25:29.951638: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:29.951640: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:29.951643: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:25:29.951645: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:25:29.951648: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:25:29.951651: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:25:29.951654: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:29.963966: | stop processing: connection "north-eastnets/0x1" (in whack_route_connection() at rcv_whack.c:116) Sep 21 07:25:29.963987: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.963996: | spent 0.488 milliseconds in whack Sep 21 07:25:29.964009: | kernel_process_msg_cb process netlink message Sep 21 07:25:29.964016: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:29.964018: | xfrm netlink msg len 376 Sep 21 07:25:29.964021: | xfrm acquire rtattribute type 5 Sep 21 07:25:29.964023: | xfrm acquire rtattribute type 16 Sep 21 07:25:29.964036: | add bare shunt 0x5638c7e2c1e0 192.0.2.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.964042: initiate on demand from 192.0.2.254:8 to 192.0.3.254:0 proto=1 because: acquire Sep 21 07:25:29.964048: | find_connection: looking for policy for connection: 192.0.2.254:1/8 -> 192.0.3.254:1/0 Sep 21 07:25:29.964050: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:29.964056: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.2.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Sep 21 07:25:29.964059: | find_connection: first OK "north-eastnets/0x1" [pri:25214986]{0x5638c7e2b1d0} (child none) Sep 21 07:25:29.964062: | find_connection: concluding with "north-eastnets/0x1" [pri:25214986]{0x5638c7e2b1d0} kind=CK_PERMANENT Sep 21 07:25:29.964065: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:29.964068: | assign_holdpass() need broad(er) shunt Sep 21 07:25:29.964070: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.964077: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:29.964080: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:29.964082: | raw_eroute result=success Sep 21 07:25:29.964084: | assign_holdpass() eroute_connection() done Sep 21 07:25:29.964086: | fiddle_bare_shunt called Sep 21 07:25:29.964088: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:29.964091: | removing specific host-to-host bare shunt Sep 21 07:25:29.964096: | delete narrow %hold eroute 192.0.2.254/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Sep 21 07:25:29.964098: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:29.964114: | raw_eroute result=success Sep 21 07:25:29.964117: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:29.964123: | delete bare shunt 0x5638c7e2c1e0 192.0.2.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.964125: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:29.964128: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:29.964130: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:29.964149: | creating state object #1 at 0x5638c7e2c9d0 Sep 21 07:25:29.964152: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:29.964160: | pstats #1 ikev2.ike started Sep 21 07:25:29.964163: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:29.964166: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:29.964172: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:29.964180: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:29.964183: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:29.964188: | Queuing pending IPsec SA negotiating with 192.1.3.33 "north-eastnets/0x1" IKE SA #1 "north-eastnets/0x1" Sep 21 07:25:29.964191: "north-eastnets/0x1" #1: initiating v2 parent SA Sep 21 07:25:29.964194: | constructing local IKE proposals for north-eastnets/0x1 (IKE SA initiator selecting KE) Sep 21 07:25:29.964199: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Sep 21 07:25:29.964210: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:29.964215: "north-eastnets/0x1": constructed local IKE proposals for north-eastnets/0x1 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:29.964221: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:29.964224: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5638c7e2c180 Sep 21 07:25:29.964228: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:29.964232: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:29.964243: | #1 spent 0.202 milliseconds in ikev2_parent_outI1() Sep 21 07:25:29.964248: | RESET processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:29.964250: | crypto helper 0 resuming Sep 21 07:25:29.964252: | initiate on demand using RSASIG from 192.0.2.254 to 192.0.3.254 Sep 21 07:25:29.964264: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:25:29.964272: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:29.964275: | xfrm netlink msg len 376 Sep 21 07:25:29.964279: | xfrm acquire rtattribute type 5 Sep 21 07:25:29.964284: | xfrm acquire rtattribute type 16 Sep 21 07:25:29.964276: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:29.964293: | add bare shunt 0x5638c7e2c1e0 192.0.2.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.964299: initiate on demand from 192.0.2.251:8 to 192.0.3.254:0 proto=1 because: acquire Sep 21 07:25:29.964303: | find_connection: looking for policy for connection: 192.0.2.251:1/8 -> 192.0.3.254:1/0 Sep 21 07:25:29.964306: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:29.964311: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.2.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Sep 21 07:25:29.964314: | find_connection: first OK "north-eastnets/0x1" [pri:25214986]{0x5638c7e2b1d0} (child none) Sep 21 07:25:29.964317: | find_connection: concluding with "north-eastnets/0x1" [pri:25214986]{0x5638c7e2b1d0} kind=CK_PERMANENT Sep 21 07:25:29.964320: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:29.964322: | assign_holdpass() need broad(er) shunt Sep 21 07:25:29.964325: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.964330: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:29.964333: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:29.964335: | raw_eroute result=success Sep 21 07:25:29.964337: | assign_holdpass() eroute_connection() done Sep 21 07:25:29.964340: | fiddle_bare_shunt called Sep 21 07:25:29.964342: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:29.964344: | removing specific host-to-host bare shunt Sep 21 07:25:29.964349: | delete narrow %hold eroute 192.0.2.251/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Sep 21 07:25:29.964352: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:29.964359: | raw_eroute result=success Sep 21 07:25:29.964362: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:29.964368: | delete bare shunt 0x5638c7e2c1e0 192.0.2.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.964370: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:29.964372: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:29.964375: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:29.964379: | Ignored already queued up pending IPsec SA negotiation with 192.1.3.33 "north-eastnets/0x1" Sep 21 07:25:29.964384: | initiate on demand using RSASIG from 192.0.2.251 to 192.0.3.254 Sep 21 07:25:29.964389: | spent 0.37 milliseconds in kernel message Sep 21 07:25:29.964396: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.964403: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:29.964407: | spent 0.00493 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.964410: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.964413: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:29.964416: | spent 0.00356 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.964428: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.964438: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.964441: | start processing: connection "north-eastnets/0x2" (in whack_route_connection() at rcv_whack.c:106) Sep 21 07:25:29.964444: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:25:29.964447: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.964450: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.964452: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.964455: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.964457: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.964462: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted; eroute owner: NULL Sep 21 07:25:29.964465: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:29.964467: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.964469: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.964472: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.964474: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.964477: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.964481: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted; eroute owner: NULL Sep 21 07:25:29.964484: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x5638c7e2b320} and state: #0 Sep 21 07:25:29.964490: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:25:29.964495: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:25:29.964498: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.964500: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.964547: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.964551: | route_and_eroute: firewall_notified: true Sep 21 07:25:29.964555: | stop processing: connection "north-eastnets/0x2" (in whack_route_connection() at rcv_whack.c:116) Sep 21 07:25:29.964562: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.964567: | spent 0.115 milliseconds in whack Sep 21 07:25:29.965299: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001023 seconds Sep 21 07:25:29.965313: | (#1) spent 1.02 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:29.965316: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:29.965320: | scheduling resume sending helper answer for #1 Sep 21 07:25:29.965323: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:29.965329: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:29.965377: | kernel_process_msg_cb process netlink message Sep 21 07:25:29.965386: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:29.965388: | xfrm netlink msg len 376 Sep 21 07:25:29.965390: | xfrm acquire rtattribute type 5 Sep 21 07:25:29.965393: | xfrm acquire rtattribute type 16 Sep 21 07:25:29.965401: | add bare shunt 0x5638c7e2c1e0 192.0.22.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.965407: initiate on demand from 192.0.22.254:8 to 192.0.3.254:0 proto=1 because: acquire Sep 21 07:25:29.965415: | find_connection: looking for policy for connection: 192.0.22.254:1/8 -> 192.0.3.254:1/0 Sep 21 07:25:29.965418: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:29.965424: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.22.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Sep 21 07:25:29.965427: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x5638c7e2c420} (child none) Sep 21 07:25:29.965430: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x5638c7e2c420} kind=CK_PERMANENT Sep 21 07:25:29.965433: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:29.965435: | assign_holdpass() need broad(er) shunt Sep 21 07:25:29.965438: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.965444: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:29.965446: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:29.965448: | raw_eroute result=success Sep 21 07:25:29.965451: | assign_holdpass() eroute_connection() done Sep 21 07:25:29.965453: | fiddle_bare_shunt called Sep 21 07:25:29.965455: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:29.965458: | removing specific host-to-host bare shunt Sep 21 07:25:29.965463: | delete narrow %hold eroute 192.0.22.254/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Sep 21 07:25:29.965465: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:29.965473: | raw_eroute result=success Sep 21 07:25:29.965477: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:29.965482: | delete bare shunt 0x5638c7e2c1e0 192.0.22.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.965485: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:29.965487: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:29.965489: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:29.965494: | Queuing pending IPsec SA negotiating with 192.1.3.33 "north-eastnets/0x2" IKE SA #1 "north-eastnets/0x1" Sep 21 07:25:29.965499: | initiate on demand using RSASIG from 192.0.22.254 to 192.0.3.254 Sep 21 07:25:29.965505: | spent 0.12 milliseconds in kernel message Sep 21 07:25:29.965508: | processing resume sending helper answer for #1 Sep 21 07:25:29.965514: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.965517: | crypto helper 0 replies to request ID 1 Sep 21 07:25:29.965519: | calling continuation function 0x5638c7c18630 Sep 21 07:25:29.965522: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:29.965552: | **emit ISAKMP Message: Sep 21 07:25:29.965555: | initiator cookie: Sep 21 07:25:29.965557: | 9d 91 9d fa f9 54 ba 26 Sep 21 07:25:29.965560: | responder cookie: Sep 21 07:25:29.965562: | 00 00 00 00 00 00 00 00 Sep 21 07:25:29.965565: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:29.965567: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.965570: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:29.965573: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:29.965575: | Message ID: 0 (0x0) Sep 21 07:25:29.965578: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:29.965584: | using existing local IKE proposals for connection north-eastnets/0x1 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:29.965587: | Emitting ikev2_proposals ... Sep 21 07:25:29.965590: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:29.965592: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.965595: | flags: none (0x0) Sep 21 07:25:29.965598: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:29.965602: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.965606: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.965608: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.965610: | prop #: 1 (0x1) Sep 21 07:25:29.965613: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:29.965615: | spi size: 0 (0x0) Sep 21 07:25:29.965617: | # transforms: 4 (0x4) Sep 21 07:25:29.965620: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:29.965623: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.965625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.965628: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.965630: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.965633: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.965636: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.965639: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.965641: | length/value: 256 (0x100) Sep 21 07:25:29.965644: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:29.965646: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.965649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.965651: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:29.965653: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:29.965656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.965659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.965662: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.965664: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.965667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.965669: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.965672: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:29.965674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.965677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.965680: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.965682: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.965684: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.965687: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.965689: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:29.965692: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.965695: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.965697: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.965700: | emitting length of IKEv2 Proposal Substructure Payload: 44 Sep 21 07:25:29.965702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:29.965705: | emitting length of IKEv2 Security Association Payload: 48 Sep 21 07:25:29.965708: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:29.965710: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:29.965713: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.965716: | flags: none (0x0) Sep 21 07:25:29.965719: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:29.965722: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:29.965725: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.965728: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:29.965730: | ikev2 g^x b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e b7 a7 87 61 Sep 21 07:25:29.965733: | ikev2 g^x 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 41 97 b0 6a Sep 21 07:25:29.965735: | ikev2 g^x 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 d5 c6 8c 35 Sep 21 07:25:29.965737: | ikev2 g^x 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 2b 89 27 7b Sep 21 07:25:29.965740: | ikev2 g^x 50 0f e9 ab 94 ac e8 be 7c f2 34 93 a4 9a fa 52 Sep 21 07:25:29.965742: | ikev2 g^x c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 82 c8 bf 72 Sep 21 07:25:29.965744: | ikev2 g^x f6 5e 83 ea ff 5b 63 59 06 3d da cf 14 fd ea a6 Sep 21 07:25:29.965746: | ikev2 g^x a7 60 76 92 db ad 3b f3 f7 52 51 af 09 8e ee ea Sep 21 07:25:29.965749: | ikev2 g^x 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 1d 83 dd 58 Sep 21 07:25:29.965751: | ikev2 g^x d7 20 69 52 ff 17 d8 23 6a 11 0c 53 3b bf 8b 71 Sep 21 07:25:29.965753: | ikev2 g^x 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 dd 00 cf a5 Sep 21 07:25:29.965756: | ikev2 g^x fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 74 94 9a b9 Sep 21 07:25:29.965758: | ikev2 g^x ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f 16 a5 09 fe Sep 21 07:25:29.965760: | ikev2 g^x 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 bb cb d4 19 Sep 21 07:25:29.965762: | ikev2 g^x de 1c 8a d9 49 94 69 21 52 d1 38 36 c8 35 44 14 Sep 21 07:25:29.965765: | ikev2 g^x 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 ee f2 12 24 Sep 21 07:25:29.965767: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:29.965770: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:29.965772: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:29.965774: | flags: none (0x0) Sep 21 07:25:29.965777: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:29.965780: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.965788: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.965795: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:29.965797: | IKEv2 nonce 74 05 61 81 dc bd 84 fa 52 ee 30 69 fd ea 0a c4 Sep 21 07:25:29.965800: | IKEv2 nonce e2 c1 a1 73 c5 d1 87 9d ca 3d f7 3c d2 d1 da b8 Sep 21 07:25:29.965802: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:29.965804: | Adding a v2N Payload Sep 21 07:25:29.965807: | ***emit IKEv2 Notify Payload: Sep 21 07:25:29.965809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.965811: | flags: none (0x0) Sep 21 07:25:29.965814: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.965816: | SPI size: 0 (0x0) Sep 21 07:25:29.965819: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:29.965822: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:29.965825: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.965827: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:29.965830: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:29.965832: | natd_hash: rcookie is zero Sep 21 07:25:29.965844: | natd_hash: hasher=0x5638c7cee7a0(20) Sep 21 07:25:29.965847: | natd_hash: icookie= 9d 91 9d fa f9 54 ba 26 Sep 21 07:25:29.965849: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:29.965854: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:29.965856: | natd_hash: port= 01 f4 Sep 21 07:25:29.965858: | natd_hash: hash= 3e df 46 35 8f 49 a7 7a 94 c9 ef 75 d8 a4 b3 1d Sep 21 07:25:29.965860: | natd_hash: hash= 08 4e 7c 6c Sep 21 07:25:29.965863: | Adding a v2N Payload Sep 21 07:25:29.965865: | ***emit IKEv2 Notify Payload: Sep 21 07:25:29.965867: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.965870: | flags: none (0x0) Sep 21 07:25:29.965872: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.965874: | SPI size: 0 (0x0) Sep 21 07:25:29.965877: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:29.965880: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:29.965882: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.965885: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:29.965888: | Notify data 3e df 46 35 8f 49 a7 7a 94 c9 ef 75 d8 a4 b3 1d Sep 21 07:25:29.965890: | Notify data 08 4e 7c 6c Sep 21 07:25:29.965892: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:29.965894: | natd_hash: rcookie is zero Sep 21 07:25:29.965900: | natd_hash: hasher=0x5638c7cee7a0(20) Sep 21 07:25:29.965903: | natd_hash: icookie= 9d 91 9d fa f9 54 ba 26 Sep 21 07:25:29.965905: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:29.965907: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:29.965909: | natd_hash: port= 01 f4 Sep 21 07:25:29.965911: | natd_hash: hash= 6b 94 d3 45 bf 71 dd ea 03 80 23 9a b4 20 03 aa Sep 21 07:25:29.965914: | natd_hash: hash= 2d e9 35 f3 Sep 21 07:25:29.965916: | Adding a v2N Payload Sep 21 07:25:29.965918: | ***emit IKEv2 Notify Payload: Sep 21 07:25:29.965920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.965923: | flags: none (0x0) Sep 21 07:25:29.965925: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.965927: | SPI size: 0 (0x0) Sep 21 07:25:29.965930: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:29.965933: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:29.965935: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.965938: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:29.965941: | Notify data 6b 94 d3 45 bf 71 dd ea 03 80 23 9a b4 20 03 aa Sep 21 07:25:29.965943: | Notify data 2d e9 35 f3 Sep 21 07:25:29.965945: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:29.965948: | emitting length of ISAKMP Message: 440 Sep 21 07:25:29.965954: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:29.965964: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.965967: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:29.965970: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:29.965974: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:29.965977: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:29.965980: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:29.965985: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:29.965988: "north-eastnets/0x1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:29.965993: | sending V2 reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:29.966004: | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:29.966008: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:29.966010: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:29.966012: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:29.966014: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:29.966017: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:29.966019: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:29.966021: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:29.966023: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:29.966026: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:29.966028: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:29.966030: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:29.966032: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:29.966035: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:29.966037: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:29.966039: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:29.966041: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:29.966044: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:29.966046: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:29.966048: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:29.966050: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:29.966053: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:29.966055: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:29.966057: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:29.966059: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:29.966062: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:29.966064: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:29.966066: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:29.966068: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:29.966110: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.966115: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:29.966118: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5638c7e2c180 Sep 21 07:25:29.966121: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Sep 21 07:25:29.966124: | event_schedule: new EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:29.966128: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Sep 21 07:25:29.966131: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:29.966136: | #1 STATE_PARENT_I1: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.334388 Sep 21 07:25:29.966139: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:29.966144: | #1 spent 0.597 milliseconds in resume sending helper answer Sep 21 07:25:29.966148: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.966151: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:29.966159: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.966166: | waitpid returned pid 8609 (exited with status 0) Sep 21 07:25:29.966169: | reaped addconn helper child (status 0) Sep 21 07:25:29.966172: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.966176: | spent 0.013 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.970838: | kernel_process_msg_cb process netlink message Sep 21 07:25:29.970857: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:29.970860: | xfrm netlink msg len 376 Sep 21 07:25:29.970862: | xfrm acquire rtattribute type 5 Sep 21 07:25:29.970865: | xfrm acquire rtattribute type 16 Sep 21 07:25:29.970875: | add bare shunt 0x5638c7e2c1e0 192.0.22.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.970885: initiate on demand from 192.0.22.251:8 to 192.0.3.254:0 proto=1 because: acquire Sep 21 07:25:29.970891: | find_connection: looking for policy for connection: 192.0.22.251:1/8 -> 192.0.3.254:1/0 Sep 21 07:25:29.970894: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:29.970900: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.22.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Sep 21 07:25:29.970903: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x5638c7e2c420} (child none) Sep 21 07:25:29.970906: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x5638c7e2c420} kind=CK_PERMANENT Sep 21 07:25:29.970910: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:29.970912: | assign_holdpass() need broad(er) shunt Sep 21 07:25:29.970915: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.970921: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:29.970924: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:29.970927: | raw_eroute result=success Sep 21 07:25:29.970929: | assign_holdpass() eroute_connection() done Sep 21 07:25:29.970931: | fiddle_bare_shunt called Sep 21 07:25:29.970934: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:29.970936: | removing specific host-to-host bare shunt Sep 21 07:25:29.970942: | delete narrow %hold eroute 192.0.22.251/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Sep 21 07:25:29.970944: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:29.970956: | raw_eroute result=success Sep 21 07:25:29.970959: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:29.970965: | delete bare shunt 0x5638c7e2c1e0 192.0.22.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:29.970968: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:29.970970: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:29.970973: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:29.970978: | Ignored already queued up pending IPsec SA negotiation with 192.1.3.33 "north-eastnets/0x2" Sep 21 07:25:29.970982: | initiate on demand using RSASIG from 192.0.22.251 to 192.0.3.254 Sep 21 07:25:29.970989: | spent 0.134 milliseconds in kernel message Sep 21 07:25:29.973034: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.973257: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:29.973262: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:29.973372: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:29.973376: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:29.973397: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.973403: | spent 0.376 milliseconds in whack Sep 21 07:25:30.016537: | timer_event_cb: processing event@0x5638c7e2c180 Sep 21 07:25:30.016554: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:30.016564: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:30.016568: | IKEv2 retransmit event Sep 21 07:25:30.016574: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:30.016578: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:30.016583: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Sep 21 07:25:30.016590: | retransmits: current time 49376.384851; retransmit count 0 exceeds limit? NO; deltatime 0.05 exceeds limit? NO; monotime 0.050463 exceeds limit? NO Sep 21 07:25:30.016594: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:30.016602: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Sep 21 07:25:30.016606: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:30.016611: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.05 seconds for response Sep 21 07:25:30.016621: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:30.016624: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:30.016627: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:30.016629: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:30.016632: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.016634: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:30.016637: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:30.016639: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:30.016642: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:30.016644: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:30.016647: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:30.016649: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:30.016652: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:30.016654: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:30.016657: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:30.016659: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:30.016662: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:30.016664: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:30.016667: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:30.016669: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:30.016672: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:30.016674: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:30.016677: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:30.016679: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:30.016682: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:30.016684: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:30.016687: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:30.016689: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:30.016692: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:30.016741: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:30.016746: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:30.016754: | #1 spent 0.194 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:30.016759: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:30.066802: | timer_event_cb: processing event@0x7f9c4c002b20 Sep 21 07:25:30.066815: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:30.066822: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:30.066826: | IKEv2 retransmit event Sep 21 07:25:30.066831: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:30.066835: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:30.066839: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 2 Sep 21 07:25:30.066846: | retransmits: current time 49376.435108; retransmit count 1 exceeds limit? NO; deltatime 0.1 exceeds limit? NO; monotime 0.10072 exceeds limit? NO Sep 21 07:25:30.066850: | event_schedule: new EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:30.066853: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #1 Sep 21 07:25:30.066856: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:30.066863: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.1 seconds for response Sep 21 07:25:30.066870: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:30.066872: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:30.066874: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:30.066877: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:30.066879: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.066881: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:30.066884: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:30.066886: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:30.066888: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:30.066890: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:30.066893: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:30.066895: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:30.066897: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:30.066899: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:30.066901: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:30.066904: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:30.066906: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:30.066908: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:30.066910: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:30.066913: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:30.066915: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:30.066917: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:30.066919: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:30.066922: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:30.066924: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:30.066926: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:30.066928: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:30.066931: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:30.066933: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:30.066976: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:30.066980: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:30.066987: | #1 spent 0.161 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:30.066992: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:30.168182: | timer_event_cb: processing event@0x5638c7e2c180 Sep 21 07:25:30.168197: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:30.168206: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:30.168211: | IKEv2 retransmit event Sep 21 07:25:30.168216: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:30.168220: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:30.168224: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 3 Sep 21 07:25:30.168232: | retransmits: current time 49376.536492; retransmit count 2 exceeds limit? NO; deltatime 0.2 exceeds limit? NO; monotime 0.202104 exceeds limit? NO Sep 21 07:25:30.168236: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:30.168240: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #1 Sep 21 07:25:30.168243: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:30.168249: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.2 seconds for response Sep 21 07:25:30.168259: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:30.168262: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:30.168264: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:30.168266: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:30.168269: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.168271: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:30.168273: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:30.168275: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:30.168277: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:30.168280: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:30.168282: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:30.168284: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:30.168286: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:30.168288: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:30.168291: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:30.168293: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:30.168295: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:30.168297: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:30.168299: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:30.168301: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:30.168303: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:30.168306: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:30.168308: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:30.168310: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:30.168312: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:30.168314: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:30.168316: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:30.168319: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:30.168321: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:30.168371: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:30.168376: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:30.168384: | #1 spent 0.178 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:30.168389: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:30.369729: | timer_event_cb: processing event@0x7f9c4c002b20 Sep 21 07:25:30.369741: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:30.369747: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:30.369749: | IKEv2 retransmit event Sep 21 07:25:30.369752: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:30.369755: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:30.369758: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 4 Sep 21 07:25:30.369762: | retransmits: current time 49376.738025; retransmit count 3 exceeds limit? NO; deltatime 0.4 exceeds limit? NO; monotime 0.403637 exceeds limit? NO Sep 21 07:25:30.369765: | event_schedule: new EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:30.369767: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #1 Sep 21 07:25:30.369770: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:30.369773: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.4 seconds for response Sep 21 07:25:30.369777: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:30.369782: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:30.369790: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:30.369791: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:30.369793: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.369794: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:30.369795: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:30.369797: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:30.369798: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:30.369800: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:30.369801: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:30.369802: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:30.369804: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:30.369805: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:30.369806: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:30.369808: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:30.369809: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:30.369811: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:30.369812: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:30.369813: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:30.369815: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:30.369816: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:30.369817: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:30.369819: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:30.369820: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:30.369821: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:30.369823: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:30.369824: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:30.369826: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:30.369859: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:30.369862: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:30.369867: | #1 spent 0.119 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:30.369870: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:30.770321: | timer_event_cb: processing event@0x5638c7e2c180 Sep 21 07:25:30.770338: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:30.770349: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:30.770353: | IKEv2 retransmit event Sep 21 07:25:30.770358: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:30.770361: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:30.770363: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 5 Sep 21 07:25:30.770368: | retransmits: current time 49377.13863; retransmit count 4 exceeds limit? NO; deltatime 0.8 exceeds limit? NO; monotime 0.804242 exceeds limit? NO Sep 21 07:25:30.770370: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:30.770373: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #1 Sep 21 07:25:30.770375: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:30.770379: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.8 seconds for response Sep 21 07:25:30.770383: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:30.770385: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:30.770389: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:30.770390: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:30.770391: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.770393: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:30.770394: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:30.770395: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:30.770397: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:30.770398: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:30.770399: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:30.770401: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:30.770402: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:30.770404: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:30.770405: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:30.770406: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:30.770408: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:30.770409: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:30.770410: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:30.770412: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:30.770413: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:30.770414: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:30.770416: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:30.770417: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:30.770418: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:30.770420: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:30.770421: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:30.770422: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:30.770424: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:30.770459: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:30.770462: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:30.770467: | #1 spent 0.128 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:30.770470: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:31.570802: | timer_event_cb: processing event@0x7f9c4c002b20 Sep 21 07:25:31.570817: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:31.570824: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:31.570827: | IKEv2 retransmit event Sep 21 07:25:31.570830: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:31.570833: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:31.570835: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 6 Sep 21 07:25:31.570840: | retransmits: current time 49377.939103; retransmit count 5 exceeds limit? NO; deltatime 1.6 exceeds limit? NO; monotime 1.604715 exceeds limit? NO Sep 21 07:25:31.570843: | event_schedule: new EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:31.570845: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #1 Sep 21 07:25:31.570848: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:31.570851: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 1.6 seconds for response Sep 21 07:25:31.570856: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:31.570858: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:31.570859: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:31.570860: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:31.570865: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:31.570866: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:31.570868: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:31.570869: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:31.570871: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:31.570872: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:31.570873: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:31.570875: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:31.570876: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:31.570877: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:31.570879: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:31.570880: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:31.570881: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:31.570883: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:31.570884: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:31.570886: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:31.570887: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:31.570888: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:31.570890: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:31.570891: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:31.570892: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:31.570894: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:31.570895: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:31.570897: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:31.570898: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:31.570936: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:31.570939: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:31.570944: | #1 spent 0.122 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:31.570947: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:33.171803: | timer_event_cb: processing event@0x5638c7e2c180 Sep 21 07:25:33.171816: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:33.171823: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:33.171826: | IKEv2 retransmit event Sep 21 07:25:33.171829: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:33.171832: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:33.171834: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 7 Sep 21 07:25:33.171839: | retransmits: current time 49379.540101; retransmit count 6 exceeds limit? NO; deltatime 3.2 exceeds limit? NO; monotime 3.205713 exceeds limit? NO Sep 21 07:25:33.171842: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:33.171844: | inserting event EVENT_RETRANSMIT, timeout in 3.2 seconds for #1 Sep 21 07:25:33.171846: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:33.171850: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 3.2 seconds for response Sep 21 07:25:33.171855: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:33.171856: | 9d 91 9d fa f9 54 ba 26 00 00 00 00 00 00 00 00 Sep 21 07:25:33.171858: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:33.171859: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:33.171861: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:33.171865: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:33.171866: | 00 0e 00 00 b7 aa fe 29 b0 36 32 de 2b 7d 8e 9e Sep 21 07:25:33.171868: | b7 a7 87 61 79 d5 2a 3f 93 27 2f 22 3f 48 2b 48 Sep 21 07:25:33.171869: | 41 97 b0 6a 0d 98 6f a7 37 5c 52 87 98 e4 6e f0 Sep 21 07:25:33.171871: | d5 c6 8c 35 1e df 83 67 e6 dc ee 1a 6a ca 3c c7 Sep 21 07:25:33.171872: | 2b 89 27 7b 50 0f e9 ab 94 ac e8 be 7c f2 34 93 Sep 21 07:25:33.171873: | a4 9a fa 52 c7 55 4e 18 9a ea 35 c6 63 0a 6b 19 Sep 21 07:25:33.171875: | 82 c8 bf 72 f6 5e 83 ea ff 5b 63 59 06 3d da cf Sep 21 07:25:33.171876: | 14 fd ea a6 a7 60 76 92 db ad 3b f3 f7 52 51 af Sep 21 07:25:33.171877: | 09 8e ee ea 5d c1 1d 05 f6 91 27 a6 89 84 04 a2 Sep 21 07:25:33.171879: | 1d 83 dd 58 d7 20 69 52 ff 17 d8 23 6a 11 0c 53 Sep 21 07:25:33.171880: | 3b bf 8b 71 1a 3f 66 e5 f3 1f 81 5b 5f 67 b1 43 Sep 21 07:25:33.171881: | dd 00 cf a5 fb ef ea 6c ab 8d 3f 8c 90 6a f7 b9 Sep 21 07:25:33.171883: | 74 94 9a b9 ef ef 2d 9a c3 55 c6 bb 1b 00 f1 6f Sep 21 07:25:33.171884: | 16 a5 09 fe 83 d9 0f 86 82 2c 25 4a 94 4d b6 82 Sep 21 07:25:33.171886: | bb cb d4 19 de 1c 8a d9 49 94 69 21 52 d1 38 36 Sep 21 07:25:33.171887: | c8 35 44 14 9e cc ef 32 b2 37 68 e8 aa 0b 24 c7 Sep 21 07:25:33.171888: | ee f2 12 24 29 00 00 24 74 05 61 81 dc bd 84 fa Sep 21 07:25:33.171890: | 52 ee 30 69 fd ea 0a c4 e2 c1 a1 73 c5 d1 87 9d Sep 21 07:25:33.171891: | ca 3d f7 3c d2 d1 da b8 29 00 00 08 00 00 40 2e Sep 21 07:25:33.171892: | 29 00 00 1c 00 00 40 04 3e df 46 35 8f 49 a7 7a Sep 21 07:25:33.171894: | 94 c9 ef 75 d8 a4 b3 1d 08 4e 7c 6c 00 00 00 1c Sep 21 07:25:33.171895: | 00 00 40 05 6b 94 d3 45 bf 71 dd ea 03 80 23 9a Sep 21 07:25:33.171896: | b4 20 03 aa 2d e9 35 f3 Sep 21 07:25:33.171932: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:33.171935: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5638c7e2c180 Sep 21 07:25:33.171941: | #1 spent 0.119 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:33.171944: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:34.573079: | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:34.573100: | *received 440 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:34.573104: | 87 ec 50 e3 56 d0 d9 73 00 00 00 00 00 00 00 00 Sep 21 07:25:34.573106: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:34.573108: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:34.573110: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:34.573112: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:34.573114: | 00 0e 00 00 a8 87 4a 8a 1e 83 b7 e7 e7 46 d1 09 Sep 21 07:25:34.573116: | 5a 10 7f 67 cd 6f 8b 41 5f 0a b6 f9 cb e7 7b b4 Sep 21 07:25:34.573118: | 5b 90 cd 17 3c ff 05 dc f0 3c 3f 02 2c 99 4b 6c Sep 21 07:25:34.573119: | d4 50 01 94 a8 cf a6 a6 71 39 de 91 5e 9f c2 8f Sep 21 07:25:34.573120: | 94 b5 ae 61 a1 46 02 fb 90 e8 ee c7 b1 f5 63 a9 Sep 21 07:25:34.573122: | e4 15 f3 d5 ee 1d 64 74 d7 86 65 a9 af c4 0c 6e Sep 21 07:25:34.573123: | 45 5f de 4d d9 fa 07 48 5f 7b 7e d6 15 01 61 02 Sep 21 07:25:34.573124: | cd 9c 21 b6 17 f3 67 01 31 8c cb 03 31 c0 79 db Sep 21 07:25:34.573126: | e3 a5 52 4e 7f 6a f1 6e f9 6b 92 09 99 58 54 54 Sep 21 07:25:34.573127: | 43 8d ce 81 b7 20 62 15 9d 8e 34 88 27 6e 4e 3d Sep 21 07:25:34.573128: | 3e b5 a4 46 35 ff ef 41 df d3 02 2d fa a4 77 9b Sep 21 07:25:34.573130: | b5 7f b1 a1 e9 e2 14 12 a6 48 1b b1 91 79 c1 d5 Sep 21 07:25:34.573131: | fb e7 c9 12 20 b0 9d 15 d5 ea 0f 62 89 bf e6 f8 Sep 21 07:25:34.573132: | 6a 5c e2 15 fa 64 4b e2 06 d3 12 1f fe 0a b5 8f Sep 21 07:25:34.573134: | b7 67 f4 b4 76 f1 bd 7b 7b d6 11 8b 95 de 2f 74 Sep 21 07:25:34.573135: | 2c 46 09 10 94 04 71 d2 56 60 82 c4 5c 81 ff 05 Sep 21 07:25:34.573139: | 47 76 e6 bc 29 00 00 24 af 14 97 22 97 04 26 fe Sep 21 07:25:34.573140: | 49 dd 55 90 da 18 75 62 b8 26 7e c4 89 0e 06 91 Sep 21 07:25:34.573141: | 09 0e 79 ba 43 0f 5e 49 29 00 00 08 00 00 40 2e Sep 21 07:25:34.573143: | 29 00 00 1c 00 00 40 04 d2 6d 0e 7f 00 bd 05 44 Sep 21 07:25:34.573144: | 77 5a 93 b6 20 1d 2d 8a 2a f6 7c 6b 00 00 00 1c Sep 21 07:25:34.573145: | 00 00 40 05 8a 6e 8c 31 c3 bd 4e 3f b2 0f 8f 20 Sep 21 07:25:34.573147: | 7a ba 16 8d 18 7f 8b 75 Sep 21 07:25:34.573150: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:34.573153: | **parse ISAKMP Message: Sep 21 07:25:34.573154: | initiator cookie: Sep 21 07:25:34.573156: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:34.573157: | responder cookie: Sep 21 07:25:34.573158: | 00 00 00 00 00 00 00 00 Sep 21 07:25:34.573160: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:34.573162: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:34.573164: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:34.573165: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:34.573167: | Message ID: 0 (0x0) Sep 21 07:25:34.573168: | length: 440 (0x1b8) Sep 21 07:25:34.573170: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:34.573172: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:34.573175: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:34.573177: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:34.573178: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:34.573180: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:34.573181: | flags: none (0x0) Sep 21 07:25:34.573183: | length: 48 (0x30) Sep 21 07:25:34.573184: | processing payload: ISAKMP_NEXT_v2SA (len=44) Sep 21 07:25:34.573186: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:34.573188: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:34.573189: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:34.573191: | flags: none (0x0) Sep 21 07:25:34.573192: | length: 264 (0x108) Sep 21 07:25:34.573193: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:34.573195: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:34.573196: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:34.573198: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:34.573199: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:34.573201: | flags: none (0x0) Sep 21 07:25:34.573202: | length: 36 (0x24) Sep 21 07:25:34.573203: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:34.573205: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:34.573206: | ***parse IKEv2 Notify Payload: Sep 21 07:25:34.573208: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:34.573209: | flags: none (0x0) Sep 21 07:25:34.573210: | length: 8 (0x8) Sep 21 07:25:34.573212: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:34.573213: | SPI size: 0 (0x0) Sep 21 07:25:34.573215: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:34.573217: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:34.573218: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:34.573219: | ***parse IKEv2 Notify Payload: Sep 21 07:25:34.573221: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:34.573222: | flags: none (0x0) Sep 21 07:25:34.573224: | length: 28 (0x1c) Sep 21 07:25:34.573225: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:34.573226: | SPI size: 0 (0x0) Sep 21 07:25:34.573228: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:34.573229: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:34.573231: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:34.573232: | ***parse IKEv2 Notify Payload: Sep 21 07:25:34.573234: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:34.573236: | flags: none (0x0) Sep 21 07:25:34.573237: | length: 28 (0x1c) Sep 21 07:25:34.573239: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:34.573240: | SPI size: 0 (0x0) Sep 21 07:25:34.573242: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:34.573243: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:34.573245: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:34.573248: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:34.573252: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:34.573254: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:34.573257: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Sep 21 07:25:34.573259: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Sep 21 07:25:34.573260: | find_next_host_connection returns empty Sep 21 07:25:34.573263: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:34.573265: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:34.573266: | find_next_host_connection returns empty Sep 21 07:25:34.573269: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:34.573271: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:34.573274: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:34.573276: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:34.573277: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Sep 21 07:25:34.573279: | find_next_host_connection returns north-eastnets/0x2 Sep 21 07:25:34.573280: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:34.573282: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Sep 21 07:25:34.573283: | find_next_host_connection returns north-eastnets/0x1 Sep 21 07:25:34.573285: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:34.573286: | find_next_host_connection returns empty Sep 21 07:25:34.573288: | found connection: north-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:34.573300: | creating state object #2 at 0x5638c7e2fce0 Sep 21 07:25:34.573302: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:34.573308: | pstats #2 ikev2.ike started Sep 21 07:25:34.573310: | Message ID: init #2: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:34.573312: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:34.573315: | Message ID: init_ike #2; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:34.573322: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:34.573324: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:34.573326: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:34.573329: | #2 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:34.573331: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:34.573334: | Message ID: start-responder #2 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:34.573336: | #2 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:34.573337: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:34.573341: | Now let's proceed with state specific processing Sep 21 07:25:34.573342: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:34.573346: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:34.573348: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals) Sep 21 07:25:34.573351: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Sep 21 07:25:34.573355: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:34.573358: "north-eastnets/0x2": constructed local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:34.573360: | Comparing remote proposals against IKE responder 1 local proposals Sep 21 07:25:34.573362: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:34.573363: | local proposal 1 type PRF has 1 transforms Sep 21 07:25:34.573365: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:34.573366: | local proposal 1 type DH has 1 transforms Sep 21 07:25:34.573368: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:34.573370: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:34.573372: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:34.573374: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:34.573375: | length: 44 (0x2c) Sep 21 07:25:34.573377: | prop #: 1 (0x1) Sep 21 07:25:34.573378: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:34.573379: | spi size: 0 (0x0) Sep 21 07:25:34.573381: | # transforms: 4 (0x4) Sep 21 07:25:34.573383: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:34.573385: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:34.573387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.573389: | length: 12 (0xc) Sep 21 07:25:34.573391: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:34.573393: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:34.573395: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:34.573397: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:34.573399: | length/value: 256 (0x100) Sep 21 07:25:34.573403: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:34.573405: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:34.573407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.573409: | length: 8 (0x8) Sep 21 07:25:34.573411: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:34.573413: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:34.573416: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:34.573418: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:34.573420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.573422: | length: 8 (0x8) Sep 21 07:25:34.573424: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:34.573426: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:34.573430: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:34.573432: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:34.573434: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:34.573436: | length: 8 (0x8) Sep 21 07:25:34.573438: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:34.573440: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:34.573443: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:34.573447: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Sep 21 07:25:34.573452: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Sep 21 07:25:34.573455: | remote proposal 1 matches local proposal 1 Sep 21 07:25:34.573459: "north-eastnets/0x2" #2: proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Sep 21 07:25:34.573463: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:34.573465: | converting proposal to internal trans attrs Sep 21 07:25:34.573468: | natd_hash: rcookie is zero Sep 21 07:25:34.573476: | natd_hash: hasher=0x5638c7cee7a0(20) Sep 21 07:25:34.573479: | natd_hash: icookie= 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:34.573481: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:34.573482: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:34.573484: | natd_hash: port= 01 f4 Sep 21 07:25:34.573486: | natd_hash: hash= 8a 6e 8c 31 c3 bd 4e 3f b2 0f 8f 20 7a ba 16 8d Sep 21 07:25:34.573488: | natd_hash: hash= 18 7f 8b 75 Sep 21 07:25:34.573490: | natd_hash: rcookie is zero Sep 21 07:25:34.573496: | natd_hash: hasher=0x5638c7cee7a0(20) Sep 21 07:25:34.573498: | natd_hash: icookie= 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:34.573500: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:34.573502: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:34.573504: | natd_hash: port= 01 f4 Sep 21 07:25:34.573506: | natd_hash: hash= d2 6d 0e 7f 00 bd 05 44 77 5a 93 b6 20 1d 2d 8a Sep 21 07:25:34.573508: | natd_hash: hash= 2a f6 7c 6b Sep 21 07:25:34.573510: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:34.573512: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:34.573514: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:34.573517: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:25:34.573522: | adding ikev2_inI1outR1 KE work-order 2 for state #2 Sep 21 07:25:34.573526: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5638c7e2c180 Sep 21 07:25:34.573529: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:25:34.573532: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:34.573541: | #2 spent 0.196 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:34.573547: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:34.573550: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:34.573553: | suspending state #2 and saving MD Sep 21 07:25:34.573555: | #2 is busy; has a suspended MD Sep 21 07:25:34.573559: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:34.573562: | "north-eastnets/0x2" #2 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:34.573566: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:34.573570: | #2 spent 0.48 milliseconds in ikev2_process_packet() Sep 21 07:25:34.573574: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:34.573577: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:34.573580: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:34.573583: | spent 0.493 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:34.573596: | crypto helper 2 resuming Sep 21 07:25:34.573601: | crypto helper 2 starting work-order 2 for state #2 Sep 21 07:25:34.573605: | crypto helper 2 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 2 Sep 21 07:25:34.574297: | crypto helper 2 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 2 time elapsed 0.000683 seconds Sep 21 07:25:34.574312: | (#2) spent 0.697 milliseconds in crypto helper computing work-order 2: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:34.574316: | crypto helper 2 sending results from work-order 2 for state #2 to event queue Sep 21 07:25:34.574319: | scheduling resume sending helper answer for #2 Sep 21 07:25:34.574323: | libevent_malloc: new ptr-libevent@0x7f9c44006900 size 128 Sep 21 07:25:34.574337: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:34.574348: | processing resume sending helper answer for #2 Sep 21 07:25:34.574353: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:34.574356: | crypto helper 2 replies to request ID 2 Sep 21 07:25:34.574357: | calling continuation function 0x5638c7c18630 Sep 21 07:25:34.574360: | ikev2_parent_inI1outR1_continue for #2: calculated ke+nonce, sending R1 Sep 21 07:25:34.574364: | **emit ISAKMP Message: Sep 21 07:25:34.574366: | initiator cookie: Sep 21 07:25:34.574367: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:34.574368: | responder cookie: Sep 21 07:25:34.574370: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:34.574372: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:34.574373: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:34.574375: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:34.574377: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:34.574378: | Message ID: 0 (0x0) Sep 21 07:25:34.574380: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:34.574382: | Emitting ikev2_proposal ... Sep 21 07:25:34.574384: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:34.574385: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:34.574387: | flags: none (0x0) Sep 21 07:25:34.574389: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:34.574391: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:34.574393: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:34.574394: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:34.574396: | prop #: 1 (0x1) Sep 21 07:25:34.574397: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:34.574399: | spi size: 0 (0x0) Sep 21 07:25:34.574400: | # transforms: 4 (0x4) Sep 21 07:25:34.574402: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:34.574404: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:34.574405: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.574407: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:34.574408: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:34.574410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:34.574412: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:34.574414: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:34.574415: | length/value: 256 (0x100) Sep 21 07:25:34.574417: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:34.574418: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:34.574420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.574421: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:34.574423: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:34.574425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.574427: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:34.574431: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:34.574432: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:34.574434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.574435: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:34.574437: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:34.574438: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.574440: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:34.574442: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:34.574443: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:34.574444: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:34.574446: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:34.574447: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:34.574449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:34.574451: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:34.574452: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:34.574454: | emitting length of IKEv2 Proposal Substructure Payload: 44 Sep 21 07:25:34.574456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:34.574457: | emitting length of IKEv2 Security Association Payload: 48 Sep 21 07:25:34.574459: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:34.574461: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:34.574462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:34.574464: | flags: none (0x0) Sep 21 07:25:34.574465: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:34.574467: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:34.574469: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:34.574471: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:34.574473: | ikev2 g^x 67 47 fa ac 0e 50 40 6b ef 5e 28 3d 3a 47 5c 8a Sep 21 07:25:34.574474: | ikev2 g^x 6c 00 30 6e 27 44 8f 94 bf cd bf 14 11 25 f5 44 Sep 21 07:25:34.574476: | ikev2 g^x 6f 89 10 21 ab c6 15 d9 83 51 41 e3 9d 57 4b 89 Sep 21 07:25:34.574477: | ikev2 g^x 6a 44 97 04 f9 f1 7d 68 e5 45 51 64 34 1e 49 c8 Sep 21 07:25:34.574478: | ikev2 g^x bd 68 61 84 a8 40 ab 89 af 87 22 7f a7 38 a2 f0 Sep 21 07:25:34.574480: | ikev2 g^x 61 cc 24 f9 99 ee 13 22 69 5e f6 05 57 55 84 28 Sep 21 07:25:34.574481: | ikev2 g^x bf d9 1e 75 e7 55 56 7c 22 bb f6 54 a2 4b 87 0d Sep 21 07:25:34.574482: | ikev2 g^x 19 f6 cc cf 32 e5 a0 de 96 0a 5f 11 ff b6 36 8c Sep 21 07:25:34.574484: | ikev2 g^x 91 ed bd 84 8e e9 cc ec 25 57 c8 f6 1c a9 8c d5 Sep 21 07:25:34.574485: | ikev2 g^x f0 21 17 7e 31 65 ec 69 ab 24 c2 07 51 4e 61 01 Sep 21 07:25:34.574487: | ikev2 g^x ac 16 88 c0 a0 14 65 13 4c f8 f1 cd ab c8 bf 94 Sep 21 07:25:34.574488: | ikev2 g^x 03 e4 be 73 11 09 62 b6 a2 82 4e 81 c7 bd 35 a1 Sep 21 07:25:34.574489: | ikev2 g^x 8f 10 15 58 03 73 fe 2e 6e 5e be 72 6c b2 ac 2d Sep 21 07:25:34.574491: | ikev2 g^x e8 05 a7 b7 1c 7f b5 48 79 ab 8e 4f 03 be 73 be Sep 21 07:25:34.574492: | ikev2 g^x cb 6b 74 02 db ea 58 c1 10 f6 32 62 cf 58 22 e7 Sep 21 07:25:34.574494: | ikev2 g^x 5f 65 3b 47 de 0a 4a b3 b4 96 b5 7c c8 f1 f7 67 Sep 21 07:25:34.574495: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:34.574498: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:34.574499: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:34.574501: | flags: none (0x0) Sep 21 07:25:34.574503: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:34.574504: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:34.574506: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:34.574508: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:34.574509: | IKEv2 nonce 6d e8 ca b3 34 65 eb 2d 9b b0 b3 3a 89 c3 83 fd Sep 21 07:25:34.574511: | IKEv2 nonce 95 3d 3d 6d 6c 31 b3 9c 04 eb 97 84 03 f4 76 a1 Sep 21 07:25:34.574512: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:34.574515: | Adding a v2N Payload Sep 21 07:25:34.574516: | ***emit IKEv2 Notify Payload: Sep 21 07:25:34.574518: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:34.574519: | flags: none (0x0) Sep 21 07:25:34.574521: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:34.574522: | SPI size: 0 (0x0) Sep 21 07:25:34.574524: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:34.574526: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:34.574528: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:34.574529: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:34.574531: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:34.574537: | natd_hash: hasher=0x5638c7cee7a0(20) Sep 21 07:25:34.574539: | natd_hash: icookie= 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:34.574541: | natd_hash: rcookie= 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:34.574542: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:34.574543: | natd_hash: port= 01 f4 Sep 21 07:25:34.574545: | natd_hash: hash= 87 b1 07 ec 92 37 41 e5 60 42 e4 07 59 6b 7b 43 Sep 21 07:25:34.574546: | natd_hash: hash= bd a9 6d 34 Sep 21 07:25:34.574548: | Adding a v2N Payload Sep 21 07:25:34.574549: | ***emit IKEv2 Notify Payload: Sep 21 07:25:34.574551: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:34.574552: | flags: none (0x0) Sep 21 07:25:34.574553: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:34.574555: | SPI size: 0 (0x0) Sep 21 07:25:34.574556: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:34.574558: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:34.574560: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:34.574562: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:34.574563: | Notify data 87 b1 07 ec 92 37 41 e5 60 42 e4 07 59 6b 7b 43 Sep 21 07:25:34.574564: | Notify data bd a9 6d 34 Sep 21 07:25:34.574566: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:34.574569: | natd_hash: hasher=0x5638c7cee7a0(20) Sep 21 07:25:34.574571: | natd_hash: icookie= 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:34.574572: | natd_hash: rcookie= 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:34.574574: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:34.574575: | natd_hash: port= 01 f4 Sep 21 07:25:34.574576: | natd_hash: hash= 5e c0 db e9 91 ed 2d 45 c3 cc af 90 6e fa e0 84 Sep 21 07:25:34.574578: | natd_hash: hash= 1d 5c 62 57 Sep 21 07:25:34.574579: | Adding a v2N Payload Sep 21 07:25:34.574580: | ***emit IKEv2 Notify Payload: Sep 21 07:25:34.574582: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:34.574583: | flags: none (0x0) Sep 21 07:25:34.574585: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:34.574586: | SPI size: 0 (0x0) Sep 21 07:25:34.574588: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:34.574590: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:34.574592: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:34.574594: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:34.574595: | Notify data 5e c0 db e9 91 ed 2d 45 c3 cc af 90 6e fa e0 84 Sep 21 07:25:34.574596: | Notify data 1d 5c 62 57 Sep 21 07:25:34.574598: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:34.574600: | emitting length of ISAKMP Message: 440 Sep 21 07:25:34.574604: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:34.574606: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:34.574608: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:34.574610: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:34.574612: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:34.574615: | Message ID: recv #2 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:34.574618: | Message ID: sent #2 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:34.574621: "north-eastnets/0x2" #2: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Sep 21 07:25:34.574624: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:34.574628: | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:34.574629: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:34.574631: | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:34.574632: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:34.574633: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:34.574635: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:34.574636: | 00 0e 00 00 67 47 fa ac 0e 50 40 6b ef 5e 28 3d Sep 21 07:25:34.574637: | 3a 47 5c 8a 6c 00 30 6e 27 44 8f 94 bf cd bf 14 Sep 21 07:25:34.574639: | 11 25 f5 44 6f 89 10 21 ab c6 15 d9 83 51 41 e3 Sep 21 07:25:34.574640: | 9d 57 4b 89 6a 44 97 04 f9 f1 7d 68 e5 45 51 64 Sep 21 07:25:34.574642: | 34 1e 49 c8 bd 68 61 84 a8 40 ab 89 af 87 22 7f Sep 21 07:25:34.574643: | a7 38 a2 f0 61 cc 24 f9 99 ee 13 22 69 5e f6 05 Sep 21 07:25:34.574644: | 57 55 84 28 bf d9 1e 75 e7 55 56 7c 22 bb f6 54 Sep 21 07:25:34.574646: | a2 4b 87 0d 19 f6 cc cf 32 e5 a0 de 96 0a 5f 11 Sep 21 07:25:34.574647: | ff b6 36 8c 91 ed bd 84 8e e9 cc ec 25 57 c8 f6 Sep 21 07:25:34.574648: | 1c a9 8c d5 f0 21 17 7e 31 65 ec 69 ab 24 c2 07 Sep 21 07:25:34.574650: | 51 4e 61 01 ac 16 88 c0 a0 14 65 13 4c f8 f1 cd Sep 21 07:25:34.574651: | ab c8 bf 94 03 e4 be 73 11 09 62 b6 a2 82 4e 81 Sep 21 07:25:34.574652: | c7 bd 35 a1 8f 10 15 58 03 73 fe 2e 6e 5e be 72 Sep 21 07:25:34.574654: | 6c b2 ac 2d e8 05 a7 b7 1c 7f b5 48 79 ab 8e 4f Sep 21 07:25:34.574655: | 03 be 73 be cb 6b 74 02 db ea 58 c1 10 f6 32 62 Sep 21 07:25:34.574656: | cf 58 22 e7 5f 65 3b 47 de 0a 4a b3 b4 96 b5 7c Sep 21 07:25:34.574658: | c8 f1 f7 67 29 00 00 24 6d e8 ca b3 34 65 eb 2d Sep 21 07:25:34.574659: | 9b b0 b3 3a 89 c3 83 fd 95 3d 3d 6d 6c 31 b3 9c Sep 21 07:25:34.574661: | 04 eb 97 84 03 f4 76 a1 29 00 00 08 00 00 40 2e Sep 21 07:25:34.574662: | 29 00 00 1c 00 00 40 04 87 b1 07 ec 92 37 41 e5 Sep 21 07:25:34.574663: | 60 42 e4 07 59 6b 7b 43 bd a9 6d 34 00 00 00 1c Sep 21 07:25:34.574665: | 00 00 40 05 5e c0 db e9 91 ed 2d 45 c3 cc af 90 Sep 21 07:25:34.574667: | 6e fa e0 84 1d 5c 62 57 Sep 21 07:25:34.574699: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:34.574706: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:34.574709: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5638c7e2c180 Sep 21 07:25:34.574712: | event_schedule: new EVENT_SO_DISCARD-pe@0x5638c7e2c180 Sep 21 07:25:34.574715: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #2 Sep 21 07:25:34.574719: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:34.574722: | resume sending helper answer for #2 suppresed complete_v2_state_transition() Sep 21 07:25:34.574727: | #2 spent 0.354 milliseconds in resume sending helper answer Sep 21 07:25:34.574732: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:34.574735: | libevent_free: release ptr-libevent@0x7f9c44006900 Sep 21 07:25:35.583828: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:35.583851: | *received 464 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:35.583854: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:35.583856: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Sep 21 07:25:35.583859: | 70 4b 41 9c 49 3c c4 41 8c aa dc e5 ef ea 03 f5 Sep 21 07:25:35.583861: | 44 1c 8c 0d d3 15 31 e4 72 db ed 3e ce 0f 34 3c Sep 21 07:25:35.583863: | ea 17 86 c5 1f 66 82 6d f8 24 05 d1 b8 51 40 e7 Sep 21 07:25:35.583865: | 74 1b e7 db b4 4e 5c 83 2e 65 76 a1 fb b9 8d 5d Sep 21 07:25:35.583867: | 12 89 8a ab a9 13 5e 14 f8 7d 23 10 49 57 b7 d7 Sep 21 07:25:35.583870: | 7f cd c4 bc 4e 11 ca f1 fa 3e 24 5b e7 e1 3c 39 Sep 21 07:25:35.583872: | 7b 5e 18 36 22 23 16 fd 3a 17 39 d0 40 1b 9c 83 Sep 21 07:25:35.583874: | dd e5 36 8e b6 ad fa db f2 0c 1f 1c ce 0b 0a 82 Sep 21 07:25:35.583876: | 1c c1 66 58 27 80 6b cd 79 4f bd be 80 10 72 0a Sep 21 07:25:35.583878: | 7e 38 b6 61 dc d6 b2 e4 f5 88 ed 76 d7 da b5 af Sep 21 07:25:35.583881: | 24 e6 53 0d d5 0c 08 f6 a8 3a 28 f6 1d 01 bb 29 Sep 21 07:25:35.583883: | 0c 04 6f 68 a4 df de f7 39 7f c7 57 83 af 99 d5 Sep 21 07:25:35.583885: | f7 c5 da ba 4b 98 77 99 67 f2 47 5a 79 35 32 bf Sep 21 07:25:35.583887: | df ad 12 7f 98 2f fd aa 17 e4 3b 0d a1 ba 82 06 Sep 21 07:25:35.583890: | 94 af 27 6c 15 53 17 4f 50 f1 f7 92 a6 50 2e 7f Sep 21 07:25:35.583892: | 19 bf 50 ab 10 8b 93 90 b2 db df 37 28 cf 1e d6 Sep 21 07:25:35.583894: | 9d be f6 8a f8 30 b9 b9 e0 c6 3f 22 4a c0 8d 82 Sep 21 07:25:35.583896: | e8 42 d2 5c 2a f4 2b 64 27 9a 91 93 3f 68 2d f1 Sep 21 07:25:35.583898: | cf b6 7a 96 0b 55 78 80 3f a7 5c 14 4e 3b 17 ab Sep 21 07:25:35.583901: | 0b 52 b5 f7 8c 85 5a f9 16 e9 0a 36 2b 7b b4 44 Sep 21 07:25:35.583903: | 68 8b b7 d4 7f 36 45 1a e7 7e b7 08 d0 08 1a 51 Sep 21 07:25:35.583905: | db 79 7f f0 bc 2a d1 4b 4f 3a 22 0b 83 03 19 cb Sep 21 07:25:35.583907: | e8 06 fb fb 0a 7b 3b 9e 2f 62 7c a5 e4 e7 1a 33 Sep 21 07:25:35.583910: | 58 52 5d dd 35 7b cb cb c7 e5 9f 69 a6 e6 af 13 Sep 21 07:25:35.583912: | 4d c3 fb a2 b4 54 7a 35 f9 09 e8 0f 1e eb b2 4d Sep 21 07:25:35.583914: | da 4d 21 e9 e1 15 9e f5 63 6a f0 bb da 0a 38 dd Sep 21 07:25:35.583916: | d7 37 af 9e 23 c4 d7 2b 7e 48 25 64 aa 40 f3 54 Sep 21 07:25:35.583921: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:35.583924: | **parse ISAKMP Message: Sep 21 07:25:35.583927: | initiator cookie: Sep 21 07:25:35.583929: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:35.583931: | responder cookie: Sep 21 07:25:35.583934: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:35.583936: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:35.583939: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.583941: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:35.583946: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:35.583949: | Message ID: 1 (0x1) Sep 21 07:25:35.583951: | length: 464 (0x1d0) Sep 21 07:25:35.583954: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:35.583957: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:35.583961: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:35.583967: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:35.583970: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:35.583975: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:35.583978: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:35.583982: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:25:35.583984: | unpacking clear payload Sep 21 07:25:35.583987: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:35.583989: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:35.583992: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:35.583994: | flags: none (0x0) Sep 21 07:25:35.583997: | length: 436 (0x1b4) Sep 21 07:25:35.583999: | processing payload: ISAKMP_NEXT_v2SK (len=432) Sep 21 07:25:35.584004: | Message ID: start-responder #2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:35.584007: | #2 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:35.584010: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:35.584012: | Now let's proceed with state specific processing Sep 21 07:25:35.584015: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:35.584018: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:25:35.584025: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Sep 21 07:25:35.584029: | adding ikev2_inI2outR2 KE work-order 3 for state #2 Sep 21 07:25:35.584032: | state #2 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:25:35.584036: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:35.584039: | free_event_entry: release EVENT_SO_DISCARD-pe@0x5638c7e2c180 Sep 21 07:25:35.584042: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5638c7e2c180 Sep 21 07:25:35.584220: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:25:35.584225: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:35.584237: | #2 spent 0.0487 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:25:35.584243: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:35.584246: | #2 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:35.584249: | suspending state #2 and saving MD Sep 21 07:25:35.584251: | #2 is busy; has a suspended MD Sep 21 07:25:35.584256: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:35.584260: | "north-eastnets/0x2" #2 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:35.584265: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:35.584269: | #2 spent 0.26 milliseconds in ikev2_process_packet() Sep 21 07:25:35.584274: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:35.584276: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:35.584279: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:35.584285: | spent 0.277 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:35.584297: | crypto helper 1 resuming Sep 21 07:25:35.584302: | crypto helper 1 starting work-order 3 for state #2 Sep 21 07:25:35.584306: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 3 Sep 21 07:25:35.585270: | calculating skeyseed using prf=sha2_256 integ=sha2_256 cipherkey-size=32 salt-size=0 Sep 21 07:25:35.585772: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 3 time elapsed 0.001466 seconds Sep 21 07:25:35.585779: | (#2) spent 1.47 milliseconds in crypto helper computing work-order 3: ikev2_inI2outR2 KE (pcr) Sep 21 07:25:35.585782: | crypto helper 1 sending results from work-order 3 for state #2 to event queue Sep 21 07:25:35.585811: | scheduling resume sending helper answer for #2 Sep 21 07:25:35.585815: | libevent_malloc: new ptr-libevent@0x7f9c48000f40 size 128 Sep 21 07:25:35.585821: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:35.585871: | processing resume sending helper answer for #2 Sep 21 07:25:35.585878: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:35.585882: | crypto helper 1 replies to request ID 3 Sep 21 07:25:35.585884: | calling continuation function 0x5638c7c18630 Sep 21 07:25:35.585887: | ikev2_parent_inI2outR2_continue for #2: calculating g^{xy}, sending R2 Sep 21 07:25:35.585890: | #2 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:35.585911: | data for hmac: 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:35.585914: | data for hmac: 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Sep 21 07:25:35.585916: | data for hmac: 70 4b 41 9c 49 3c c4 41 8c aa dc e5 ef ea 03 f5 Sep 21 07:25:35.585919: | data for hmac: 44 1c 8c 0d d3 15 31 e4 72 db ed 3e ce 0f 34 3c Sep 21 07:25:35.585921: | data for hmac: ea 17 86 c5 1f 66 82 6d f8 24 05 d1 b8 51 40 e7 Sep 21 07:25:35.585923: | data for hmac: 74 1b e7 db b4 4e 5c 83 2e 65 76 a1 fb b9 8d 5d Sep 21 07:25:35.585925: | data for hmac: 12 89 8a ab a9 13 5e 14 f8 7d 23 10 49 57 b7 d7 Sep 21 07:25:35.585928: | data for hmac: 7f cd c4 bc 4e 11 ca f1 fa 3e 24 5b e7 e1 3c 39 Sep 21 07:25:35.585930: | data for hmac: 7b 5e 18 36 22 23 16 fd 3a 17 39 d0 40 1b 9c 83 Sep 21 07:25:35.585932: | data for hmac: dd e5 36 8e b6 ad fa db f2 0c 1f 1c ce 0b 0a 82 Sep 21 07:25:35.585934: | data for hmac: 1c c1 66 58 27 80 6b cd 79 4f bd be 80 10 72 0a Sep 21 07:25:35.585937: | data for hmac: 7e 38 b6 61 dc d6 b2 e4 f5 88 ed 76 d7 da b5 af Sep 21 07:25:35.585939: | data for hmac: 24 e6 53 0d d5 0c 08 f6 a8 3a 28 f6 1d 01 bb 29 Sep 21 07:25:35.585941: | data for hmac: 0c 04 6f 68 a4 df de f7 39 7f c7 57 83 af 99 d5 Sep 21 07:25:35.585944: | data for hmac: f7 c5 da ba 4b 98 77 99 67 f2 47 5a 79 35 32 bf Sep 21 07:25:35.585946: | data for hmac: df ad 12 7f 98 2f fd aa 17 e4 3b 0d a1 ba 82 06 Sep 21 07:25:35.585948: | data for hmac: 94 af 27 6c 15 53 17 4f 50 f1 f7 92 a6 50 2e 7f Sep 21 07:25:35.585950: | data for hmac: 19 bf 50 ab 10 8b 93 90 b2 db df 37 28 cf 1e d6 Sep 21 07:25:35.585953: | data for hmac: 9d be f6 8a f8 30 b9 b9 e0 c6 3f 22 4a c0 8d 82 Sep 21 07:25:35.585955: | data for hmac: e8 42 d2 5c 2a f4 2b 64 27 9a 91 93 3f 68 2d f1 Sep 21 07:25:35.585957: | data for hmac: cf b6 7a 96 0b 55 78 80 3f a7 5c 14 4e 3b 17 ab Sep 21 07:25:35.585959: | data for hmac: 0b 52 b5 f7 8c 85 5a f9 16 e9 0a 36 2b 7b b4 44 Sep 21 07:25:35.585962: | data for hmac: 68 8b b7 d4 7f 36 45 1a e7 7e b7 08 d0 08 1a 51 Sep 21 07:25:35.585964: | data for hmac: db 79 7f f0 bc 2a d1 4b 4f 3a 22 0b 83 03 19 cb Sep 21 07:25:35.585966: | data for hmac: e8 06 fb fb 0a 7b 3b 9e 2f 62 7c a5 e4 e7 1a 33 Sep 21 07:25:35.585969: | data for hmac: 58 52 5d dd 35 7b cb cb c7 e5 9f 69 a6 e6 af 13 Sep 21 07:25:35.585971: | data for hmac: 4d c3 fb a2 b4 54 7a 35 f9 09 e8 0f 1e eb b2 4d Sep 21 07:25:35.585976: | data for hmac: da 4d 21 e9 e1 15 9e f5 63 6a f0 bb da 0a 38 dd Sep 21 07:25:35.585978: | calculated auth: d7 37 af 9e 23 c4 d7 2b 7e 48 25 64 aa 40 f3 54 Sep 21 07:25:35.585980: | provided auth: d7 37 af 9e 23 c4 d7 2b 7e 48 25 64 aa 40 f3 54 Sep 21 07:25:35.585983: | authenticator matched Sep 21 07:25:35.585990: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:35.585993: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:25:35.585996: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:25:35.585999: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:35.586001: | flags: none (0x0) Sep 21 07:25:35.586004: | length: 13 (0xd) Sep 21 07:25:35.586006: | ID type: ID_FQDN (0x2) Sep 21 07:25:35.586009: | processing payload: ISAKMP_NEXT_v2IDi (len=5) Sep 21 07:25:35.586011: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:35.586014: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:35.586016: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:35.586018: | flags: none (0x0) Sep 21 07:25:35.586021: | length: 12 (0xc) Sep 21 07:25:35.586023: | ID type: ID_FQDN (0x2) Sep 21 07:25:35.586025: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:35.586027: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:35.586030: | **parse IKEv2 Authentication Payload: Sep 21 07:25:35.586032: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:35.586035: | flags: none (0x0) Sep 21 07:25:35.586037: | length: 282 (0x11a) Sep 21 07:25:35.586039: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:35.586042: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:35.586044: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:35.586046: | **parse IKEv2 Security Association Payload: Sep 21 07:25:35.586049: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:35.586051: | flags: none (0x0) Sep 21 07:25:35.586053: | length: 44 (0x2c) Sep 21 07:25:35.586055: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:25:35.586058: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:35.586060: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:35.586062: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:35.586065: | flags: none (0x0) Sep 21 07:25:35.586067: | length: 24 (0x18) Sep 21 07:25:35.586069: | number of TS: 1 (0x1) Sep 21 07:25:35.586072: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:35.586074: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:35.586076: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:35.586079: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.586081: | flags: none (0x0) Sep 21 07:25:35.586083: | length: 24 (0x18) Sep 21 07:25:35.586085: | number of TS: 1 (0x1) Sep 21 07:25:35.586088: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:35.586090: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:25:35.586093: | Now let's proceed with state specific processing Sep 21 07:25:35.586095: | calling processor Responder: process IKE_AUTH request Sep 21 07:25:35.586100: "north-eastnets/0x2" #2: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:25:35.586107: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:35.586110: | received IDr payload - extracting our alleged ID Sep 21 07:25:35.586113: | refine_host_connection for IKEv2: starting with "north-eastnets/0x2" Sep 21 07:25:35.586117: | match_id a=@north Sep 21 07:25:35.586120: | b=@north Sep 21 07:25:35.586122: | results matched Sep 21 07:25:35.586126: | refine_host_connection: checking "north-eastnets/0x2" against "north-eastnets/0x2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:25:35.586128: | Warning: not switching back to template of current instance Sep 21 07:25:35.586133: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:25:35.586135: | This connection's local id is @east (ID_FQDN) Sep 21 07:25:35.586139: | refine_host_connection: checked north-eastnets/0x2 against north-eastnets/0x2, now for see if best Sep 21 07:25:35.586142: | started looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:35.586145: | actually looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:35.586148: | line 1: key type PKK_RSA(@east) to type PKK_RSA Sep 21 07:25:35.586152: | 1: compared key (none) to @east / @north -> 002 Sep 21 07:25:35.586155: | 2: compared key (none) to @east / @north -> 002 Sep 21 07:25:35.586157: | line 1: match=002 Sep 21 07:25:35.586160: | match 002 beats previous best_match 000 match=0x5638c7e1f190 (line=1) Sep 21 07:25:35.586163: | concluding with best_match=002 best=0x5638c7e1f190 (lineno=1) Sep 21 07:25:35.586165: | returning because exact peer id match Sep 21 07:25:35.586168: | offered CA: '%none' Sep 21 07:25:35.586171: "north-eastnets/0x2" #2: IKEv2 mode peer ID is ID_FQDN: '@north' Sep 21 07:25:35.586185: | verifying AUTH payload Sep 21 07:25:35.586198: | required RSA CA is '%any' Sep 21 07:25:35.586201: | checking RSA keyid '@east' for match with '@north' Sep 21 07:25:35.586204: | checking RSA keyid '@north' for match with '@north' Sep 21 07:25:35.586207: | RSA key issuer CA is '%any' Sep 21 07:25:35.586272: | an RSA Sig check passed with *AQPl33O2P [preloaded keys] Sep 21 07:25:35.586278: | #2 spent 0.0661 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:35.586281: "north-eastnets/0x2" #2: Authenticated using RSA Sep 21 07:25:35.586285: | #2 spent 0.0956 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:35.586345: | parent state #2: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:25:35.586352: | #2 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:35.586356: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:35.586359: | libevent_free: release ptr-libevent@0x5638c7e2e6b0 Sep 21 07:25:35.586362: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5638c7e2c180 Sep 21 07:25:35.586365: | event_schedule: new EVENT_SA_REKEY-pe@0x5638c7e2c180 Sep 21 07:25:35.586369: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #2 Sep 21 07:25:35.586371: | libevent_malloc: new ptr-libevent@0x5638c7e2e6b0 size 128 Sep 21 07:25:35.586628: | pstats #2 ikev2.ike established Sep 21 07:25:35.586636: | **emit ISAKMP Message: Sep 21 07:25:35.586639: | initiator cookie: Sep 21 07:25:35.586641: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:35.586644: | responder cookie: Sep 21 07:25:35.586646: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:35.586649: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:35.586652: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.586654: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:35.586657: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:35.586659: | Message ID: 1 (0x1) Sep 21 07:25:35.586662: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:35.586665: | IKEv2 CERT: send a certificate? Sep 21 07:25:35.586668: | IKEv2 CERT: no certificate to send Sep 21 07:25:35.586670: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:35.586673: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.586675: | flags: none (0x0) Sep 21 07:25:35.586678: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:35.586681: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.586684: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:35.586691: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:35.586705: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:35.586711: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.586713: | flags: none (0x0) Sep 21 07:25:35.586715: | ID type: ID_FQDN (0x2) Sep 21 07:25:35.586719: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:35.586722: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.586725: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:25:35.586727: | my identity 65 61 73 74 Sep 21 07:25:35.586730: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:35.586737: | assembled IDr payload Sep 21 07:25:35.586739: | CHILD SA proposals received Sep 21 07:25:35.586741: | going to assemble AUTH payload Sep 21 07:25:35.586744: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:35.586747: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:35.586750: | flags: none (0x0) Sep 21 07:25:35.586752: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:35.586755: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:25:35.586758: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:35.586761: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.586766: | started looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:35.586769: | actually looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:35.586772: | line 1: key type PKK_RSA(@east) to type PKK_RSA Sep 21 07:25:35.586776: | 1: compared key (none) to @east / @north -> 002 Sep 21 07:25:35.586779: | 2: compared key (none) to @east / @north -> 002 Sep 21 07:25:35.586781: | line 1: match=002 Sep 21 07:25:35.586814: | match 002 beats previous best_match 000 match=0x5638c7e1f190 (line=1) Sep 21 07:25:35.586817: | concluding with best_match=002 best=0x5638c7e1f190 (lineno=1) Sep 21 07:25:35.591986: | #2 spent 5.1 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:35.591997: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:35.592001: | rsa signature 33 97 9c 52 a7 45 c0 4a 56 2a d0 43 e9 d2 da 01 Sep 21 07:25:35.592003: | rsa signature 16 5d 6f 27 c8 bb bd 3a f7 05 fa 2c dc 69 b7 e1 Sep 21 07:25:35.592006: | rsa signature e2 b3 d4 09 8b 35 b0 f0 b1 c5 7b 13 64 fe 00 9a Sep 21 07:25:35.592008: | rsa signature ab d7 80 b4 78 9c 5b 5e 5a c5 7e 33 de e2 5d c1 Sep 21 07:25:35.592011: | rsa signature 45 62 c2 28 d2 4d 47 e7 79 c4 7b 3e d2 ff 95 04 Sep 21 07:25:35.592013: | rsa signature 2d 94 ba 14 42 fb 20 b4 c6 d0 51 2b 66 e5 73 36 Sep 21 07:25:35.592015: | rsa signature 12 98 8e 4e 0b fb cf 1b 29 43 bf 7b 83 c2 d4 a1 Sep 21 07:25:35.592018: | rsa signature 0f a0 a3 ff 4e 16 9d bd d5 74 f8 6a 25 9d df bf Sep 21 07:25:35.592020: | rsa signature 9e 5f ea 4a 3f 9f 2b 31 81 a7 74 c9 14 ef 3a 2a Sep 21 07:25:35.592023: | rsa signature b8 de 9f e1 d4 98 95 17 04 4f 22 c3 25 1d f5 6f Sep 21 07:25:35.592025: | rsa signature c0 0d 97 4f 57 39 46 50 06 9e 8b c7 73 4d bb b0 Sep 21 07:25:35.592027: | rsa signature b0 f4 7d fd 0b 60 e8 a0 ae 0a f9 58 45 b6 be 3d Sep 21 07:25:35.592030: | rsa signature 28 56 49 ab 42 28 91 6a 3b 00 17 4d 86 b1 05 63 Sep 21 07:25:35.592032: | rsa signature 59 ac f1 f9 d2 a5 73 af 3b 44 f2 87 3d ca e9 7d Sep 21 07:25:35.592035: | rsa signature a5 dd 6c 8f 17 48 c2 89 06 89 10 f7 dc ed dd 87 Sep 21 07:25:35.592037: | rsa signature 2a a9 16 65 61 42 53 c6 c3 fb f6 47 cd b6 96 c4 Sep 21 07:25:35.592039: | rsa signature 36 d1 ec ba 34 68 f2 05 8b 27 73 02 b2 77 91 74 Sep 21 07:25:35.592042: | rsa signature 24 c0 Sep 21 07:25:35.592046: | #2 spent 5.21 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:35.592052: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:35.592057: | creating state object #3 at 0x5638c7e38cd0 Sep 21 07:25:35.592060: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:35.592066: | pstats #3 ikev2.child started Sep 21 07:25:35.592069: | duplicating state object #2 "north-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:25:35.592075: | #3 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:35.592081: | Message ID: init_child #2.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:35.592086: | Message ID: switch-from #2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:35.592090: | Message ID: switch-to #2.#3 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:35.592093: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:25:35.592096: | TSi: parsing 1 traffic selectors Sep 21 07:25:35.592099: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:35.592101: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:35.592104: | IP Protocol ID: 0 (0x0) Sep 21 07:25:35.592106: | length: 16 (0x10) Sep 21 07:25:35.592108: | start port: 0 (0x0) Sep 21 07:25:35.592111: | end port: 65535 (0xffff) Sep 21 07:25:35.592114: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:35.592116: | TS low c0 00 03 00 Sep 21 07:25:35.592118: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:35.592121: | TS high c0 00 03 ff Sep 21 07:25:35.592123: | TSi: parsed 1 traffic selectors Sep 21 07:25:35.592125: | TSr: parsing 1 traffic selectors Sep 21 07:25:35.592128: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:35.592130: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:35.592132: | IP Protocol ID: 0 (0x0) Sep 21 07:25:35.592135: | length: 16 (0x10) Sep 21 07:25:35.592137: | start port: 0 (0x0) Sep 21 07:25:35.592139: | end port: 65535 (0xffff) Sep 21 07:25:35.592142: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:35.592144: | TS low c0 00 02 00 Sep 21 07:25:35.592146: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:35.592148: | TS high c0 00 02 ff Sep 21 07:25:35.592151: | TSr: parsed 1 traffic selectors Sep 21 07:25:35.592153: | looking for best SPD in current connection Sep 21 07:25:35.592160: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:35.592165: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:35.592172: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:35.592175: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:35.592177: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:35.592180: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:35.592183: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:35.592187: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:35.592193: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:25:35.592195: | looking for better host pair Sep 21 07:25:35.592201: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:35.592206: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Sep 21 07:25:35.592208: | investigating connection "north-eastnets/0x2" as a better match Sep 21 07:25:35.592211: | match_id a=@north Sep 21 07:25:35.592214: | b=@north Sep 21 07:25:35.592216: | results matched Sep 21 07:25:35.592221: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:35.592230: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:35.592236: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:35.592239: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:35.592241: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:35.592244: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:35.592247: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:35.592251: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:35.592256: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:25:35.592259: | investigating connection "north-eastnets/0x1" as a better match Sep 21 07:25:35.592262: | match_id a=@north Sep 21 07:25:35.592264: | b=@north Sep 21 07:25:35.592266: | results matched Sep 21 07:25:35.592271: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:35.592276: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:35.592281: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:35.592284: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:35.592286: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:35.592289: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:35.592292: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:35.592296: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:35.592301: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:35.592304: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:35.592307: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:35.592309: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:35.592312: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:35.592314: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:35.592317: | protocol fitness found better match d north-eastnets/0x1, TSi[0],TSr[0] Sep 21 07:25:35.592320: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:35.592322: | printing contents struct traffic_selector Sep 21 07:25:35.592325: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:35.592327: | ipprotoid: 0 Sep 21 07:25:35.592329: | port range: 0-65535 Sep 21 07:25:35.592333: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:35.592335: | printing contents struct traffic_selector Sep 21 07:25:35.592337: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:35.592340: | ipprotoid: 0 Sep 21 07:25:35.592342: | port range: 0-65535 Sep 21 07:25:35.592345: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:35.592349: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:25:35.592354: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:25:35.592360: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:25:35.592364: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:25:35.592367: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Sep 21 07:25:35.592370: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:35.592373: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:35.592375: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:35.592378: | local proposal 1 type DH has 1 transforms Sep 21 07:25:35.592382: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:35.592385: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:35.592388: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:35.592391: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:35.592393: | length: 40 (0x28) Sep 21 07:25:35.592395: | prop #: 1 (0x1) Sep 21 07:25:35.592398: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:35.592400: | spi size: 4 (0x4) Sep 21 07:25:35.592402: | # transforms: 3 (0x3) Sep 21 07:25:35.592405: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:35.592408: | remote SPI 5a f5 3a 14 Sep 21 07:25:35.592411: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:35.592414: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:35.592416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.592418: | length: 12 (0xc) Sep 21 07:25:35.592421: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:35.592423: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:35.592426: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:35.592428: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:35.592431: | length/value: 128 (0x80) Sep 21 07:25:35.592435: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:35.592437: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:35.592440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.592442: | length: 8 (0x8) Sep 21 07:25:35.592444: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:35.592447: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:35.592450: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:35.592453: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:35.592455: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:35.592458: | length: 8 (0x8) Sep 21 07:25:35.592460: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:35.592463: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:35.592466: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:35.592469: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:25:35.592474: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:25:35.592476: | remote proposal 1 matches local proposal 1 Sep 21 07:25:35.592481: "north-eastnets/0x2" #2: proposal 1:ESP:SPI=5af53a14;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Sep 21 07:25:35.592486: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=5af53a14;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED Sep 21 07:25:35.592489: | converting proposal to internal trans attrs Sep 21 07:25:35.592508: | netlink_get_spi: allocated 0x602eb9b6 for esp.0@192.1.2.23 Sep 21 07:25:35.592510: | Emitting ikev2_proposal ... Sep 21 07:25:35.592513: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:35.592515: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.592518: | flags: none (0x0) Sep 21 07:25:35.592521: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:35.592524: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.592527: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:35.592529: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:35.592531: | prop #: 1 (0x1) Sep 21 07:25:35.592534: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:35.592538: | spi size: 4 (0x4) Sep 21 07:25:35.592540: | # transforms: 3 (0x3) Sep 21 07:25:35.592543: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:35.592546: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:35.592548: | our spi 60 2e b9 b6 Sep 21 07:25:35.592550: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.592553: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.592555: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:35.592558: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:35.592560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.592563: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:35.592566: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:35.592568: | length/value: 128 (0x80) Sep 21 07:25:35.592570: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:35.592573: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.592575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.592578: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:35.592580: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:35.592583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.592586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.592588: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.592591: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.592593: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:35.592595: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:35.592598: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:35.592601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.592603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.592606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.592608: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:35.592611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:35.592613: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:25:35.592616: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:35.592619: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:35.592621: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.592623: | flags: none (0x0) Sep 21 07:25:35.592625: | number of TS: 1 (0x1) Sep 21 07:25:35.592629: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:35.592631: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.592634: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:35.592636: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:35.592638: | IP Protocol ID: 0 (0x0) Sep 21 07:25:35.592641: | start port: 0 (0x0) Sep 21 07:25:35.592643: | end port: 65535 (0xffff) Sep 21 07:25:35.592646: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:35.592648: | IP start c0 00 03 00 Sep 21 07:25:35.592651: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:35.592656: | IP end c0 00 03 ff Sep 21 07:25:35.592659: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:35.592661: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:35.592664: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:35.592666: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.592668: | flags: none (0x0) Sep 21 07:25:35.592670: | number of TS: 1 (0x1) Sep 21 07:25:35.592673: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:35.592676: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.592679: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:35.592681: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:35.592683: | IP Protocol ID: 0 (0x0) Sep 21 07:25:35.592685: | start port: 0 (0x0) Sep 21 07:25:35.592688: | end port: 65535 (0xffff) Sep 21 07:25:35.592690: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:35.592692: | IP start c0 00 02 00 Sep 21 07:25:35.592695: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:35.592697: | IP end c0 00 02 ff Sep 21 07:25:35.592699: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:35.592702: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:35.592704: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:35.592708: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:25:35.593045: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:25:35.593054: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:25:35.593057: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:25:35.593059: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:35.593062: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.593065: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:35.593068: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.593070: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:35.593074: | route owner of "north-eastnets/0x1" prospective erouted: self; eroute owner: self Sep 21 07:25:35.593077: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:35.593081: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:35.593083: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:35.593087: | setting IPsec SA replay-window to 32 Sep 21 07:25:35.593090: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:25:35.593093: | netlink: enabling tunnel mode Sep 21 07:25:35.593096: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:35.593099: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:35.593349: | netlink response for Add SA esp.5af53a14@192.1.3.33 included non-error error Sep 21 07:25:35.593355: | set up outgoing SA, ref=0/0 Sep 21 07:25:35.593359: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:35.593362: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:35.593365: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:35.593368: | setting IPsec SA replay-window to 32 Sep 21 07:25:35.593371: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:25:35.593374: | netlink: enabling tunnel mode Sep 21 07:25:35.593376: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:35.593379: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:35.593540: | netlink response for Add SA esp.602eb9b6@192.1.2.23 included non-error error Sep 21 07:25:35.593546: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:35.593554: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:35.593557: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:35.593807: | raw_eroute result=success Sep 21 07:25:35.593815: | set up incoming SA, ref=0/0 Sep 21 07:25:35.593817: | sr for #3: prospective erouted Sep 21 07:25:35.593821: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:35.593823: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:35.593826: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.593829: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:35.593832: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.593835: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:35.593838: | route owner of "north-eastnets/0x1" prospective erouted: self; eroute owner: self Sep 21 07:25:35.593842: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:north-eastnets/0x1 esr:{(nil)} ro:north-eastnets/0x1 rosr:{(nil)} and state: #3 Sep 21 07:25:35.593845: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:35.593854: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Sep 21 07:25:35.593857: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:35.593986: | raw_eroute result=success Sep 21 07:25:35.593992: | running updown command "ipsec _updown" for verb up Sep 21 07:25:35.593995: | command executing up-client Sep 21 07:25:35.594023: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5af5 Sep 21 07:25:35.594026: | popen cmd is 1038 chars long Sep 21 07:25:35.594029: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Sep 21 07:25:35.594032: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_: Sep 21 07:25:35.594034: | cmd( 160):MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLU: Sep 21 07:25:35.594037: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_: Sep 21 07:25:35.594040: | cmd( 320):SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@nor: Sep 21 07:25:35.594042: | cmd( 400):th' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEE: Sep 21 07:25:35.594045: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:25:35.594047: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCR: Sep 21 07:25:35.594050: | cmd( 640):YPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='C: Sep 21 07:25:35.594052: | cmd( 720):K_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0': Sep 21 07:25:35.594055: | cmd( 800): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Sep 21 07:25:35.594060: | cmd( 880):_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Sep 21 07:25:35.594063: | cmd( 960):G='no' VTI_SHARED='no' SPI_IN=0x5af53a14 SPI_OUT=0x602eb9b6 ipsec _updown 2>&1: Sep 21 07:25:35.607460: | route_and_eroute: firewall_notified: true Sep 21 07:25:35.607480: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x5638c7e2b320,sr=0x5638c7e2b320} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:35.607565: | #2 spent 0.627 milliseconds in install_ipsec_sa() Sep 21 07:25:35.607571: | ISAKMP_v2_IKE_AUTH: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #2 Sep 21 07:25:35.607575: | adding 14 bytes of padding (including 1 byte padding-length) Sep 21 07:25:35.607578: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607581: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607584: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607586: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607589: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607592: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607594: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607597: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607600: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607602: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607605: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607608: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607610: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607613: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.607616: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:35.607618: | emitting length of IKEv2 Encryption Payload: 436 Sep 21 07:25:35.607621: | emitting length of ISAKMP Message: 464 Sep 21 07:25:35.607669: | data being hmac: 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:35.607672: | data being hmac: 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Sep 21 07:25:35.607674: | data being hmac: 19 58 cb bb 56 0a 40 9a 9d 6c a9 a8 37 53 ca 56 Sep 21 07:25:35.607677: | data being hmac: b5 1d e3 22 15 ec 91 7e 25 1f 45 4b 32 d3 27 88 Sep 21 07:25:35.607679: | data being hmac: 0d 3f 54 c1 f8 c5 9e 0b 3e 8d 28 96 74 e6 db 2c Sep 21 07:25:35.607681: | data being hmac: 81 cc 7a 8b 8d 1e 02 0b 0f 9f 68 3f 8d 0f 01 bc Sep 21 07:25:35.607683: | data being hmac: c5 23 7d c6 56 0b 12 a6 cd 96 04 b5 25 69 e3 6c Sep 21 07:25:35.607686: | data being hmac: 62 3c 30 fc c1 63 1d 85 7e 3b d4 e8 08 06 e7 9f Sep 21 07:25:35.607688: | data being hmac: 92 86 a4 50 30 92 04 3e f9 bf b3 3f d6 38 9d 7c Sep 21 07:25:35.607690: | data being hmac: 3a 41 f3 15 1d f2 f3 c7 bb 06 e6 3e 33 91 4f a9 Sep 21 07:25:35.607693: | data being hmac: 04 4c 53 d2 43 69 3c c8 1f 60 f6 95 a5 0a 16 af Sep 21 07:25:35.607695: | data being hmac: e4 9f 6d 07 88 a7 bf 07 3a ea b4 b6 03 0d 89 36 Sep 21 07:25:35.607697: | data being hmac: 73 57 e9 64 21 b4 ce 59 00 8b ec 1a f9 48 2e ea Sep 21 07:25:35.607700: | data being hmac: fa ea a8 cf e4 07 2a 5a fa 10 10 c4 37 d0 e9 d7 Sep 21 07:25:35.607702: | data being hmac: f5 53 0e 0e c1 0f d4 68 dc e6 00 c6 88 e6 89 ed Sep 21 07:25:35.607704: | data being hmac: 5e e0 da c6 8c 40 96 23 0c 78 ca 21 f2 9a 0f 81 Sep 21 07:25:35.607711: | data being hmac: d6 3a 96 63 5b 25 9c 1f ee 44 db 6c b1 6a 35 b3 Sep 21 07:25:35.607714: | data being hmac: 44 45 23 c1 a9 a5 90 b5 14 05 05 9f 7f db f8 c8 Sep 21 07:25:35.607716: | data being hmac: a1 15 f3 ab 80 ca be 73 0f 44 37 83 1b 62 43 5b Sep 21 07:25:35.607718: | data being hmac: ad 38 99 aa 95 eb fe ab 91 fb 3f fa 40 24 58 0d Sep 21 07:25:35.607721: | data being hmac: 7a 85 d8 e1 45 c4 cf 10 22 c9 9b 55 cf e3 9e 5c Sep 21 07:25:35.607723: | data being hmac: ce 06 fc e8 27 dc c5 da 77 77 fa 0e 69 64 e6 a1 Sep 21 07:25:35.607725: | data being hmac: c9 d4 df c1 73 a3 d6 6b d4 e9 5f 0f 94 43 31 bd Sep 21 07:25:35.607728: | data being hmac: 29 fb e5 15 91 58 a4 6f cf 0e 4e 52 ac 02 39 54 Sep 21 07:25:35.607730: | data being hmac: ea f9 cb 90 b8 ea 6d 76 25 07 74 a1 94 ff d1 fc Sep 21 07:25:35.607732: | data being hmac: 12 e8 a0 4d e6 c6 13 56 d4 65 d2 9a 1b 28 a5 25 Sep 21 07:25:35.607735: | data being hmac: c2 39 24 df 41 66 de d9 68 f2 c7 59 e7 b1 ee 4b Sep 21 07:25:35.607737: | data being hmac: 5b 1f 9d b5 22 91 bd 58 12 31 2c 8e 7f f5 f3 73 Sep 21 07:25:35.607739: | out calculated auth: Sep 21 07:25:35.607741: | 77 80 9e fb b2 e8 59 10 90 e4 6b 1a 6e f2 2a 88 Sep 21 07:25:35.607746: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:25:35.607752: | #2 spent 7.46 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:25:35.607758: | suspend processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:35.607763: | start processing: state #3 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:35.607767: | #3 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:25:35.607770: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:25:35.607774: | child state #3: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:35.607777: | Message ID: updating counters for #3 to 1 after switching state Sep 21 07:25:35.607786: | Message ID: recv #2.#3 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:35.607793: | Message ID: sent #2.#3 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:35.607796: | pstats #3 ikev2.child established Sep 21 07:25:35.607804: "north-eastnets/0x1" #3: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:25:35.607808: | NAT-T: encaps is 'auto' Sep 21 07:25:35.607813: "north-eastnets/0x1" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x5af53a14 <0x602eb9b6 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Sep 21 07:25:35.607818: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:35.607824: | sending 464 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:35.607826: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:35.607829: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Sep 21 07:25:35.607831: | 19 58 cb bb 56 0a 40 9a 9d 6c a9 a8 37 53 ca 56 Sep 21 07:25:35.607833: | b5 1d e3 22 15 ec 91 7e 25 1f 45 4b 32 d3 27 88 Sep 21 07:25:35.607835: | 0d 3f 54 c1 f8 c5 9e 0b 3e 8d 28 96 74 e6 db 2c Sep 21 07:25:35.607838: | 81 cc 7a 8b 8d 1e 02 0b 0f 9f 68 3f 8d 0f 01 bc Sep 21 07:25:35.607840: | c5 23 7d c6 56 0b 12 a6 cd 96 04 b5 25 69 e3 6c Sep 21 07:25:35.607842: | 62 3c 30 fc c1 63 1d 85 7e 3b d4 e8 08 06 e7 9f Sep 21 07:25:35.607844: | 92 86 a4 50 30 92 04 3e f9 bf b3 3f d6 38 9d 7c Sep 21 07:25:35.607847: | 3a 41 f3 15 1d f2 f3 c7 bb 06 e6 3e 33 91 4f a9 Sep 21 07:25:35.607850: | 04 4c 53 d2 43 69 3c c8 1f 60 f6 95 a5 0a 16 af Sep 21 07:25:35.607853: | e4 9f 6d 07 88 a7 bf 07 3a ea b4 b6 03 0d 89 36 Sep 21 07:25:35.607855: | 73 57 e9 64 21 b4 ce 59 00 8b ec 1a f9 48 2e ea Sep 21 07:25:35.607857: | fa ea a8 cf e4 07 2a 5a fa 10 10 c4 37 d0 e9 d7 Sep 21 07:25:35.607859: | f5 53 0e 0e c1 0f d4 68 dc e6 00 c6 88 e6 89 ed Sep 21 07:25:35.607862: | 5e e0 da c6 8c 40 96 23 0c 78 ca 21 f2 9a 0f 81 Sep 21 07:25:35.607864: | d6 3a 96 63 5b 25 9c 1f ee 44 db 6c b1 6a 35 b3 Sep 21 07:25:35.607866: | 44 45 23 c1 a9 a5 90 b5 14 05 05 9f 7f db f8 c8 Sep 21 07:25:35.607868: | a1 15 f3 ab 80 ca be 73 0f 44 37 83 1b 62 43 5b Sep 21 07:25:35.607871: | ad 38 99 aa 95 eb fe ab 91 fb 3f fa 40 24 58 0d Sep 21 07:25:35.607873: | 7a 85 d8 e1 45 c4 cf 10 22 c9 9b 55 cf e3 9e 5c Sep 21 07:25:35.607875: | ce 06 fc e8 27 dc c5 da 77 77 fa 0e 69 64 e6 a1 Sep 21 07:25:35.607877: | c9 d4 df c1 73 a3 d6 6b d4 e9 5f 0f 94 43 31 bd Sep 21 07:25:35.607879: | 29 fb e5 15 91 58 a4 6f cf 0e 4e 52 ac 02 39 54 Sep 21 07:25:35.607882: | ea f9 cb 90 b8 ea 6d 76 25 07 74 a1 94 ff d1 fc Sep 21 07:25:35.607884: | 12 e8 a0 4d e6 c6 13 56 d4 65 d2 9a 1b 28 a5 25 Sep 21 07:25:35.607886: | c2 39 24 df 41 66 de d9 68 f2 c7 59 e7 b1 ee 4b Sep 21 07:25:35.607888: | 5b 1f 9d b5 22 91 bd 58 12 31 2c 8e 7f f5 f3 73 Sep 21 07:25:35.607891: | 77 80 9e fb b2 e8 59 10 90 e4 6b 1a 6e f2 2a 88 Sep 21 07:25:35.607930: | releasing whack for #3 (sock=fd@-1) Sep 21 07:25:35.607934: | releasing whack and unpending for parent #2 Sep 21 07:25:35.607937: | unpending state #2 connection "north-eastnets/0x1" Sep 21 07:25:35.607941: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:35.607945: | event_schedule: new EVENT_SA_REKEY-pe@0x5638c7e35d30 Sep 21 07:25:35.607948: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Sep 21 07:25:35.607952: | libevent_malloc: new ptr-libevent@0x5638c7e34500 size 128 Sep 21 07:25:35.607958: | resume sending helper answer for #2 suppresed complete_v2_state_transition() Sep 21 07:25:35.607963: | #2 spent 7.87 milliseconds in resume sending helper answer Sep 21 07:25:35.607967: | stop processing: state #3 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:35.607971: | libevent_free: release ptr-libevent@0x7f9c48000f40 Sep 21 07:25:35.607982: | processing signal PLUTO_SIGCHLD Sep 21 07:25:35.607986: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:35.607991: | spent 0.00461 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:36.373808: | timer_event_cb: processing event@0x7f9c4c002b20 Sep 21 07:25:36.373826: | handling event EVENT_RETRANSMIT for parent state #1 Sep 21 07:25:36.373835: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:36.373839: | IKEv2 retransmit event Sep 21 07:25:36.373843: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:36.373848: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Sep 21 07:25:36.373852: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 8 Sep 21 07:25:36.373856: "north-eastnets/0x1" #1: suppressing retransmit because superseded by #3 try=1. Drop this negotitation Sep 21 07:25:36.373859: | pstats #1 ikev2.ike failed too-many-retransmits Sep 21 07:25:36.373862: | pstats #1 ikev2.ike deleted too-many-retransmits Sep 21 07:25:36.373867: | #1 spent 2.84 milliseconds in total Sep 21 07:25:36.373871: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:25:36.373875: "north-eastnets/0x1" #1: deleting state (STATE_PARENT_I1) aged 6.409s and NOT sending notification Sep 21 07:25:36.373878: | parent state #1: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:36.373886: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:36.373889: | removing pending policy for "north-eastnets/0x2" {0x5638c7db1bc0} Sep 21 07:25:36.373892: | in connection_discard for connection north-eastnets/0x1 Sep 21 07:25:36.373895: | removing pending policy for "north-eastnets/0x1" {0x5638c7db4740} Sep 21 07:25:36.373898: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:36.373902: | in connection_discard for connection north-eastnets/0x1 Sep 21 07:25:36.373905: | State DB: deleting IKEv2 state #1 in PARENT_I1 Sep 21 07:25:36.373909: | parent state #1: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:36.373928: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:25:36.373934: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:36.373937: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9c4c002b20 Sep 21 07:25:36.373940: | in statetime_stop() and could not find #1 Sep 21 07:25:36.373943: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:36.858337: | spent 0.00309 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:36.858359: | *received 608 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:36.858363: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.858365: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.858368: | 77 8f bf ed 6f ce ef 50 a4 14 0e 41 c3 73 43 3e Sep 21 07:25:36.858370: | 99 45 92 2b 22 39 b7 3b de ce 7f dd fb 97 17 44 Sep 21 07:25:36.858372: | 6c 9f c3 92 57 72 45 c4 c3 b3 b7 c3 03 bd 3d 60 Sep 21 07:25:36.858375: | c0 60 9a 40 31 36 f9 39 5a 7e 1e ca a6 9d 43 66 Sep 21 07:25:36.858377: | 94 db 3f 45 19 be 52 89 4d b7 f7 83 dd f9 80 5b Sep 21 07:25:36.858379: | a9 86 11 55 34 28 72 59 af 9d 7f 94 6e 0a 72 31 Sep 21 07:25:36.858382: | 7b 70 ed 2a 13 84 c0 7c 5b 3b fd 3d 05 6f 03 94 Sep 21 07:25:36.858384: | f5 01 7d 0e e9 29 90 58 76 a8 f0 c4 84 f0 fa c0 Sep 21 07:25:36.858386: | ab cc 88 37 24 61 70 40 b6 f1 b8 77 5f f5 9b 5d Sep 21 07:25:36.858389: | 57 bb cc 7a 3f a9 bb ac 4a 80 60 27 dc 51 34 b7 Sep 21 07:25:36.858391: | bb 9e 3c fe fb be 9e ea 4a 48 8b cc 31 74 dc d3 Sep 21 07:25:36.858393: | b7 34 b5 45 7c 7a c4 9d a5 d3 55 a6 b8 98 c6 43 Sep 21 07:25:36.858396: | bc fc e3 1f c4 5b 8c d0 f9 ae 3d bc 6c 27 58 f6 Sep 21 07:25:36.858398: | 07 42 cc e0 39 b9 d6 e8 88 e4 dd f6 bf 50 44 2d Sep 21 07:25:36.858400: | 06 64 14 60 6d 3b 68 8f d6 43 e4 81 59 16 f2 0c Sep 21 07:25:36.858402: | 72 fe 6f c8 bc 07 98 78 78 a6 92 ca 52 9c e3 aa Sep 21 07:25:36.858405: | 74 a6 ac ec 78 ba 8a 97 84 ae da cf d2 5f 8e 5f Sep 21 07:25:36.858407: | 09 4f fb 4c 5a e0 5b 47 9e 94 c3 2a c3 80 75 bd Sep 21 07:25:36.858409: | 7a 80 dc 95 ba 90 64 c8 24 6a 21 7d 85 19 06 47 Sep 21 07:25:36.858412: | b5 97 31 c9 a9 e3 1d 37 7e ca 3b 42 6f 37 e8 30 Sep 21 07:25:36.858414: | d0 07 af 45 f7 24 b3 69 9a 6b 49 a1 ef 43 65 d5 Sep 21 07:25:36.858416: | b9 b1 54 68 85 b1 b0 9c 77 d1 a7 2e 23 9e f3 95 Sep 21 07:25:36.858419: | ae fe b6 f7 63 87 5e 8a cb 84 2e 02 41 5e c6 91 Sep 21 07:25:36.858421: | 27 cd cb 07 98 e4 f1 00 f7 e8 7d e6 6c f0 68 a4 Sep 21 07:25:36.858423: | 78 e6 cc d5 cc 0f c1 be 98 9e af aa 14 76 4c fb Sep 21 07:25:36.858425: | 27 8a f3 36 74 cf 2d ff b1 5b 17 20 98 2f 45 9d Sep 21 07:25:36.858428: | 66 b7 79 1c cf 83 a9 c9 a5 86 54 d9 3d d4 2a 46 Sep 21 07:25:36.858430: | e2 ca df ce 08 71 32 db 47 c1 cc cc a4 96 2d c2 Sep 21 07:25:36.858432: | 63 3c 01 a7 5e 6f 46 a8 3d c6 7c ef c5 2b df f3 Sep 21 07:25:36.858435: | c1 18 47 95 c8 3f b9 43 bb 29 f9 16 e9 2b e1 27 Sep 21 07:25:36.858437: | ad 96 8f fd e2 1e fc fb 6f 74 2b 0a dd ad e7 a1 Sep 21 07:25:36.858439: | 98 32 74 61 eb c3 13 08 4e eb 72 d2 0a 1f 08 3f Sep 21 07:25:36.858441: | 00 02 f9 2b 7a 1a 68 f6 ff 53 1d f6 4f 88 9e ff Sep 21 07:25:36.858448: | 12 02 c8 87 ac 39 ba f2 05 97 cf c5 96 0b 41 c8 Sep 21 07:25:36.858450: | 68 75 cc b4 78 cc 43 63 ae 76 38 08 c3 21 59 97 Sep 21 07:25:36.858452: | 9e d3 48 7c af 43 02 da 31 9d 4c c2 27 bd d7 f5 Sep 21 07:25:36.858457: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:36.858461: | **parse ISAKMP Message: Sep 21 07:25:36.858464: | initiator cookie: Sep 21 07:25:36.858466: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:36.858468: | responder cookie: Sep 21 07:25:36.858470: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.858473: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:36.858476: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.858478: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:36.858481: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:36.858483: | Message ID: 2 (0x2) Sep 21 07:25:36.858486: | length: 608 (0x260) Sep 21 07:25:36.858489: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:36.858492: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Sep 21 07:25:36.858496: | State DB: found IKEv2 state #2 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:36.858502: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:36.858506: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:36.858510: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:36.858513: | #2 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:25:36.858517: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Sep 21 07:25:36.858520: | unpacking clear payload Sep 21 07:25:36.858523: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:36.858526: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:36.858528: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:36.858531: | flags: none (0x0) Sep 21 07:25:36.858533: | length: 580 (0x244) Sep 21 07:25:36.858536: | processing payload: ISAKMP_NEXT_v2SK (len=576) Sep 21 07:25:36.858540: | Message ID: start-responder #2 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:36.858543: | #2 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:36.858574: | data for hmac: 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.858577: | data for hmac: 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.858580: | data for hmac: 77 8f bf ed 6f ce ef 50 a4 14 0e 41 c3 73 43 3e Sep 21 07:25:36.858582: | data for hmac: 99 45 92 2b 22 39 b7 3b de ce 7f dd fb 97 17 44 Sep 21 07:25:36.858584: | data for hmac: 6c 9f c3 92 57 72 45 c4 c3 b3 b7 c3 03 bd 3d 60 Sep 21 07:25:36.858587: | data for hmac: c0 60 9a 40 31 36 f9 39 5a 7e 1e ca a6 9d 43 66 Sep 21 07:25:36.858589: | data for hmac: 94 db 3f 45 19 be 52 89 4d b7 f7 83 dd f9 80 5b Sep 21 07:25:36.858591: | data for hmac: a9 86 11 55 34 28 72 59 af 9d 7f 94 6e 0a 72 31 Sep 21 07:25:36.858594: | data for hmac: 7b 70 ed 2a 13 84 c0 7c 5b 3b fd 3d 05 6f 03 94 Sep 21 07:25:36.858596: | data for hmac: f5 01 7d 0e e9 29 90 58 76 a8 f0 c4 84 f0 fa c0 Sep 21 07:25:36.858598: | data for hmac: ab cc 88 37 24 61 70 40 b6 f1 b8 77 5f f5 9b 5d Sep 21 07:25:36.858600: | data for hmac: 57 bb cc 7a 3f a9 bb ac 4a 80 60 27 dc 51 34 b7 Sep 21 07:25:36.858603: | data for hmac: bb 9e 3c fe fb be 9e ea 4a 48 8b cc 31 74 dc d3 Sep 21 07:25:36.858605: | data for hmac: b7 34 b5 45 7c 7a c4 9d a5 d3 55 a6 b8 98 c6 43 Sep 21 07:25:36.858607: | data for hmac: bc fc e3 1f c4 5b 8c d0 f9 ae 3d bc 6c 27 58 f6 Sep 21 07:25:36.858610: | data for hmac: 07 42 cc e0 39 b9 d6 e8 88 e4 dd f6 bf 50 44 2d Sep 21 07:25:36.858614: | data for hmac: 06 64 14 60 6d 3b 68 8f d6 43 e4 81 59 16 f2 0c Sep 21 07:25:36.858617: | data for hmac: 72 fe 6f c8 bc 07 98 78 78 a6 92 ca 52 9c e3 aa Sep 21 07:25:36.858619: | data for hmac: 74 a6 ac ec 78 ba 8a 97 84 ae da cf d2 5f 8e 5f Sep 21 07:25:36.858621: | data for hmac: 09 4f fb 4c 5a e0 5b 47 9e 94 c3 2a c3 80 75 bd Sep 21 07:25:36.858624: | data for hmac: 7a 80 dc 95 ba 90 64 c8 24 6a 21 7d 85 19 06 47 Sep 21 07:25:36.858626: | data for hmac: b5 97 31 c9 a9 e3 1d 37 7e ca 3b 42 6f 37 e8 30 Sep 21 07:25:36.858628: | data for hmac: d0 07 af 45 f7 24 b3 69 9a 6b 49 a1 ef 43 65 d5 Sep 21 07:25:36.858631: | data for hmac: b9 b1 54 68 85 b1 b0 9c 77 d1 a7 2e 23 9e f3 95 Sep 21 07:25:36.858633: | data for hmac: ae fe b6 f7 63 87 5e 8a cb 84 2e 02 41 5e c6 91 Sep 21 07:25:36.858635: | data for hmac: 27 cd cb 07 98 e4 f1 00 f7 e8 7d e6 6c f0 68 a4 Sep 21 07:25:36.858638: | data for hmac: 78 e6 cc d5 cc 0f c1 be 98 9e af aa 14 76 4c fb Sep 21 07:25:36.858640: | data for hmac: 27 8a f3 36 74 cf 2d ff b1 5b 17 20 98 2f 45 9d Sep 21 07:25:36.858642: | data for hmac: 66 b7 79 1c cf 83 a9 c9 a5 86 54 d9 3d d4 2a 46 Sep 21 07:25:36.858645: | data for hmac: e2 ca df ce 08 71 32 db 47 c1 cc cc a4 96 2d c2 Sep 21 07:25:36.858647: | data for hmac: 63 3c 01 a7 5e 6f 46 a8 3d c6 7c ef c5 2b df f3 Sep 21 07:25:36.858649: | data for hmac: c1 18 47 95 c8 3f b9 43 bb 29 f9 16 e9 2b e1 27 Sep 21 07:25:36.858652: | data for hmac: ad 96 8f fd e2 1e fc fb 6f 74 2b 0a dd ad e7 a1 Sep 21 07:25:36.858654: | data for hmac: 98 32 74 61 eb c3 13 08 4e eb 72 d2 0a 1f 08 3f Sep 21 07:25:36.858656: | data for hmac: 00 02 f9 2b 7a 1a 68 f6 ff 53 1d f6 4f 88 9e ff Sep 21 07:25:36.858659: | data for hmac: 12 02 c8 87 ac 39 ba f2 05 97 cf c5 96 0b 41 c8 Sep 21 07:25:36.858661: | data for hmac: 68 75 cc b4 78 cc 43 63 ae 76 38 08 c3 21 59 97 Sep 21 07:25:36.858663: | calculated auth: 9e d3 48 7c af 43 02 da 31 9d 4c c2 27 bd d7 f5 Sep 21 07:25:36.858666: | provided auth: 9e d3 48 7c af 43 02 da 31 9d 4c c2 27 bd d7 f5 Sep 21 07:25:36.858668: | authenticator matched Sep 21 07:25:36.858677: | #2 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:36.858680: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:36.858683: | **parse IKEv2 Security Association Payload: Sep 21 07:25:36.858685: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:36.858688: | flags: none (0x0) Sep 21 07:25:36.858690: | length: 52 (0x34) Sep 21 07:25:36.858693: | processing payload: ISAKMP_NEXT_v2SA (len=48) Sep 21 07:25:36.858695: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:36.858697: | **parse IKEv2 Nonce Payload: Sep 21 07:25:36.858700: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:36.858702: | flags: none (0x0) Sep 21 07:25:36.858704: | length: 36 (0x24) Sep 21 07:25:36.858707: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:36.858709: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:36.858712: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:36.858714: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:36.858717: | flags: none (0x0) Sep 21 07:25:36.858719: | length: 392 (0x188) Sep 21 07:25:36.858721: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.858724: | processing payload: ISAKMP_NEXT_v2KE (len=384) Sep 21 07:25:36.858726: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:36.858729: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:36.858731: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:36.858734: | flags: none (0x0) Sep 21 07:25:36.858736: | length: 24 (0x18) Sep 21 07:25:36.858739: | number of TS: 1 (0x1) Sep 21 07:25:36.858741: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:36.858743: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:36.858746: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:36.858748: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.858752: | flags: none (0x0) Sep 21 07:25:36.858754: | length: 24 (0x18) Sep 21 07:25:36.858757: | number of TS: 1 (0x1) Sep 21 07:25:36.858759: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:36.858762: | state #2 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Sep 21 07:25:36.858765: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:25:36.858771: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:36.858775: | creating state object #4 at 0x5638c7e2c9d0 Sep 21 07:25:36.858778: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:36.858782: | pstats #4 ikev2.child started Sep 21 07:25:36.858792: | duplicating state object #2 "north-eastnets/0x2" as #4 for IPSEC SA Sep 21 07:25:36.858796: | #4 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:36.858802: | Message ID: init_child #2.#4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:36.858806: | child state #4: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Sep 21 07:25:36.858811: | "north-eastnets/0x2" #2 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "north-eastnets/0x2" #4 in STATE_V2_CREATE_R will process it further Sep 21 07:25:36.858815: | Message ID: switch-from #2 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Sep 21 07:25:36.858820: | Message ID: switch-to #2.#4 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:36.858823: | forcing ST #2 to CHILD #2.#4 in FSM processor Sep 21 07:25:36.858825: | Now let's proceed with state specific processing Sep 21 07:25:36.858827: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:25:36.858832: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:36.858835: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Sep 21 07:25:36.858840: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:25:36.858846: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:36.858850: "north-eastnets/0x2": constructed local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:36.858854: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 1 local proposals Sep 21 07:25:36.858857: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:36.858860: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:36.858862: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:36.858865: | local proposal 1 type DH has 1 transforms Sep 21 07:25:36.858867: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:36.858870: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:36.858873: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.858876: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:36.858878: | length: 48 (0x30) Sep 21 07:25:36.858880: | prop #: 1 (0x1) Sep 21 07:25:36.858883: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:36.858885: | spi size: 4 (0x4) Sep 21 07:25:36.858887: | # transforms: 4 (0x4) Sep 21 07:25:36.858891: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:36.858893: | remote SPI e9 8a bc 5c Sep 21 07:25:36.858896: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:36.858899: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:36.858903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.858906: | length: 12 (0xc) Sep 21 07:25:36.858908: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.858911: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:36.858913: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.858916: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.858918: | length/value: 128 (0x80) Sep 21 07:25:36.858923: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:36.858925: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:36.858928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.858930: | length: 8 (0x8) Sep 21 07:25:36.858933: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.858935: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:36.858939: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:36.858941: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:36.858944: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.858946: | length: 8 (0x8) Sep 21 07:25:36.858948: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.858951: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.858954: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:36.858957: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:36.858959: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.858962: | length: 8 (0x8) Sep 21 07:25:36.858964: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:36.858967: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:36.858970: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:36.858974: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Sep 21 07:25:36.858979: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Sep 21 07:25:36.858982: | remote proposal 1 matches local proposal 1 Sep 21 07:25:36.858987: "north-eastnets/0x2" #2: proposal 1:ESP:SPI=e98abc5c;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Sep 21 07:25:36.858993: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e98abc5c;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:36.858995: | converting proposal to internal trans attrs Sep 21 07:25:36.859000: | updating #4's .st_oakley with preserved PRF, but why update? Sep 21 07:25:36.859005: | Child SA TS Request has child->sa == md->st; so using child connection Sep 21 07:25:36.859008: | TSi: parsing 1 traffic selectors Sep 21 07:25:36.859011: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:36.859013: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:36.859015: | IP Protocol ID: 0 (0x0) Sep 21 07:25:36.859018: | length: 16 (0x10) Sep 21 07:25:36.859020: | start port: 0 (0x0) Sep 21 07:25:36.859022: | end port: 65535 (0xffff) Sep 21 07:25:36.859025: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:36.859027: | TS low c0 00 03 00 Sep 21 07:25:36.859030: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:36.859032: | TS high c0 00 03 ff Sep 21 07:25:36.859034: | TSi: parsed 1 traffic selectors Sep 21 07:25:36.859037: | TSr: parsing 1 traffic selectors Sep 21 07:25:36.859039: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:36.859042: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:36.859044: | IP Protocol ID: 0 (0x0) Sep 21 07:25:36.859046: | length: 16 (0x10) Sep 21 07:25:36.859050: | start port: 0 (0x0) Sep 21 07:25:36.859052: | end port: 65535 (0xffff) Sep 21 07:25:36.859054: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:36.859057: | TS low c0 00 16 00 Sep 21 07:25:36.859059: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:36.859061: | TS high c0 00 16 ff Sep 21 07:25:36.859063: | TSr: parsed 1 traffic selectors Sep 21 07:25:36.859065: | looking for best SPD in current connection Sep 21 07:25:36.859072: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:36.859077: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:36.859083: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:36.859086: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:36.859089: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:36.859091: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:36.859095: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:36.859099: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:36.859105: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:36.859108: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:36.859110: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:36.859113: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:36.859115: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:36.859118: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:36.859120: | found better spd route for TSi[0],TSr[0] Sep 21 07:25:36.859122: | looking for better host pair Sep 21 07:25:36.859127: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:36.859132: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Sep 21 07:25:36.859135: | investigating connection "north-eastnets/0x2" as a better match Sep 21 07:25:36.859138: | match_id a=@north Sep 21 07:25:36.859141: | b=@north Sep 21 07:25:36.859143: | results matched Sep 21 07:25:36.859148: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:36.859153: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:36.859158: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:36.859161: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:36.859163: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:36.859166: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:36.859169: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:36.859173: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:36.859179: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:36.859181: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:36.859184: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:36.859186: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:36.859189: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:36.859191: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:36.859194: | investigating connection "north-eastnets/0x1" as a better match Sep 21 07:25:36.859196: | match_id a=@north Sep 21 07:25:36.859199: | b=@north Sep 21 07:25:36.859201: | results matched Sep 21 07:25:36.859206: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:36.859210: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:36.859216: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:36.859220: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:36.859222: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:36.859225: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:36.859227: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:36.859232: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:36.859237: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Sep 21 07:25:36.859240: | did not find a better connection using host pair Sep 21 07:25:36.859242: | printing contents struct traffic_selector Sep 21 07:25:36.859244: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:36.859247: | ipprotoid: 0 Sep 21 07:25:36.859249: | port range: 0-65535 Sep 21 07:25:36.859253: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:25:36.859255: | printing contents struct traffic_selector Sep 21 07:25:36.859257: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:36.859259: | ipprotoid: 0 Sep 21 07:25:36.859261: | port range: 0-65535 Sep 21 07:25:36.859265: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:36.859269: | adding Child Responder KE and nonce nr work-order 4 for state #4 Sep 21 07:25:36.859271: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9c4c002b20 Sep 21 07:25:36.859275: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:36.859278: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:36.859289: | #4 spent 0.457 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Sep 21 07:25:36.859294: | suspend processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.859295: | crypto helper 3 resuming Sep 21 07:25:36.859309: | crypto helper 3 starting work-order 4 for state #4 Sep 21 07:25:36.859314: | crypto helper 3 doing build KE and nonce (Child Responder KE and nonce nr); request ID 4 Sep 21 07:25:36.859299: | start processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.860860: | #4 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:25:36.860864: | suspending state #4 and saving MD Sep 21 07:25:36.860867: | #4 is busy; has a suspended MD Sep 21 07:25:36.860872: | [RE]START processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:36.860876: | "north-eastnets/0x2" #4 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:36.860881: | stop processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:36.860887: | #2 spent 0.986 milliseconds in ikev2_process_packet() Sep 21 07:25:36.860892: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:36.860895: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:36.860897: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:36.860902: | spent 1 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:36.861651: | crypto helper 3 finished build KE and nonce (Child Responder KE and nonce nr); request ID 4 time elapsed 0.002336 seconds Sep 21 07:25:36.861658: | (#4) spent 2.24 milliseconds in crypto helper computing work-order 4: Child Responder KE and nonce nr (pcr) Sep 21 07:25:36.861662: | crypto helper 3 sending results from work-order 4 for state #4 to event queue Sep 21 07:25:36.861665: | scheduling resume sending helper answer for #4 Sep 21 07:25:36.861668: | libevent_malloc: new ptr-libevent@0x7f9c3c005780 size 128 Sep 21 07:25:36.861671: | libevent_realloc: release ptr-libevent@0x5638c7e0d840 Sep 21 07:25:36.861676: | libevent_realloc: new ptr-libevent@0x5638c7db1a60 size 128 Sep 21 07:25:36.861685: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:36.861695: | processing resume sending helper answer for #4 Sep 21 07:25:36.861701: | start processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:36.861705: | crypto helper 3 replies to request ID 4 Sep 21 07:25:36.861707: | calling continuation function 0x5638c7c18630 Sep 21 07:25:36.861710: | ikev2_child_inIoutR_continue for #4 STATE_V2_CREATE_R Sep 21 07:25:36.861714: | adding DHv2 for child sa work-order 5 for state #4 Sep 21 07:25:36.861717: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:36.861720: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:36.861723: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9c4c002b20 Sep 21 07:25:36.861726: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9c4c002b20 Sep 21 07:25:36.861729: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:36.861732: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:36.861742: | [RE]START processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.861746: | #4 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:25:36.861748: | suspending state #4 and saving MD Sep 21 07:25:36.861750: | #4 is busy; has a suspended MD Sep 21 07:25:36.861755: | [RE]START processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:36.861758: | "north-eastnets/0x2" #4 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:36.861761: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:36.861766: | #4 spent 0.0602 milliseconds in resume sending helper answer Sep 21 07:25:36.861771: | stop processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:36.861774: | libevent_free: release ptr-libevent@0x7f9c3c005780 Sep 21 07:25:36.864821: | crypto helper 4 resuming Sep 21 07:25:36.864833: | crypto helper 4 starting work-order 5 for state #4 Sep 21 07:25:36.864838: | crypto helper 4 doing crypto (DHv2 for child sa); request ID 5 Sep 21 07:25:36.867296: | crypto helper 4 finished crypto (DHv2 for child sa); request ID 5 time elapsed 0.002458 seconds Sep 21 07:25:36.867307: | (#4) spent 2.46 milliseconds in crypto helper computing work-order 5: DHv2 for child sa (dh) Sep 21 07:25:36.867311: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Sep 21 07:25:36.867313: | scheduling resume sending helper answer for #4 Sep 21 07:25:36.867317: | libevent_malloc: new ptr-libevent@0x7f9c40001100 size 128 Sep 21 07:25:36.867325: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:36.867333: | processing resume sending helper answer for #4 Sep 21 07:25:36.867342: | start processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:36.867346: | crypto helper 4 replies to request ID 5 Sep 21 07:25:36.867349: | calling continuation function 0x5638c7c194f0 Sep 21 07:25:36.867352: | ikev2_child_inIoutR_continue_continue for #4 STATE_V2_CREATE_R Sep 21 07:25:36.867358: | **emit ISAKMP Message: Sep 21 07:25:36.867361: | initiator cookie: Sep 21 07:25:36.867364: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:36.867366: | responder cookie: Sep 21 07:25:36.867368: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.867371: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:36.867374: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.867377: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:36.867379: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:36.867382: | Message ID: 2 (0x2) Sep 21 07:25:36.867388: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:36.867392: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:36.867395: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.867397: | flags: none (0x0) Sep 21 07:25:36.867401: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:36.867403: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.867407: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:36.867431: | netlink_get_spi: allocated 0xb0df2a5a for esp.0@192.1.2.23 Sep 21 07:25:36.867434: | Emitting ikev2_proposal ... Sep 21 07:25:36.867437: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:36.867440: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.867442: | flags: none (0x0) Sep 21 07:25:36.867445: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:36.867448: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.867452: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.867454: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:36.867456: | prop #: 1 (0x1) Sep 21 07:25:36.867459: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:36.867461: | spi size: 4 (0x4) Sep 21 07:25:36.867463: | # transforms: 4 (0x4) Sep 21 07:25:36.867466: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.867470: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:36.867472: | our spi b0 df 2a 5a Sep 21 07:25:36.867475: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.867477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.867480: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.867483: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:36.867486: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.867489: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.867491: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.867494: | length/value: 128 (0x80) Sep 21 07:25:36.867497: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.867499: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.867502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.867504: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.867507: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:36.867510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.867513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.867516: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.867518: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.867520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.867523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.867525: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.867528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.867531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.867533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.867538: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.867541: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.867543: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:36.867546: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:36.867549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.867551: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.867554: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.867556: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:36.867559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.867561: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:25:36.867564: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:36.867567: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:36.867569: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.867572: | flags: none (0x0) Sep 21 07:25:36.867575: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:36.867577: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.867580: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:36.867583: | IKEv2 nonce 05 cc 24 b7 e8 0e 68 68 6e af 34 39 14 43 64 9d Sep 21 07:25:36.867586: | IKEv2 nonce 4f c6 1c 8a c6 49 0d 1d d7 1d c3 36 cb 88 48 f4 Sep 21 07:25:36.867588: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:36.867590: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:36.867593: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.867595: | flags: none (0x0) Sep 21 07:25:36.867597: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.867600: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:36.867603: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.867606: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:36.867609: | ikev2 g^x 58 54 6c b1 ae df a5 81 54 37 ce 8b f2 51 a4 3c Sep 21 07:25:36.867611: | ikev2 g^x 88 90 73 24 b1 36 46 a5 e0 50 79 6a 56 d7 5a 34 Sep 21 07:25:36.867613: | ikev2 g^x 48 52 c0 58 a9 c2 49 a3 57 fe 02 58 03 ed ec 8f Sep 21 07:25:36.867616: | ikev2 g^x 33 20 8c b3 1c 0d 47 a6 e7 4b 6e 29 45 e7 97 b1 Sep 21 07:25:36.867618: | ikev2 g^x e6 1d ac 15 c2 04 59 1a 39 4b 53 28 a5 1b 94 fa Sep 21 07:25:36.867620: | ikev2 g^x 95 d3 27 73 83 0b 85 09 96 ce dc 10 e1 d2 b0 23 Sep 21 07:25:36.867623: | ikev2 g^x 77 fc 4f 41 9d be 26 dd f2 c0 6e 36 1e 8a 4e e2 Sep 21 07:25:36.867625: | ikev2 g^x 60 bd 82 b0 bb 0e 96 da bb 73 c1 8d d4 e0 fe 77 Sep 21 07:25:36.867627: | ikev2 g^x 1c 0e ae c7 e7 95 1a 99 51 3d aa d6 a1 b9 2d da Sep 21 07:25:36.867629: | ikev2 g^x b0 81 fa 53 73 8a 1f 49 c9 c8 81 5c e4 5f 5c 0e Sep 21 07:25:36.867632: | ikev2 g^x a1 43 4e f2 a8 01 8c 51 82 54 29 bd 8c 31 3a 7d Sep 21 07:25:36.867634: | ikev2 g^x 26 40 26 24 60 b0 5c 17 2d ff bd 44 29 19 86 85 Sep 21 07:25:36.867636: | ikev2 g^x f2 b0 c2 bc 09 34 34 ba 4a e5 9f db 2b c9 58 cb Sep 21 07:25:36.867638: | ikev2 g^x ad 16 9e 0a 0c 7a 88 7c d3 85 6f 2b 0f 5b 10 36 Sep 21 07:25:36.867641: | ikev2 g^x f8 10 40 89 83 24 2a b2 34 9b 81 da ea f8 6f 6c Sep 21 07:25:36.867643: | ikev2 g^x a5 a2 be df 3e c1 55 f1 c4 b6 bc 8a 45 fb 33 f2 Sep 21 07:25:36.867645: | ikev2 g^x 73 1f 3d 82 bb 15 95 4d a0 23 c1 a5 eb bb 6e ab Sep 21 07:25:36.867650: | ikev2 g^x bf 3a 18 60 66 8f ad 6c d1 0c 77 68 96 92 bb a4 Sep 21 07:25:36.867652: | ikev2 g^x fc 3f 5d 5c a7 a3 77 c0 29 dd a3 76 46 93 8d 1c Sep 21 07:25:36.867654: | ikev2 g^x 03 6f de 95 a6 92 cb 30 24 70 fc 46 ae 54 ef 65 Sep 21 07:25:36.867657: | ikev2 g^x a3 48 c4 40 15 23 48 91 21 ee aa 7f c3 b2 28 a8 Sep 21 07:25:36.867659: | ikev2 g^x 41 26 c2 f2 04 8b 01 59 7b b1 fe e8 44 19 11 1a Sep 21 07:25:36.867661: | ikev2 g^x 4b ab 0d 3a 46 7d 02 13 9c 16 c2 4c e5 79 c7 14 Sep 21 07:25:36.867663: | ikev2 g^x cf 49 92 36 e2 e4 e3 1f 16 d1 3f 2c 6b 7f a8 2f Sep 21 07:25:36.867666: | emitting length of IKEv2 Key Exchange Payload: 392 Sep 21 07:25:36.867668: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:36.867671: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.867673: | flags: none (0x0) Sep 21 07:25:36.867676: | number of TS: 1 (0x1) Sep 21 07:25:36.867679: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:36.867682: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.867684: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:36.867687: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:36.867690: | IP Protocol ID: 0 (0x0) Sep 21 07:25:36.867692: | start port: 0 (0x0) Sep 21 07:25:36.867694: | end port: 65535 (0xffff) Sep 21 07:25:36.867697: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:36.867700: | IP start c0 00 03 00 Sep 21 07:25:36.867702: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:36.867704: | IP end c0 00 03 ff Sep 21 07:25:36.867707: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:36.867709: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:36.867712: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:36.867714: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.867717: | flags: none (0x0) Sep 21 07:25:36.867719: | number of TS: 1 (0x1) Sep 21 07:25:36.867722: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:36.867725: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.867728: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:36.867730: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:36.867732: | IP Protocol ID: 0 (0x0) Sep 21 07:25:36.867734: | start port: 0 (0x0) Sep 21 07:25:36.867737: | end port: 65535 (0xffff) Sep 21 07:25:36.867739: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:36.867741: | IP start c0 00 16 00 Sep 21 07:25:36.867744: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:36.867746: | IP end c0 00 16 ff Sep 21 07:25:36.867748: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:36.867751: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:36.867754: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:36.867757: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:25:36.868091: | install_ipsec_sa() for #4: inbound and outbound Sep 21 07:25:36.868099: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:25:36.868103: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:36.868106: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.868108: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:36.868111: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.868114: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:36.868124: | route owner of "north-eastnets/0x2" prospective erouted: "north-eastnets/0x1" erouted; eroute owner: self Sep 21 07:25:36.868129: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:36.868132: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:36.868135: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:36.868139: | setting IPsec SA replay-window to 32 Sep 21 07:25:36.868142: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:25:36.868145: | netlink: enabling tunnel mode Sep 21 07:25:36.868148: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:36.868151: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:36.868247: | netlink response for Add SA esp.e98abc5c@192.1.3.33 included non-error error Sep 21 07:25:36.868252: | set up outgoing SA, ref=0/0 Sep 21 07:25:36.868256: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:36.868258: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:36.868261: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:36.868265: | setting IPsec SA replay-window to 32 Sep 21 07:25:36.868268: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:25:36.868271: | netlink: enabling tunnel mode Sep 21 07:25:36.868273: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:36.868276: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:36.868327: | netlink response for Add SA esp.b0df2a5a@192.1.2.23 included non-error error Sep 21 07:25:36.868333: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:36.868340: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:36.868344: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:36.868389: | raw_eroute result=success Sep 21 07:25:36.868393: | set up incoming SA, ref=0/0 Sep 21 07:25:36.868396: | sr for #4: prospective erouted Sep 21 07:25:36.868399: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:36.868401: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:36.868404: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.868407: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:36.868409: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.868412: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:36.868416: | route owner of "north-eastnets/0x2" prospective erouted: "north-eastnets/0x1" erouted; eroute owner: self Sep 21 07:25:36.868419: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:north-eastnets/0x2 esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x5638c7e2b320} and state: #4 Sep 21 07:25:36.868423: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:36.868431: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Sep 21 07:25:36.868435: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:36.868458: | raw_eroute result=success Sep 21 07:25:36.868463: | running updown command "ipsec _updown" for verb up Sep 21 07:25:36.868466: | command executing up-client Sep 21 07:25:36.868494: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe9 Sep 21 07:25:36.868500: | popen cmd is 1040 chars long Sep 21 07:25:36.868504: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Sep 21 07:25:36.868506: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_: Sep 21 07:25:36.868509: | cmd( 160):MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' P: Sep 21 07:25:36.868511: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Sep 21 07:25:36.868514: | cmd( 320):O_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@n: Sep 21 07:25:36.868516: | cmd( 400):orth' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_P: Sep 21 07:25:36.868519: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:36.868521: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:36.868523: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:25:36.868526: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:25:36.868528: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:25:36.868531: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:25:36.868533: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0xe98abc5c SPI_OUT=0xb0df2a5a ipsec _updown 2>&1: Sep 21 07:25:36.977925: | route_and_eroute: firewall_notified: true Sep 21 07:25:36.977943: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x5638c7e2c570,sr=0x5638c7e2c570} to #4 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:36.978038: | #2 spent 0.577 milliseconds in install_ipsec_sa() Sep 21 07:25:36.978044: | ISAKMP_v2_CREATE_CHILD_SA: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #2 Sep 21 07:25:36.978048: | adding 16 bytes of padding (including 1 byte padding-length) Sep 21 07:25:36.978051: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978054: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978057: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978060: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978063: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978065: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978068: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978071: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978073: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978076: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978079: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978081: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978084: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978087: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978094: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978096: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.978099: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:36.978102: | emitting length of IKEv2 Encryption Payload: 580 Sep 21 07:25:36.978104: | emitting length of ISAKMP Message: 608 Sep 21 07:25:36.978153: | data being hmac: 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.978156: | data being hmac: 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.978159: | data being hmac: 61 23 6e b3 b2 e5 ca 46 b5 3b 19 2e 66 d0 fa ab Sep 21 07:25:36.978161: | data being hmac: 6e 74 d1 68 8c 55 4e c8 38 3a a6 08 8a 48 cc 76 Sep 21 07:25:36.978163: | data being hmac: 08 fd a9 07 20 38 da 15 9a e7 16 91 ea 11 8b 24 Sep 21 07:25:36.978166: | data being hmac: 63 a6 93 7d a3 54 8b 01 54 cd 7e ed 9b a8 34 55 Sep 21 07:25:36.978168: | data being hmac: 1b c5 4c c4 ec 41 45 1e 1d 3c 05 e5 25 c6 40 ee Sep 21 07:25:36.978170: | data being hmac: f5 03 0d 3d 47 6c 74 d5 2e 87 43 c1 21 4b 2d 65 Sep 21 07:25:36.978173: | data being hmac: 42 5d a9 92 e3 85 f8 81 08 7d 02 11 68 68 2a 83 Sep 21 07:25:36.978175: | data being hmac: 75 f3 0f 0c c0 86 86 e3 7a 8f cb 09 6f d5 91 6b Sep 21 07:25:36.978177: | data being hmac: 82 f7 06 37 5f e3 08 07 1d 11 12 a9 79 78 a0 44 Sep 21 07:25:36.978179: | data being hmac: 74 b3 1b e2 a7 ee a3 a1 dd 22 f3 45 fb 05 c1 60 Sep 21 07:25:36.978182: | data being hmac: de 0b f0 49 25 79 1d a9 8e fc ff 12 d3 9d 85 a1 Sep 21 07:25:36.978184: | data being hmac: f4 f7 18 aa ca b7 60 96 ce 5d 2f 26 2a 9e fc 4f Sep 21 07:25:36.978186: | data being hmac: fc d0 09 d8 c0 48 69 62 b6 ff 4b 06 7b 92 f2 ce Sep 21 07:25:36.978189: | data being hmac: 80 53 a0 ff 90 ef 41 c2 22 48 5b 5b e4 f5 2d 96 Sep 21 07:25:36.978191: | data being hmac: e0 1e 8a 2a de 47 9d 7a 5c 36 3a 41 3e 01 d8 2e Sep 21 07:25:36.978195: | data being hmac: de 4c cf fc 99 ea 21 18 94 f7 e8 08 be 3b f0 f1 Sep 21 07:25:36.978197: | data being hmac: ac 86 49 76 8d 8e 24 8a d8 c1 e3 d8 3d e1 72 10 Sep 21 07:25:36.978199: | data being hmac: 33 52 d5 d2 c4 56 9f cf ba 29 6f 97 26 d2 49 06 Sep 21 07:25:36.978202: | data being hmac: a7 23 89 1e 85 f3 d9 c9 32 56 4c 9a ad 7c 64 b3 Sep 21 07:25:36.978204: | data being hmac: aa 7c 71 f7 3b 7e a5 f2 44 7d ba b5 14 58 db 74 Sep 21 07:25:36.978206: | data being hmac: ca 08 c4 1d 83 49 64 a1 1c 3e 5c c3 c2 7a 7d 2b Sep 21 07:25:36.978209: | data being hmac: 08 d9 67 b0 dd a8 2d a0 e4 bf 1e c3 c0 a8 a5 42 Sep 21 07:25:36.978211: | data being hmac: e5 30 08 d0 98 36 11 e7 ae a9 51 fd 40 52 d1 15 Sep 21 07:25:36.978213: | data being hmac: 46 b9 17 6a 94 cc c8 97 e2 67 f7 19 ac 9d bb 8f Sep 21 07:25:36.978215: | data being hmac: 84 8c 5d 66 29 ec 23 2b 79 0e a6 4c 3d 88 0f de Sep 21 07:25:36.978218: | data being hmac: 44 d1 b6 15 25 ec 82 fa 85 3c b4 37 b2 02 0d cc Sep 21 07:25:36.978220: | data being hmac: 49 8d bd bd 5b b0 b0 11 6f c0 fc a3 14 62 45 a2 Sep 21 07:25:36.978222: | data being hmac: 01 41 f0 7b c7 5e 7d 6a ad 65 d2 8c b5 da 1d 6f Sep 21 07:25:36.978225: | data being hmac: 66 19 51 9c ad 9c 27 93 b8 fb 55 54 bf 66 f6 b2 Sep 21 07:25:36.978227: | data being hmac: 77 1b c4 11 4d 4b 51 d7 5d 83 10 17 9a c9 54 0a Sep 21 07:25:36.978229: | data being hmac: 7a 4f 25 f8 4e 1f 71 06 33 c5 b8 27 4e 14 55 bf Sep 21 07:25:36.978232: | data being hmac: a9 47 c5 b4 16 a5 b5 67 46 af b3 d9 4d 27 ce d3 Sep 21 07:25:36.978234: | data being hmac: 7f 21 19 c0 15 4c 91 9b f2 09 a1 e9 88 20 d6 16 Sep 21 07:25:36.978237: | data being hmac: 36 1c d5 1b c8 9f ce c3 5e 01 eb 9b 63 1b 6b d3 Sep 21 07:25:36.978239: | data being hmac: 83 ff 23 fe 49 46 d0 ec 42 f0 68 3a 44 ba 14 b7 Sep 21 07:25:36.978241: | out calculated auth: Sep 21 07:25:36.978244: | 57 b3 fb b6 a3 5d 50 37 b0 4c 34 91 f0 97 4b 97 Sep 21 07:25:36.978256: "north-eastnets/0x2" #4: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:25:36.978264: | [RE]START processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.978268: | #4 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Sep 21 07:25:36.978271: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Sep 21 07:25:36.978274: | child state #4: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:36.978277: | Message ID: updating counters for #4 to 2 after switching state Sep 21 07:25:36.978283: | Message ID: recv #2.#4 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Sep 21 07:25:36.978287: | Message ID: sent #2.#4 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:36.978291: | pstats #4 ikev2.child established Sep 21 07:25:36.978298: "north-eastnets/0x2" #4: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:25:36.978301: | NAT-T: encaps is 'auto' Sep 21 07:25:36.978306: "north-eastnets/0x2" #4: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xe98abc5c <0xb0df2a5a xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Sep 21 07:25:36.978312: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:36.978317: | sending 608 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:36.978320: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.978322: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.978324: | 61 23 6e b3 b2 e5 ca 46 b5 3b 19 2e 66 d0 fa ab Sep 21 07:25:36.978326: | 6e 74 d1 68 8c 55 4e c8 38 3a a6 08 8a 48 cc 76 Sep 21 07:25:36.978329: | 08 fd a9 07 20 38 da 15 9a e7 16 91 ea 11 8b 24 Sep 21 07:25:36.978331: | 63 a6 93 7d a3 54 8b 01 54 cd 7e ed 9b a8 34 55 Sep 21 07:25:36.978333: | 1b c5 4c c4 ec 41 45 1e 1d 3c 05 e5 25 c6 40 ee Sep 21 07:25:36.978335: | f5 03 0d 3d 47 6c 74 d5 2e 87 43 c1 21 4b 2d 65 Sep 21 07:25:36.978338: | 42 5d a9 92 e3 85 f8 81 08 7d 02 11 68 68 2a 83 Sep 21 07:25:36.978340: | 75 f3 0f 0c c0 86 86 e3 7a 8f cb 09 6f d5 91 6b Sep 21 07:25:36.978342: | 82 f7 06 37 5f e3 08 07 1d 11 12 a9 79 78 a0 44 Sep 21 07:25:36.978344: | 74 b3 1b e2 a7 ee a3 a1 dd 22 f3 45 fb 05 c1 60 Sep 21 07:25:36.978346: | de 0b f0 49 25 79 1d a9 8e fc ff 12 d3 9d 85 a1 Sep 21 07:25:36.978349: | f4 f7 18 aa ca b7 60 96 ce 5d 2f 26 2a 9e fc 4f Sep 21 07:25:36.978351: | fc d0 09 d8 c0 48 69 62 b6 ff 4b 06 7b 92 f2 ce Sep 21 07:25:36.978353: | 80 53 a0 ff 90 ef 41 c2 22 48 5b 5b e4 f5 2d 96 Sep 21 07:25:36.978355: | e0 1e 8a 2a de 47 9d 7a 5c 36 3a 41 3e 01 d8 2e Sep 21 07:25:36.978358: | de 4c cf fc 99 ea 21 18 94 f7 e8 08 be 3b f0 f1 Sep 21 07:25:36.978360: | ac 86 49 76 8d 8e 24 8a d8 c1 e3 d8 3d e1 72 10 Sep 21 07:25:36.978362: | 33 52 d5 d2 c4 56 9f cf ba 29 6f 97 26 d2 49 06 Sep 21 07:25:36.978364: | a7 23 89 1e 85 f3 d9 c9 32 56 4c 9a ad 7c 64 b3 Sep 21 07:25:36.978366: | aa 7c 71 f7 3b 7e a5 f2 44 7d ba b5 14 58 db 74 Sep 21 07:25:36.978369: | ca 08 c4 1d 83 49 64 a1 1c 3e 5c c3 c2 7a 7d 2b Sep 21 07:25:36.978371: | 08 d9 67 b0 dd a8 2d a0 e4 bf 1e c3 c0 a8 a5 42 Sep 21 07:25:36.978373: | e5 30 08 d0 98 36 11 e7 ae a9 51 fd 40 52 d1 15 Sep 21 07:25:36.978375: | 46 b9 17 6a 94 cc c8 97 e2 67 f7 19 ac 9d bb 8f Sep 21 07:25:36.978377: | 84 8c 5d 66 29 ec 23 2b 79 0e a6 4c 3d 88 0f de Sep 21 07:25:36.978380: | 44 d1 b6 15 25 ec 82 fa 85 3c b4 37 b2 02 0d cc Sep 21 07:25:36.978382: | 49 8d bd bd 5b b0 b0 11 6f c0 fc a3 14 62 45 a2 Sep 21 07:25:36.978386: | 01 41 f0 7b c7 5e 7d 6a ad 65 d2 8c b5 da 1d 6f Sep 21 07:25:36.978388: | 66 19 51 9c ad 9c 27 93 b8 fb 55 54 bf 66 f6 b2 Sep 21 07:25:36.978390: | 77 1b c4 11 4d 4b 51 d7 5d 83 10 17 9a c9 54 0a Sep 21 07:25:36.978392: | 7a 4f 25 f8 4e 1f 71 06 33 c5 b8 27 4e 14 55 bf Sep 21 07:25:36.978394: | a9 47 c5 b4 16 a5 b5 67 46 af b3 d9 4d 27 ce d3 Sep 21 07:25:36.978397: | 7f 21 19 c0 15 4c 91 9b f2 09 a1 e9 88 20 d6 16 Sep 21 07:25:36.978399: | 36 1c d5 1b c8 9f ce c3 5e 01 eb 9b 63 1b 6b d3 Sep 21 07:25:36.978401: | 83 ff 23 fe 49 46 d0 ec 42 f0 68 3a 44 ba 14 b7 Sep 21 07:25:36.978403: | 57 b3 fb b6 a3 5d 50 37 b0 4c 34 91 f0 97 4b 97 Sep 21 07:25:36.978433: | releasing whack for #4 (sock=fd@-1) Sep 21 07:25:36.978437: | releasing whack and unpending for parent #2 Sep 21 07:25:36.978439: | unpending state #2 connection "north-eastnets/0x2" Sep 21 07:25:36.978444: | #4 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:36.978447: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:36.978451: | libevent_free: release ptr-libevent@0x7f9c4c006900 Sep 21 07:25:36.978454: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9c4c002b20 Sep 21 07:25:36.978457: | event_schedule: new EVENT_SA_REKEY-pe@0x7f9c4c002b20 Sep 21 07:25:36.978460: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #4 Sep 21 07:25:36.978463: | libevent_malloc: new ptr-libevent@0x7f9c4c006900 size 128 Sep 21 07:25:36.978470: | #4 spent 1.74 milliseconds in resume sending helper answer Sep 21 07:25:36.978475: | stop processing: state #4 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:36.978478: | libevent_free: release ptr-libevent@0x7f9c40001100 Sep 21 07:25:36.978490: | spent 0.00148 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:36.978500: | *received 608 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:36.978503: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.978505: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.978507: | 77 8f bf ed 6f ce ef 50 a4 14 0e 41 c3 73 43 3e Sep 21 07:25:36.978510: | 99 45 92 2b 22 39 b7 3b de ce 7f dd fb 97 17 44 Sep 21 07:25:36.978512: | 6c 9f c3 92 57 72 45 c4 c3 b3 b7 c3 03 bd 3d 60 Sep 21 07:25:36.978514: | c0 60 9a 40 31 36 f9 39 5a 7e 1e ca a6 9d 43 66 Sep 21 07:25:36.978516: | 94 db 3f 45 19 be 52 89 4d b7 f7 83 dd f9 80 5b Sep 21 07:25:36.978519: | a9 86 11 55 34 28 72 59 af 9d 7f 94 6e 0a 72 31 Sep 21 07:25:36.978521: | 7b 70 ed 2a 13 84 c0 7c 5b 3b fd 3d 05 6f 03 94 Sep 21 07:25:36.978523: | f5 01 7d 0e e9 29 90 58 76 a8 f0 c4 84 f0 fa c0 Sep 21 07:25:36.978525: | ab cc 88 37 24 61 70 40 b6 f1 b8 77 5f f5 9b 5d Sep 21 07:25:36.978527: | 57 bb cc 7a 3f a9 bb ac 4a 80 60 27 dc 51 34 b7 Sep 21 07:25:36.978529: | bb 9e 3c fe fb be 9e ea 4a 48 8b cc 31 74 dc d3 Sep 21 07:25:36.978532: | b7 34 b5 45 7c 7a c4 9d a5 d3 55 a6 b8 98 c6 43 Sep 21 07:25:36.978534: | bc fc e3 1f c4 5b 8c d0 f9 ae 3d bc 6c 27 58 f6 Sep 21 07:25:36.978536: | 07 42 cc e0 39 b9 d6 e8 88 e4 dd f6 bf 50 44 2d Sep 21 07:25:36.978539: | 06 64 14 60 6d 3b 68 8f d6 43 e4 81 59 16 f2 0c Sep 21 07:25:36.978541: | 72 fe 6f c8 bc 07 98 78 78 a6 92 ca 52 9c e3 aa Sep 21 07:25:36.978543: | 74 a6 ac ec 78 ba 8a 97 84 ae da cf d2 5f 8e 5f Sep 21 07:25:36.978545: | 09 4f fb 4c 5a e0 5b 47 9e 94 c3 2a c3 80 75 bd Sep 21 07:25:36.978547: | 7a 80 dc 95 ba 90 64 c8 24 6a 21 7d 85 19 06 47 Sep 21 07:25:36.978550: | b5 97 31 c9 a9 e3 1d 37 7e ca 3b 42 6f 37 e8 30 Sep 21 07:25:36.978552: | d0 07 af 45 f7 24 b3 69 9a 6b 49 a1 ef 43 65 d5 Sep 21 07:25:36.978554: | b9 b1 54 68 85 b1 b0 9c 77 d1 a7 2e 23 9e f3 95 Sep 21 07:25:36.978556: | ae fe b6 f7 63 87 5e 8a cb 84 2e 02 41 5e c6 91 Sep 21 07:25:36.978559: | 27 cd cb 07 98 e4 f1 00 f7 e8 7d e6 6c f0 68 a4 Sep 21 07:25:36.978563: | 78 e6 cc d5 cc 0f c1 be 98 9e af aa 14 76 4c fb Sep 21 07:25:36.978565: | 27 8a f3 36 74 cf 2d ff b1 5b 17 20 98 2f 45 9d Sep 21 07:25:36.978567: | 66 b7 79 1c cf 83 a9 c9 a5 86 54 d9 3d d4 2a 46 Sep 21 07:25:36.978570: | e2 ca df ce 08 71 32 db 47 c1 cc cc a4 96 2d c2 Sep 21 07:25:36.978572: | 63 3c 01 a7 5e 6f 46 a8 3d c6 7c ef c5 2b df f3 Sep 21 07:25:36.978574: | c1 18 47 95 c8 3f b9 43 bb 29 f9 16 e9 2b e1 27 Sep 21 07:25:36.978576: | ad 96 8f fd e2 1e fc fb 6f 74 2b 0a dd ad e7 a1 Sep 21 07:25:36.978579: | 98 32 74 61 eb c3 13 08 4e eb 72 d2 0a 1f 08 3f Sep 21 07:25:36.978581: | 00 02 f9 2b 7a 1a 68 f6 ff 53 1d f6 4f 88 9e ff Sep 21 07:25:36.978583: | 12 02 c8 87 ac 39 ba f2 05 97 cf c5 96 0b 41 c8 Sep 21 07:25:36.978585: | 68 75 cc b4 78 cc 43 63 ae 76 38 08 c3 21 59 97 Sep 21 07:25:36.978587: | 9e d3 48 7c af 43 02 da 31 9d 4c c2 27 bd d7 f5 Sep 21 07:25:36.978592: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:36.978596: | **parse ISAKMP Message: Sep 21 07:25:36.978599: | initiator cookie: Sep 21 07:25:36.978601: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:36.978603: | responder cookie: Sep 21 07:25:36.978606: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.978608: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:36.978611: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.978614: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:36.978616: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:36.978618: | Message ID: 2 (0x2) Sep 21 07:25:36.978621: | length: 608 (0x260) Sep 21 07:25:36.978624: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:36.978627: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Sep 21 07:25:36.978630: | State DB: found IKEv2 state #2 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:36.978636: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:36.978639: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:36.978643: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:36.978646: | #2 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000002 Sep 21 07:25:36.978649: "north-eastnets/0x2" #2: received duplicate CREATE_CHILD_SA message request (Message ID 2); retransmitting response Sep 21 07:25:36.978654: | sending 608 bytes for ikev2-responder-retransmit through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:36.978657: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.978659: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.978661: | 61 23 6e b3 b2 e5 ca 46 b5 3b 19 2e 66 d0 fa ab Sep 21 07:25:36.978664: | 6e 74 d1 68 8c 55 4e c8 38 3a a6 08 8a 48 cc 76 Sep 21 07:25:36.978666: | 08 fd a9 07 20 38 da 15 9a e7 16 91 ea 11 8b 24 Sep 21 07:25:36.978668: | 63 a6 93 7d a3 54 8b 01 54 cd 7e ed 9b a8 34 55 Sep 21 07:25:36.978670: | 1b c5 4c c4 ec 41 45 1e 1d 3c 05 e5 25 c6 40 ee Sep 21 07:25:36.978672: | f5 03 0d 3d 47 6c 74 d5 2e 87 43 c1 21 4b 2d 65 Sep 21 07:25:36.978675: | 42 5d a9 92 e3 85 f8 81 08 7d 02 11 68 68 2a 83 Sep 21 07:25:36.978677: | 75 f3 0f 0c c0 86 86 e3 7a 8f cb 09 6f d5 91 6b Sep 21 07:25:36.978679: | 82 f7 06 37 5f e3 08 07 1d 11 12 a9 79 78 a0 44 Sep 21 07:25:36.978681: | 74 b3 1b e2 a7 ee a3 a1 dd 22 f3 45 fb 05 c1 60 Sep 21 07:25:36.978684: | de 0b f0 49 25 79 1d a9 8e fc ff 12 d3 9d 85 a1 Sep 21 07:25:36.978686: | f4 f7 18 aa ca b7 60 96 ce 5d 2f 26 2a 9e fc 4f Sep 21 07:25:36.978688: | fc d0 09 d8 c0 48 69 62 b6 ff 4b 06 7b 92 f2 ce Sep 21 07:25:36.978690: | 80 53 a0 ff 90 ef 41 c2 22 48 5b 5b e4 f5 2d 96 Sep 21 07:25:36.978693: | e0 1e 8a 2a de 47 9d 7a 5c 36 3a 41 3e 01 d8 2e Sep 21 07:25:36.978696: | de 4c cf fc 99 ea 21 18 94 f7 e8 08 be 3b f0 f1 Sep 21 07:25:36.978699: | ac 86 49 76 8d 8e 24 8a d8 c1 e3 d8 3d e1 72 10 Sep 21 07:25:36.978701: | 33 52 d5 d2 c4 56 9f cf ba 29 6f 97 26 d2 49 06 Sep 21 07:25:36.978703: | a7 23 89 1e 85 f3 d9 c9 32 56 4c 9a ad 7c 64 b3 Sep 21 07:25:36.978705: | aa 7c 71 f7 3b 7e a5 f2 44 7d ba b5 14 58 db 74 Sep 21 07:25:36.978708: | ca 08 c4 1d 83 49 64 a1 1c 3e 5c c3 c2 7a 7d 2b Sep 21 07:25:36.978710: | 08 d9 67 b0 dd a8 2d a0 e4 bf 1e c3 c0 a8 a5 42 Sep 21 07:25:36.978712: | e5 30 08 d0 98 36 11 e7 ae a9 51 fd 40 52 d1 15 Sep 21 07:25:36.978714: | 46 b9 17 6a 94 cc c8 97 e2 67 f7 19 ac 9d bb 8f Sep 21 07:25:36.978717: | 84 8c 5d 66 29 ec 23 2b 79 0e a6 4c 3d 88 0f de Sep 21 07:25:36.978719: | 44 d1 b6 15 25 ec 82 fa 85 3c b4 37 b2 02 0d cc Sep 21 07:25:36.978721: | 49 8d bd bd 5b b0 b0 11 6f c0 fc a3 14 62 45 a2 Sep 21 07:25:36.978723: | 01 41 f0 7b c7 5e 7d 6a ad 65 d2 8c b5 da 1d 6f Sep 21 07:25:36.978726: | 66 19 51 9c ad 9c 27 93 b8 fb 55 54 bf 66 f6 b2 Sep 21 07:25:36.978728: | 77 1b c4 11 4d 4b 51 d7 5d 83 10 17 9a c9 54 0a Sep 21 07:25:36.978730: | 7a 4f 25 f8 4e 1f 71 06 33 c5 b8 27 4e 14 55 bf Sep 21 07:25:36.978732: | a9 47 c5 b4 16 a5 b5 67 46 af b3 d9 4d 27 ce d3 Sep 21 07:25:36.978735: | 7f 21 19 c0 15 4c 91 9b f2 09 a1 e9 88 20 d6 16 Sep 21 07:25:36.978737: | 36 1c d5 1b c8 9f ce c3 5e 01 eb 9b 63 1b 6b d3 Sep 21 07:25:36.978739: | 83 ff 23 fe 49 46 d0 ec 42 f0 68 3a 44 ba 14 b7 Sep 21 07:25:36.978741: | 57 b3 fb b6 a3 5d 50 37 b0 4c 34 91 f0 97 4b 97 Sep 21 07:25:36.978758: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:36.978763: | #2 spent 0.263 milliseconds in ikev2_process_packet() Sep 21 07:25:36.978767: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:36.978770: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:36.978773: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:36.978776: | spent 0.277 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:36.979433: | processing signal PLUTO_SIGCHLD Sep 21 07:25:36.979443: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:36.979447: | spent 0.00548 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:36.979455: | spent 0.00138 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:36.979465: | *received 608 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:36.979468: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.979470: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.979472: | 77 8f bf ed 6f ce ef 50 a4 14 0e 41 c3 73 43 3e Sep 21 07:25:36.979474: | 99 45 92 2b 22 39 b7 3b de ce 7f dd fb 97 17 44 Sep 21 07:25:36.979477: | 6c 9f c3 92 57 72 45 c4 c3 b3 b7 c3 03 bd 3d 60 Sep 21 07:25:36.979479: | c0 60 9a 40 31 36 f9 39 5a 7e 1e ca a6 9d 43 66 Sep 21 07:25:36.979481: | 94 db 3f 45 19 be 52 89 4d b7 f7 83 dd f9 80 5b Sep 21 07:25:36.979483: | a9 86 11 55 34 28 72 59 af 9d 7f 94 6e 0a 72 31 Sep 21 07:25:36.979486: | 7b 70 ed 2a 13 84 c0 7c 5b 3b fd 3d 05 6f 03 94 Sep 21 07:25:36.979488: | f5 01 7d 0e e9 29 90 58 76 a8 f0 c4 84 f0 fa c0 Sep 21 07:25:36.979490: | ab cc 88 37 24 61 70 40 b6 f1 b8 77 5f f5 9b 5d Sep 21 07:25:36.979493: | 57 bb cc 7a 3f a9 bb ac 4a 80 60 27 dc 51 34 b7 Sep 21 07:25:36.979495: | bb 9e 3c fe fb be 9e ea 4a 48 8b cc 31 74 dc d3 Sep 21 07:25:36.979497: | b7 34 b5 45 7c 7a c4 9d a5 d3 55 a6 b8 98 c6 43 Sep 21 07:25:36.979499: | bc fc e3 1f c4 5b 8c d0 f9 ae 3d bc 6c 27 58 f6 Sep 21 07:25:36.979501: | 07 42 cc e0 39 b9 d6 e8 88 e4 dd f6 bf 50 44 2d Sep 21 07:25:36.979504: | 06 64 14 60 6d 3b 68 8f d6 43 e4 81 59 16 f2 0c Sep 21 07:25:36.979506: | 72 fe 6f c8 bc 07 98 78 78 a6 92 ca 52 9c e3 aa Sep 21 07:25:36.979510: | 74 a6 ac ec 78 ba 8a 97 84 ae da cf d2 5f 8e 5f Sep 21 07:25:36.979512: | 09 4f fb 4c 5a e0 5b 47 9e 94 c3 2a c3 80 75 bd Sep 21 07:25:36.979515: | 7a 80 dc 95 ba 90 64 c8 24 6a 21 7d 85 19 06 47 Sep 21 07:25:36.979517: | b5 97 31 c9 a9 e3 1d 37 7e ca 3b 42 6f 37 e8 30 Sep 21 07:25:36.979519: | d0 07 af 45 f7 24 b3 69 9a 6b 49 a1 ef 43 65 d5 Sep 21 07:25:36.979521: | b9 b1 54 68 85 b1 b0 9c 77 d1 a7 2e 23 9e f3 95 Sep 21 07:25:36.979524: | ae fe b6 f7 63 87 5e 8a cb 84 2e 02 41 5e c6 91 Sep 21 07:25:36.979526: | 27 cd cb 07 98 e4 f1 00 f7 e8 7d e6 6c f0 68 a4 Sep 21 07:25:36.979528: | 78 e6 cc d5 cc 0f c1 be 98 9e af aa 14 76 4c fb Sep 21 07:25:36.979530: | 27 8a f3 36 74 cf 2d ff b1 5b 17 20 98 2f 45 9d Sep 21 07:25:36.979533: | 66 b7 79 1c cf 83 a9 c9 a5 86 54 d9 3d d4 2a 46 Sep 21 07:25:36.979535: | e2 ca df ce 08 71 32 db 47 c1 cc cc a4 96 2d c2 Sep 21 07:25:36.979537: | 63 3c 01 a7 5e 6f 46 a8 3d c6 7c ef c5 2b df f3 Sep 21 07:25:36.979540: | c1 18 47 95 c8 3f b9 43 bb 29 f9 16 e9 2b e1 27 Sep 21 07:25:36.979542: | ad 96 8f fd e2 1e fc fb 6f 74 2b 0a dd ad e7 a1 Sep 21 07:25:36.979544: | 98 32 74 61 eb c3 13 08 4e eb 72 d2 0a 1f 08 3f Sep 21 07:25:36.979546: | 00 02 f9 2b 7a 1a 68 f6 ff 53 1d f6 4f 88 9e ff Sep 21 07:25:36.979549: | 12 02 c8 87 ac 39 ba f2 05 97 cf c5 96 0b 41 c8 Sep 21 07:25:36.979551: | 68 75 cc b4 78 cc 43 63 ae 76 38 08 c3 21 59 97 Sep 21 07:25:36.979553: | 9e d3 48 7c af 43 02 da 31 9d 4c c2 27 bd d7 f5 Sep 21 07:25:36.979557: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:36.979560: | **parse ISAKMP Message: Sep 21 07:25:36.979563: | initiator cookie: Sep 21 07:25:36.979565: | 87 ec 50 e3 56 d0 d9 73 Sep 21 07:25:36.979567: | responder cookie: Sep 21 07:25:36.979569: | 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.979572: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:36.979575: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.979577: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:36.979580: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:36.979582: | Message ID: 2 (0x2) Sep 21 07:25:36.979584: | length: 608 (0x260) Sep 21 07:25:36.979587: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:36.979590: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Sep 21 07:25:36.979593: | State DB: found IKEv2 state #2 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:36.979599: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:36.979602: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:36.979606: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:36.979609: | #2 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000002 Sep 21 07:25:36.979612: "north-eastnets/0x2" #2: received duplicate CREATE_CHILD_SA message request (Message ID 2); retransmitting response Sep 21 07:25:36.979617: | sending 608 bytes for ikev2-responder-retransmit through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:36.979620: | 87 ec 50 e3 56 d0 d9 73 25 d2 d9 39 74 08 76 d0 Sep 21 07:25:36.979622: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:36.979625: | 61 23 6e b3 b2 e5 ca 46 b5 3b 19 2e 66 d0 fa ab Sep 21 07:25:36.979627: | 6e 74 d1 68 8c 55 4e c8 38 3a a6 08 8a 48 cc 76 Sep 21 07:25:36.979629: | 08 fd a9 07 20 38 da 15 9a e7 16 91 ea 11 8b 24 Sep 21 07:25:36.979631: | 63 a6 93 7d a3 54 8b 01 54 cd 7e ed 9b a8 34 55 Sep 21 07:25:36.979634: | 1b c5 4c c4 ec 41 45 1e 1d 3c 05 e5 25 c6 40 ee Sep 21 07:25:36.979636: | f5 03 0d 3d 47 6c 74 d5 2e 87 43 c1 21 4b 2d 65 Sep 21 07:25:36.979638: | 42 5d a9 92 e3 85 f8 81 08 7d 02 11 68 68 2a 83 Sep 21 07:25:36.979641: | 75 f3 0f 0c c0 86 86 e3 7a 8f cb 09 6f d5 91 6b Sep 21 07:25:36.979644: | 82 f7 06 37 5f e3 08 07 1d 11 12 a9 79 78 a0 44 Sep 21 07:25:36.979646: | 74 b3 1b e2 a7 ee a3 a1 dd 22 f3 45 fb 05 c1 60 Sep 21 07:25:36.979648: | de 0b f0 49 25 79 1d a9 8e fc ff 12 d3 9d 85 a1 Sep 21 07:25:36.979650: | f4 f7 18 aa ca b7 60 96 ce 5d 2f 26 2a 9e fc 4f Sep 21 07:25:36.979653: | fc d0 09 d8 c0 48 69 62 b6 ff 4b 06 7b 92 f2 ce Sep 21 07:25:36.979655: | 80 53 a0 ff 90 ef 41 c2 22 48 5b 5b e4 f5 2d 96 Sep 21 07:25:36.979657: | e0 1e 8a 2a de 47 9d 7a 5c 36 3a 41 3e 01 d8 2e Sep 21 07:25:36.979659: | de 4c cf fc 99 ea 21 18 94 f7 e8 08 be 3b f0 f1 Sep 21 07:25:36.979662: | ac 86 49 76 8d 8e 24 8a d8 c1 e3 d8 3d e1 72 10 Sep 21 07:25:36.979664: | 33 52 d5 d2 c4 56 9f cf ba 29 6f 97 26 d2 49 06 Sep 21 07:25:36.979666: | a7 23 89 1e 85 f3 d9 c9 32 56 4c 9a ad 7c 64 b3 Sep 21 07:25:36.979669: | aa 7c 71 f7 3b 7e a5 f2 44 7d ba b5 14 58 db 74 Sep 21 07:25:36.979671: | ca 08 c4 1d 83 49 64 a1 1c 3e 5c c3 c2 7a 7d 2b Sep 21 07:25:36.979673: | 08 d9 67 b0 dd a8 2d a0 e4 bf 1e c3 c0 a8 a5 42 Sep 21 07:25:36.979675: | e5 30 08 d0 98 36 11 e7 ae a9 51 fd 40 52 d1 15 Sep 21 07:25:36.979678: | 46 b9 17 6a 94 cc c8 97 e2 67 f7 19 ac 9d bb 8f Sep 21 07:25:36.979680: | 84 8c 5d 66 29 ec 23 2b 79 0e a6 4c 3d 88 0f de Sep 21 07:25:36.979682: | 44 d1 b6 15 25 ec 82 fa 85 3c b4 37 b2 02 0d cc Sep 21 07:25:36.979684: | 49 8d bd bd 5b b0 b0 11 6f c0 fc a3 14 62 45 a2 Sep 21 07:25:36.979687: | 01 41 f0 7b c7 5e 7d 6a ad 65 d2 8c b5 da 1d 6f Sep 21 07:25:36.979689: | 66 19 51 9c ad 9c 27 93 b8 fb 55 54 bf 66 f6 b2 Sep 21 07:25:36.979691: | 77 1b c4 11 4d 4b 51 d7 5d 83 10 17 9a c9 54 0a Sep 21 07:25:36.979693: | 7a 4f 25 f8 4e 1f 71 06 33 c5 b8 27 4e 14 55 bf Sep 21 07:25:36.979695: | a9 47 c5 b4 16 a5 b5 67 46 af b3 d9 4d 27 ce d3 Sep 21 07:25:36.979698: | 7f 21 19 c0 15 4c 91 9b f2 09 a1 e9 88 20 d6 16 Sep 21 07:25:36.979700: | 36 1c d5 1b c8 9f ce c3 5e 01 eb 9b 63 1b 6b d3 Sep 21 07:25:36.979702: | 83 ff 23 fe 49 46 d0 ec 42 f0 68 3a 44 ba 14 b7 Sep 21 07:25:36.979704: | 57 b3 fb b6 a3 5d 50 37 b0 4c 34 91 f0 97 4b 97 Sep 21 07:25:36.979726: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:36.979731: | #2 spent 0.262 milliseconds in ikev2_process_packet() Sep 21 07:25:36.979735: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:36.979738: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:36.979741: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:36.979744: | spent 0.276 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:49.920954: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:25:49.920973: | expiring aged bare shunts from shunt table Sep 21 07:25:49.920977: | spent 0.00541 milliseconds in global timer EVENT_SHUNT_SCAN