Sep 21 07:25:29.251871: FIPS Product: YES Sep 21 07:25:29.251903: FIPS Kernel: NO Sep 21 07:25:29.251905: FIPS Mode: NO Sep 21 07:25:29.251907: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:29.252044: Initializing NSS Sep 21 07:25:29.252047: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:29.286995: NSS initialized Sep 21 07:25:29.287010: NSS crypto library initialized Sep 21 07:25:29.287012: FIPS HMAC integrity support [enabled] Sep 21 07:25:29.287014: FIPS mode disabled for pluto daemon Sep 21 07:25:29.357214: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:29.357319: libcap-ng support [enabled] Sep 21 07:25:29.357328: Linux audit support [enabled] Sep 21 07:25:29.357353: Linux audit activated Sep 21 07:25:29.357361: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8017 Sep 21 07:25:29.357363: core dump dir: /tmp Sep 21 07:25:29.357365: secrets file: /etc/ipsec.secrets Sep 21 07:25:29.357367: leak-detective disabled Sep 21 07:25:29.357369: NSS crypto [enabled] Sep 21 07:25:29.357371: XAUTH PAM support [enabled] Sep 21 07:25:29.357444: | libevent is using pluto's memory allocator Sep 21 07:25:29.357450: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:29.357463: | libevent_malloc: new ptr-libevent@0x555cbdda10e0 size 40 Sep 21 07:25:29.357468: | libevent_malloc: new ptr-libevent@0x555cbdda2390 size 40 Sep 21 07:25:29.357472: | libevent_malloc: new ptr-libevent@0x555cbdda23c0 size 40 Sep 21 07:25:29.357474: | creating event base Sep 21 07:25:29.357477: | libevent_malloc: new ptr-libevent@0x555cbdda2350 size 56 Sep 21 07:25:29.357480: | libevent_malloc: new ptr-libevent@0x555cbdda23f0 size 664 Sep 21 07:25:29.357491: | libevent_malloc: new ptr-libevent@0x555cbdda2690 size 24 Sep 21 07:25:29.357496: | libevent_malloc: new ptr-libevent@0x555cbdd93ed0 size 384 Sep 21 07:25:29.357505: | libevent_malloc: new ptr-libevent@0x555cbdda26b0 size 16 Sep 21 07:25:29.357507: | libevent_malloc: new ptr-libevent@0x555cbdda26d0 size 40 Sep 21 07:25:29.357510: | libevent_malloc: new ptr-libevent@0x555cbdda2700 size 48 Sep 21 07:25:29.357516: | libevent_realloc: new ptr-libevent@0x555cbdd24370 size 256 Sep 21 07:25:29.357519: | libevent_malloc: new ptr-libevent@0x555cbdda2740 size 16 Sep 21 07:25:29.357525: | libevent_free: release ptr-libevent@0x555cbdda2350 Sep 21 07:25:29.357528: | libevent initialized Sep 21 07:25:29.357532: | libevent_realloc: new ptr-libevent@0x555cbdda2760 size 64 Sep 21 07:25:29.357537: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:29.357551: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:29.357554: NAT-Traversal support [enabled] Sep 21 07:25:29.357556: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:29.357562: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:29.357565: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:29.357600: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:29.357604: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:29.357607: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:29.357658: Encryption algorithms: Sep 21 07:25:29.357665: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:29.357669: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:29.357673: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:29.357676: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:29.357680: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:29.357689: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:29.357693: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:29.357697: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:29.357700: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:29.357704: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:29.357707: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:29.357710: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:29.357714: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:29.357717: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:29.357721: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:29.357723: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:29.357727: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:29.357738: Hash algorithms: Sep 21 07:25:29.357741: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:29.357744: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:29.357747: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:29.357750: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:29.357752: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:29.357765: PRF algorithms: Sep 21 07:25:29.357768: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:29.357771: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:29.357775: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:29.357778: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:29.357781: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:29.357787: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:29.357830: Integrity algorithms: Sep 21 07:25:29.357847: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:29.357850: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:29.357854: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:29.357858: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:29.357862: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:29.357865: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:29.357868: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:29.357871: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:29.357874: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:29.357886: DH algorithms: Sep 21 07:25:29.357889: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:29.357892: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:29.357895: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:29.357901: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:29.357904: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:29.357906: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:29.357909: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:29.357912: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:29.357915: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:29.357918: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:29.357921: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:29.357924: testing CAMELLIA_CBC: Sep 21 07:25:29.357926: Camellia: 16 bytes with 128-bit key Sep 21 07:25:29.358049: Camellia: 16 bytes with 128-bit key Sep 21 07:25:29.358080: Camellia: 16 bytes with 256-bit key Sep 21 07:25:29.358111: Camellia: 16 bytes with 256-bit key Sep 21 07:25:29.358138: testing AES_GCM_16: Sep 21 07:25:29.358142: empty string Sep 21 07:25:29.358169: one block Sep 21 07:25:29.358194: two blocks Sep 21 07:25:29.358221: two blocks with associated data Sep 21 07:25:29.358247: testing AES_CTR: Sep 21 07:25:29.358250: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:29.358276: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:29.358330: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:29.358360: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:29.358388: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:29.358416: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:29.358448: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:29.358476: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:29.358502: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:29.358521: testing AES_CBC: Sep 21 07:25:29.358523: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:29.358539: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:29.358561: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:29.358580: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:29.358604: testing AES_XCBC: Sep 21 07:25:29.358606: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:29.358684: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:29.358766: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:29.358848: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:29.358928: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:29.359007: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:29.359085: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:29.359256: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:29.359367: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:29.359454: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:29.359599: testing HMAC_MD5: Sep 21 07:25:29.359602: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:29.359711: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:29.359815: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:29.359937: 8 CPU cores online Sep 21 07:25:29.359940: starting up 7 crypto helpers Sep 21 07:25:29.359966: started thread for crypto helper 0 Sep 21 07:25:29.359982: started thread for crypto helper 1 Sep 21 07:25:29.359988: | starting up helper thread 1 Sep 21 07:25:29.360000: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:29.360003: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:29.360009: | starting up helper thread 0 Sep 21 07:25:29.360004: started thread for crypto helper 2 Sep 21 07:25:29.360071: started thread for crypto helper 3 Sep 21 07:25:29.360016: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:29.360083: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:29.360090: | starting up helper thread 3 Sep 21 07:25:29.360091: started thread for crypto helper 4 Sep 21 07:25:29.360098: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:29.360109: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:29.360122: started thread for crypto helper 5 Sep 21 07:25:29.360129: | starting up helper thread 5 Sep 21 07:25:29.360137: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:29.360139: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:29.360141: started thread for crypto helper 6 Sep 21 07:25:29.360149: | checking IKEv1 state table Sep 21 07:25:29.360156: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360159: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:29.360161: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360164: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:29.360167: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:29.360169: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:29.360171: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.360173: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.360176: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:29.360178: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:29.360180: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.360182: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:29.360185: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:29.360187: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:29.360190: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:29.360192: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:29.360195: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:29.360197: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:29.360199: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:29.360201: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:29.360204: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:29.360206: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360209: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:29.360211: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360214: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360216: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:29.360219: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360221: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:29.360223: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:29.360226: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:29.360228: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:29.360230: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:29.360233: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:29.360235: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360238: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:29.360240: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360243: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:29.360245: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:29.360247: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:29.360250: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:29.360252: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:29.360255: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:29.360257: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:29.360260: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360262: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:29.360265: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360267: | INFO: category: informational flags: 0: Sep 21 07:25:29.360270: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360276: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:29.360278: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360281: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:29.360283: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:29.360285: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:29.360288: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:29.360290: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:29.360293: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:29.360295: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:29.360298: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:29.360300: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:29.360302: | -> UNDEFINED EVENT_NULL Sep 21 07:25:29.360305: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:29.360307: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:29.360310: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.360312: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:29.360315: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:29.360317: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:29.360323: | checking IKEv2 state table Sep 21 07:25:29.360329: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:29.360332: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:29.360335: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360337: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:29.360340: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:29.360343: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:29.360346: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:29.360348: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:29.360351: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:29.360353: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:29.360356: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:29.360359: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:29.360361: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:29.360364: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:29.360366: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:29.360369: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:29.360371: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360374: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:29.360377: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:29.360379: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:29.360382: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:29.360385: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:29.360387: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:29.360390: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:29.360392: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:29.360395: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:29.360398: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.360400: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:29.360403: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:29.360406: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:29.360410: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.360413: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:29.360416: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:29.360418: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:29.360421: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:29.360424: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:29.360427: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:29.360430: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:29.360432: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:29.360435: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:29.360438: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:29.360441: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:29.360443: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:29.360446: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:29.360449: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:29.360451: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:29.360454: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:29.360521: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:29.360578: | Hard-wiring algorithms Sep 21 07:25:29.360581: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:29.360585: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:29.360588: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:29.360590: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:29.360592: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:29.360595: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:29.360597: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:29.360599: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:29.360602: | adding AES_CTR to kernel algorithm db Sep 21 07:25:29.360604: | adding AES_CBC to kernel algorithm db Sep 21 07:25:29.360606: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:29.360609: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:29.360611: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:29.360617: | starting up helper thread 4 Sep 21 07:25:29.360618: | adding NULL to kernel algorithm db Sep 21 07:25:29.360611: | starting up helper thread 2 Sep 21 07:25:29.360628: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:29.360632: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:29.360641: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:29.360646: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:29.360652: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:29.360668: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:29.360668: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:29.360671: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:29.360678: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:29.360681: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:29.360683: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:29.360685: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:29.360688: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:29.360690: | adding NONE to kernel algorithm db Sep 21 07:25:29.360715: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:29.360721: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:29.360724: | setup kernel fd callback Sep 21 07:25:29.360730: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555cbdda7e00 Sep 21 07:25:29.360734: | libevent_malloc: new ptr-libevent@0x555cbddb3f20 size 128 Sep 21 07:25:29.360738: | libevent_malloc: new ptr-libevent@0x555cbdda70e0 size 16 Sep 21 07:25:29.360744: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555cbdda7dc0 Sep 21 07:25:29.360749: | libevent_malloc: new ptr-libevent@0x555cbddb3fb0 size 128 Sep 21 07:25:29.360752: | libevent_malloc: new ptr-libevent@0x555cbdda7100 size 16 Sep 21 07:25:29.360990: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:29.361003: selinux support is enabled. Sep 21 07:25:29.361089: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:29.361262: | unbound context created - setting debug level to 5 Sep 21 07:25:29.361290: | /etc/hosts lookups activated Sep 21 07:25:29.361308: | /etc/resolv.conf usage activated Sep 21 07:25:29.361362: | outgoing-port-avoid set 0-65535 Sep 21 07:25:29.361386: | outgoing-port-permit set 32768-60999 Sep 21 07:25:29.361390: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:29.361393: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:29.361396: | Setting up events, loop start Sep 21 07:25:29.361399: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555cbdda2350 Sep 21 07:25:29.361402: | libevent_malloc: new ptr-libevent@0x555cbddbe4a0 size 128 Sep 21 07:25:29.361405: | libevent_malloc: new ptr-libevent@0x555cbddbe530 size 16 Sep 21 07:25:29.361412: | libevent_realloc: new ptr-libevent@0x555cbdd225b0 size 256 Sep 21 07:25:29.361415: | libevent_malloc: new ptr-libevent@0x555cbddbe550 size 8 Sep 21 07:25:29.361418: | libevent_realloc: new ptr-libevent@0x555cbddb3320 size 144 Sep 21 07:25:29.361421: | libevent_malloc: new ptr-libevent@0x555cbddbe570 size 152 Sep 21 07:25:29.361425: | libevent_malloc: new ptr-libevent@0x555cbddbe610 size 16 Sep 21 07:25:29.361429: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:29.361432: | libevent_malloc: new ptr-libevent@0x555cbddbe630 size 8 Sep 21 07:25:29.361434: | libevent_malloc: new ptr-libevent@0x555cbddbe650 size 152 Sep 21 07:25:29.361437: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:29.361440: | libevent_malloc: new ptr-libevent@0x555cbddbe6f0 size 8 Sep 21 07:25:29.361442: | libevent_malloc: new ptr-libevent@0x555cbddbe710 size 152 Sep 21 07:25:29.361445: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:29.361448: | libevent_malloc: new ptr-libevent@0x555cbddbe7b0 size 8 Sep 21 07:25:29.361451: | libevent_realloc: release ptr-libevent@0x555cbddb3320 Sep 21 07:25:29.361453: | libevent_realloc: new ptr-libevent@0x555cbddbe7d0 size 256 Sep 21 07:25:29.361456: | libevent_malloc: new ptr-libevent@0x555cbddb3320 size 152 Sep 21 07:25:29.361459: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:29.361796: | created addconn helper (pid:8127) using fork+execve Sep 21 07:25:29.361810: | forked child 8127 Sep 21 07:25:29.361813: | starting up helper thread 6 Sep 21 07:25:29.361822: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:29.361829: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:29.361859: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.361878: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:29.361885: listening for IKE messages Sep 21 07:25:29.361921: | Inspecting interface lo Sep 21 07:25:29.361928: | found lo with address 127.0.0.1 Sep 21 07:25:29.361931: | Inspecting interface eth0 Sep 21 07:25:29.361935: | found eth0 with address 192.0.3.254 Sep 21 07:25:29.361937: | Inspecting interface eth1 Sep 21 07:25:29.361941: | found eth1 with address 192.1.3.33 Sep 21 07:25:29.361988: Kernel supports NIC esp-hw-offload Sep 21 07:25:29.361998: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:25:29.362022: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.362031: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.362035: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:29.362059: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:25:29.362079: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.362082: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.362085: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:29.362108: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:29.362126: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:29.362129: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:29.362131: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:29.362202: | no interfaces to sort Sep 21 07:25:29.362207: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:29.362216: | add_fd_read_event_handler: new ethX-pe@0x555cbddbeb40 Sep 21 07:25:29.362219: | libevent_malloc: new ptr-libevent@0x555cbddbeb80 size 128 Sep 21 07:25:29.362222: | libevent_malloc: new ptr-libevent@0x555cbddbec10 size 16 Sep 21 07:25:29.362229: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:29.362232: | add_fd_read_event_handler: new ethX-pe@0x555cbddbec30 Sep 21 07:25:29.362234: | libevent_malloc: new ptr-libevent@0x555cbddbec70 size 128 Sep 21 07:25:29.362237: | libevent_malloc: new ptr-libevent@0x555cbddbed00 size 16 Sep 21 07:25:29.362241: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:29.362244: | add_fd_read_event_handler: new ethX-pe@0x555cbddbed20 Sep 21 07:25:29.362246: | libevent_malloc: new ptr-libevent@0x555cbddbed60 size 128 Sep 21 07:25:29.362249: | libevent_malloc: new ptr-libevent@0x555cbddbedf0 size 16 Sep 21 07:25:29.362253: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:29.362256: | add_fd_read_event_handler: new ethX-pe@0x555cbddbee10 Sep 21 07:25:29.362258: | libevent_malloc: new ptr-libevent@0x555cbddbee50 size 128 Sep 21 07:25:29.362260: | libevent_malloc: new ptr-libevent@0x555cbddbeee0 size 16 Sep 21 07:25:29.362265: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:29.362267: | add_fd_read_event_handler: new ethX-pe@0x555cbddbef00 Sep 21 07:25:29.362270: | libevent_malloc: new ptr-libevent@0x555cbddbef40 size 128 Sep 21 07:25:29.362273: | libevent_malloc: new ptr-libevent@0x555cbddbefd0 size 16 Sep 21 07:25:29.362277: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:29.362280: | add_fd_read_event_handler: new ethX-pe@0x555cbddbeff0 Sep 21 07:25:29.362282: | libevent_malloc: new ptr-libevent@0x555cbddbf030 size 128 Sep 21 07:25:29.362285: | libevent_malloc: new ptr-libevent@0x555cbddbf0c0 size 16 Sep 21 07:25:29.362289: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:29.362294: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:29.362296: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:29.362316: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:29.362333: | saving Modulus Sep 21 07:25:29.362336: | saving PublicExponent Sep 21 07:25:29.362339: | ignoring PrivateExponent Sep 21 07:25:29.362340: | ignoring Prime1 Sep 21 07:25:29.362342: | ignoring Prime2 Sep 21 07:25:29.362344: | ignoring Exponent1 Sep 21 07:25:29.362346: | ignoring Exponent2 Sep 21 07:25:29.362348: | ignoring Coefficient Sep 21 07:25:29.362350: | ignoring CKAIDNSS Sep 21 07:25:29.362375: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.362377: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:29.362380: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:29.362386: | certs and keys locked by 'process_secret' Sep 21 07:25:29.362389: | certs and keys unlocked by 'process_secret' Sep 21 07:25:29.362394: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:29.362401: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.362411: | spent 0.562 milliseconds in whack Sep 21 07:25:29.396334: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.396355: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:29.396359: listening for IKE messages Sep 21 07:25:29.396392: | Inspecting interface lo Sep 21 07:25:29.396398: | found lo with address 127.0.0.1 Sep 21 07:25:29.396400: | Inspecting interface eth0 Sep 21 07:25:29.396403: | found eth0 with address 192.0.3.254 Sep 21 07:25:29.396405: | Inspecting interface eth1 Sep 21 07:25:29.396409: | found eth1 with address 192.1.3.33 Sep 21 07:25:29.396485: | no interfaces to sort Sep 21 07:25:29.396493: | libevent_free: release ptr-libevent@0x555cbddbeb80 Sep 21 07:25:29.396496: | free_event_entry: release EVENT_NULL-pe@0x555cbddbeb40 Sep 21 07:25:29.396498: | add_fd_read_event_handler: new ethX-pe@0x555cbddbeb40 Sep 21 07:25:29.396500: | libevent_malloc: new ptr-libevent@0x555cbddbeb80 size 128 Sep 21 07:25:29.396507: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:29.396509: | libevent_free: release ptr-libevent@0x555cbddbec70 Sep 21 07:25:29.396511: | free_event_entry: release EVENT_NULL-pe@0x555cbddbec30 Sep 21 07:25:29.396513: | add_fd_read_event_handler: new ethX-pe@0x555cbddbec30 Sep 21 07:25:29.396514: | libevent_malloc: new ptr-libevent@0x555cbddbec70 size 128 Sep 21 07:25:29.396519: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:29.396522: | libevent_free: release ptr-libevent@0x555cbddbed60 Sep 21 07:25:29.396523: | free_event_entry: release EVENT_NULL-pe@0x555cbddbed20 Sep 21 07:25:29.396525: | add_fd_read_event_handler: new ethX-pe@0x555cbddbed20 Sep 21 07:25:29.396526: | libevent_malloc: new ptr-libevent@0x555cbddbed60 size 128 Sep 21 07:25:29.396530: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:29.396534: | libevent_free: release ptr-libevent@0x555cbddbee50 Sep 21 07:25:29.396536: | free_event_entry: release EVENT_NULL-pe@0x555cbddbee10 Sep 21 07:25:29.396537: | add_fd_read_event_handler: new ethX-pe@0x555cbddbee10 Sep 21 07:25:29.396539: | libevent_malloc: new ptr-libevent@0x555cbddbee50 size 128 Sep 21 07:25:29.396542: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:29.396545: | libevent_free: release ptr-libevent@0x555cbddbef40 Sep 21 07:25:29.396547: | free_event_entry: release EVENT_NULL-pe@0x555cbddbef00 Sep 21 07:25:29.396549: | add_fd_read_event_handler: new ethX-pe@0x555cbddbef00 Sep 21 07:25:29.396551: | libevent_malloc: new ptr-libevent@0x555cbddbef40 size 128 Sep 21 07:25:29.396554: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:29.396556: | libevent_free: release ptr-libevent@0x555cbddbf030 Sep 21 07:25:29.396558: | free_event_entry: release EVENT_NULL-pe@0x555cbddbeff0 Sep 21 07:25:29.396560: | add_fd_read_event_handler: new ethX-pe@0x555cbddbeff0 Sep 21 07:25:29.396562: | libevent_malloc: new ptr-libevent@0x555cbddbf030 size 128 Sep 21 07:25:29.396566: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:29.396568: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:29.396570: forgetting secrets Sep 21 07:25:29.396577: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:29.396590: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:29.396602: | saving Modulus Sep 21 07:25:29.396605: | saving PublicExponent Sep 21 07:25:29.396608: | ignoring PrivateExponent Sep 21 07:25:29.396610: | ignoring Prime1 Sep 21 07:25:29.396612: | ignoring Prime2 Sep 21 07:25:29.396614: | ignoring Exponent1 Sep 21 07:25:29.396617: | ignoring Exponent2 Sep 21 07:25:29.396619: | ignoring Coefficient Sep 21 07:25:29.396621: | ignoring CKAIDNSS Sep 21 07:25:29.396641: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.396644: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:29.396647: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:29.396652: | certs and keys locked by 'process_secret' Sep 21 07:25:29.396658: | certs and keys unlocked by 'process_secret' Sep 21 07:25:29.396663: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:29.396669: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.396676: | spent 0.347 milliseconds in whack Sep 21 07:25:29.397204: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.397217: | waitpid returned pid 8127 (exited with status 0) Sep 21 07:25:29.397221: | reaped addconn helper child (status 0) Sep 21 07:25:29.397226: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.397231: | spent 0.0165 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.734760: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.734791: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.734796: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.734799: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.734801: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.734805: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.734812: | Added new connection north-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.734815: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:29.734840: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Sep 21 07:25:29.734843: | from whack: got --esp=aes128-sha2_512;modp3072 Sep 21 07:25:29.734857: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Sep 21 07:25:29.734861: | counting wild cards for @north is 0 Sep 21 07:25:29.734864: | counting wild cards for @east is 0 Sep 21 07:25:29.734873: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:29.734877: | new hp@0x555cbdd8b6c0 Sep 21 07:25:29.734881: added connection description "north-eastnets/0x1" Sep 21 07:25:29.734891: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.734902: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:29.734910: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.734917: | spent 0.16 milliseconds in whack Sep 21 07:25:29.735116: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.735126: add keyid @north Sep 21 07:25:29.735129: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:29.735132: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:29.735134: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:29.735136: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:29.735138: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:29.735140: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:29.735143: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:29.735145: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:29.735147: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:29.735149: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:29.735152: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:29.735154: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:29.735156: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:29.735158: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:29.735160: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:29.735162: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:29.735165: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:29.735173: | add pubkey c7 5e a5 99 Sep 21 07:25:29.735195: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.735198: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:29.735205: | keyid: *AQPl33O2P Sep 21 07:25:29.735207: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:29.735209: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:29.735211: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:29.735213: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:29.735215: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:29.735218: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:29.735220: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:29.735222: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:29.735224: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:29.735226: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:29.735228: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:29.735230: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:29.735232: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:29.735235: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:29.735237: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:29.735239: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:29.735241: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:29.735243: | n a5 99 Sep 21 07:25:29.735245: | e 03 Sep 21 07:25:29.735247: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.735249: | CKAID 88 aa 7c 5d Sep 21 07:25:29.735257: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.735261: | spent 0.15 milliseconds in whack Sep 21 07:25:29.735302: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.735310: add keyid @east Sep 21 07:25:29.735313: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:29.735316: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:29.735318: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:29.735320: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:29.735322: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:29.735325: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:29.735327: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:29.735329: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:29.735331: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:29.735333: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:29.735336: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:29.735338: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:29.735340: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:29.735342: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:29.735344: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:29.735347: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:29.735349: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:29.735351: | add pubkey 51 51 48 ef Sep 21 07:25:29.735360: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.735362: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:29.735366: | keyid: *AQO9bJbr3 Sep 21 07:25:29.735369: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:29.735371: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:29.735375: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:29.735378: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:29.735380: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:29.735382: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:29.735384: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:29.735386: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:29.735388: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:29.735390: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:29.735392: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:29.735395: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:29.735397: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:29.735399: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:29.735401: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:29.735403: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:29.735405: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:29.735407: | n 48 ef Sep 21 07:25:29.735409: | e 03 Sep 21 07:25:29.735411: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.735413: | CKAID 8a 82 25 f1 Sep 21 07:25:29.735420: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.735424: | spent 0.125 milliseconds in whack Sep 21 07:25:29.735451: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.735458: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.735461: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.735463: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.735465: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.735468: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.735473: | Added new connection north-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.735476: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:29.735490: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Sep 21 07:25:29.735492: | from whack: got --esp=aes128-sha2_512;modp3072 Sep 21 07:25:29.735505: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Sep 21 07:25:29.735508: | counting wild cards for @north is 0 Sep 21 07:25:29.735511: | counting wild cards for @east is 0 Sep 21 07:25:29.735517: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:29.735521: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x555cbdd8b6c0: north-eastnets/0x1 Sep 21 07:25:29.735524: added connection description "north-eastnets/0x2" Sep 21 07:25:29.735532: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:29.735541: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Sep 21 07:25:29.735547: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.735550: | spent 0.103 milliseconds in whack Sep 21 07:25:29.735576: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.735583: add keyid @north Sep 21 07:25:29.735587: | unreference key: 0x555cbdd198f0 @north cnt 1-- Sep 21 07:25:29.735594: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:29.735596: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:29.735598: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:29.735600: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:29.735605: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:29.735608: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:29.735610: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:29.735612: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:29.735614: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:29.735616: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:29.735619: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:29.735621: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:29.735623: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:29.735625: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:29.735627: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:29.735629: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:29.735631: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:29.735633: | add pubkey c7 5e a5 99 Sep 21 07:25:29.735641: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.735643: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:29.735647: | keyid: *AQPl33O2P Sep 21 07:25:29.735649: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:29.735651: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:29.735653: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:29.735655: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:29.735658: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:29.735660: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:29.735662: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:29.735664: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:29.735666: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:29.735668: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:29.735670: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:29.735673: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:29.735675: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:29.735677: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:29.735679: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:29.735681: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:29.735683: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:29.735685: | n a5 99 Sep 21 07:25:29.735687: | e 03 Sep 21 07:25:29.735689: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:29.735691: | CKAID 88 aa 7c 5d Sep 21 07:25:29.735698: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.735702: | spent 0.126 milliseconds in whack Sep 21 07:25:29.735733: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.735740: add keyid @east Sep 21 07:25:29.735744: | unreference key: 0x555cbdd226c0 @east cnt 1-- Sep 21 07:25:29.735746: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:29.735749: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:29.735751: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:29.735753: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:29.735755: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:29.735757: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:29.735759: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:29.735762: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:29.735766: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:29.735768: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:29.735771: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:29.735773: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:29.735775: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:29.735777: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:29.735779: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:29.735781: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:29.735786: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:29.735790: | add pubkey 51 51 48 ef Sep 21 07:25:29.735798: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.735801: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:29.735804: | keyid: *AQO9bJbr3 Sep 21 07:25:29.735806: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:29.735808: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:29.735810: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:29.735812: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:29.735814: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:29.735817: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:29.735819: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:29.735821: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:29.735824: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:29.735826: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:29.735828: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:29.735830: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:29.735832: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:29.735834: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:29.735836: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:29.735838: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:29.735840: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:29.735842: | n 48 ef Sep 21 07:25:29.735844: | e 03 Sep 21 07:25:29.735847: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:29.735849: | CKAID 8a 82 25 f1 Sep 21 07:25:29.735855: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.735859: | spent 0.126 milliseconds in whack Sep 21 07:25:29.735867: | spent 0.00172 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:29.735883: | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:29.735887: | 33 11 ba a4 2b a3 9d 88 00 00 00 00 00 00 00 00 Sep 21 07:25:29.735889: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:29.735891: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:29.735893: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:29.735895: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:29.735897: | 00 0e 00 00 62 e0 f6 8c 1e 2c db a0 78 97 55 1d Sep 21 07:25:29.735899: | 84 93 50 78 8c 62 9b d0 3a 6f a5 4a da f5 13 3c Sep 21 07:25:29.735902: | be 15 76 47 8c 06 5a d4 5d bd 6f 05 c0 19 79 d4 Sep 21 07:25:29.735904: | 59 17 bf 45 f0 7b 53 b4 32 6f 78 c1 4c 9a 08 e5 Sep 21 07:25:29.735906: | f5 ce f8 c4 c8 4b a9 34 6a a7 81 2d 0d fd 3c f9 Sep 21 07:25:29.735908: | ea 20 f0 72 71 36 ae 6a b5 f6 99 15 3d 44 f4 26 Sep 21 07:25:29.735910: | 56 3f 3c da 96 c1 3c 68 e4 51 7f 4e f3 97 c7 ff Sep 21 07:25:29.735912: | 2d 28 98 f0 7d 68 43 df 4f 39 82 31 b3 36 08 f1 Sep 21 07:25:29.735914: | eb 6b 7f 2a 37 8b 0e 61 9e 80 23 ce 44 32 f1 7b Sep 21 07:25:29.735918: | 9e c6 8e 4b 36 fe be a5 fd 11 f8 10 c0 74 a1 3d Sep 21 07:25:29.735921: | 4a f0 b4 e9 ee 90 de 2a 3f 09 7a cd ef 07 e7 87 Sep 21 07:25:29.735923: | 43 40 65 dc e1 53 60 08 8d 1f 85 f2 d4 1b f9 a4 Sep 21 07:25:29.735925: | 1e 24 95 8a 50 5d b3 19 ec 24 42 e1 dd 7c bd 69 Sep 21 07:25:29.735927: | e1 1a 3f 0a a5 da aa 77 0a 86 63 cd 2b 6d 1b d6 Sep 21 07:25:29.735929: | d2 c1 5c 4a 94 d0 ed 1d e2 3b 6b 47 fe 5b c3 b6 Sep 21 07:25:29.735931: | 65 5f 72 d1 8e 32 68 99 c9 8c c9 7e 17 45 7a a1 Sep 21 07:25:29.735933: | f5 87 f3 4f 29 00 00 24 3b 39 f4 2a 5f c2 80 3b Sep 21 07:25:29.735935: | b1 db f4 ee 3c 46 9f 2b ea e8 0c c6 e4 5e 9b c8 Sep 21 07:25:29.735937: | 9b 54 22 9c cd 41 5d de 29 00 00 08 00 00 40 2e Sep 21 07:25:29.735939: | 29 00 00 1c 00 00 40 04 1f f2 70 a8 d5 dd 83 1b Sep 21 07:25:29.735941: | 53 1d 46 ac ce cc 10 ca f8 32 54 a2 00 00 00 1c Sep 21 07:25:29.735944: | 00 00 40 05 54 5a 6d b9 76 de b2 e1 f5 ce f9 e1 Sep 21 07:25:29.735945: | 7e b0 43 96 1a 63 00 a9 Sep 21 07:25:29.735951: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:29.735955: | **parse ISAKMP Message: Sep 21 07:25:29.735957: | initiator cookie: Sep 21 07:25:29.735959: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.735961: | responder cookie: Sep 21 07:25:29.735963: | 00 00 00 00 00 00 00 00 Sep 21 07:25:29.735966: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:29.735968: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.735971: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:29.735973: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:29.735975: | Message ID: 0 (0x0) Sep 21 07:25:29.735977: | length: 440 (0x1b8) Sep 21 07:25:29.735980: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:29.735983: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:29.735986: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:29.735989: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:29.735992: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:29.735994: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:29.735997: | flags: none (0x0) Sep 21 07:25:29.735999: | length: 48 (0x30) Sep 21 07:25:29.736002: | processing payload: ISAKMP_NEXT_v2SA (len=44) Sep 21 07:25:29.736004: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:29.736006: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:29.736009: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:29.736011: | flags: none (0x0) Sep 21 07:25:29.736013: | length: 264 (0x108) Sep 21 07:25:29.736015: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:29.736017: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:29.736019: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.736022: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:29.736024: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:29.736026: | flags: none (0x0) Sep 21 07:25:29.736028: | length: 36 (0x24) Sep 21 07:25:29.736030: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:29.736032: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:29.736035: | ***parse IKEv2 Notify Payload: Sep 21 07:25:29.736037: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:29.736039: | flags: none (0x0) Sep 21 07:25:29.736041: | length: 8 (0x8) Sep 21 07:25:29.736044: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.736046: | SPI size: 0 (0x0) Sep 21 07:25:29.736049: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:29.736051: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:29.736053: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:29.736055: | ***parse IKEv2 Notify Payload: Sep 21 07:25:29.736057: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:29.736062: | flags: none (0x0) Sep 21 07:25:29.736064: | length: 28 (0x1c) Sep 21 07:25:29.736066: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.736068: | SPI size: 0 (0x0) Sep 21 07:25:29.736070: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:29.736072: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:29.736075: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:29.736077: | ***parse IKEv2 Notify Payload: Sep 21 07:25:29.736079: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.736081: | flags: none (0x0) Sep 21 07:25:29.736083: | length: 28 (0x1c) Sep 21 07:25:29.736085: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.736088: | SPI size: 0 (0x0) Sep 21 07:25:29.736090: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:29.736093: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:29.736095: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:29.736100: | find_host_connection local=192.1.3.33:500 remote=192.1.2.23:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:29.736105: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:29.736107: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:29.736110: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Sep 21 07:25:29.736113: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Sep 21 07:25:29.736115: | find_next_host_connection returns empty Sep 21 07:25:29.736119: | find_host_connection local=192.1.3.33:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:29.736122: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:29.736124: | find_next_host_connection returns empty Sep 21 07:25:29.736127: | initial parent SA message received on 192.1.3.33:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:29.736132: | find_host_connection local=192.1.3.33:500 remote=192.1.2.23:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:29.736136: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:29.736138: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:29.736141: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Sep 21 07:25:29.736143: | find_next_host_connection returns north-eastnets/0x2 Sep 21 07:25:29.736145: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:29.736148: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Sep 21 07:25:29.736150: | find_next_host_connection returns north-eastnets/0x1 Sep 21 07:25:29.736153: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:29.736155: | find_next_host_connection returns empty Sep 21 07:25:29.736157: | found connection: north-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:29.736171: | creating state object #1 at 0x555cbddc22a0 Sep 21 07:25:29.736174: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:29.736181: | pstats #1 ikev2.ike started Sep 21 07:25:29.736184: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:29.736187: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:29.736193: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:29.736201: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:29.736204: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:29.736208: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:29.736215: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:29.736219: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:29.736223: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:29.736226: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:29.736229: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:29.736231: | Now let's proceed with state specific processing Sep 21 07:25:29.736233: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:29.736239: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:29.736242: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals) Sep 21 07:25:29.736247: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Sep 21 07:25:29.736253: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:29.736258: "north-eastnets/0x2": constructed local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:29.736260: | Comparing remote proposals against IKE responder 1 local proposals Sep 21 07:25:29.736263: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:29.736266: | local proposal 1 type PRF has 1 transforms Sep 21 07:25:29.736268: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:29.736270: | local proposal 1 type DH has 1 transforms Sep 21 07:25:29.736273: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:29.736276: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:29.736279: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.736281: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.736283: | length: 44 (0x2c) Sep 21 07:25:29.736285: | prop #: 1 (0x1) Sep 21 07:25:29.736288: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:29.736290: | spi size: 0 (0x0) Sep 21 07:25:29.736292: | # transforms: 4 (0x4) Sep 21 07:25:29.736295: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:29.736298: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.736300: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.736302: | length: 12 (0xc) Sep 21 07:25:29.736305: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.736307: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.736309: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.736312: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.736314: | length/value: 256 (0x100) Sep 21 07:25:29.736318: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:29.736320: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.736323: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.736325: | length: 8 (0x8) Sep 21 07:25:29.736327: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:29.736329: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:29.736332: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:29.736335: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.736337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.736339: | length: 8 (0x8) Sep 21 07:25:29.736341: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.736344: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:29.736347: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:29.736353: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.736356: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.736358: | length: 8 (0x8) Sep 21 07:25:29.736361: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.736363: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:29.736366: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:29.736370: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Sep 21 07:25:29.736374: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Sep 21 07:25:29.736377: | remote proposal 1 matches local proposal 1 Sep 21 07:25:29.736381: "north-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Sep 21 07:25:29.736385: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:29.736387: | converting proposal to internal trans attrs Sep 21 07:25:29.736391: | natd_hash: rcookie is zero Sep 21 07:25:29.736398: | natd_hash: hasher=0x555cbc4867a0(20) Sep 21 07:25:29.736400: | natd_hash: icookie= 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.736402: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:29.736405: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:29.736407: | natd_hash: port= 01 f4 Sep 21 07:25:29.736409: | natd_hash: hash= 54 5a 6d b9 76 de b2 e1 f5 ce f9 e1 7e b0 43 96 Sep 21 07:25:29.736411: | natd_hash: hash= 1a 63 00 a9 Sep 21 07:25:29.736413: | natd_hash: rcookie is zero Sep 21 07:25:29.736418: | natd_hash: hasher=0x555cbc4867a0(20) Sep 21 07:25:29.736421: | natd_hash: icookie= 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.736423: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:29.736425: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:29.736427: | natd_hash: port= 01 f4 Sep 21 07:25:29.736429: | natd_hash: hash= 1f f2 70 a8 d5 dd 83 1b 53 1d 46 ac ce cc 10 ca Sep 21 07:25:29.736431: | natd_hash: hash= f8 32 54 a2 Sep 21 07:25:29.736433: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:29.736436: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:29.736438: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:29.736441: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:29.736446: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:25:29.736449: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc0680 Sep 21 07:25:29.736452: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:29.736455: | libevent_malloc: new ptr-libevent@0x555cbddc06f0 size 128 Sep 21 07:25:29.736465: | #1 spent 0.227 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:29.736471: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.736471: | crypto helper 1 resuming Sep 21 07:25:29.736474: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:29.736483: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:25:29.736488: | suspending state #1 and saving MD Sep 21 07:25:29.736494: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:25:29.736496: | #1 is busy; has a suspended MD Sep 21 07:25:29.736504: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.736508: | "north-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.736512: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:29.736518: | #1 spent 0.64 milliseconds in ikev2_process_packet() Sep 21 07:25:29.736522: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:29.736524: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:29.736527: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:29.736531: | spent 0.653 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:29.737530: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001036 seconds Sep 21 07:25:29.737541: | (#1) spent 1.04 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:29.737544: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:29.737547: | scheduling resume sending helper answer for #1 Sep 21 07:25:29.737551: | libevent_malloc: new ptr-libevent@0x7fd394006900 size 128 Sep 21 07:25:29.737558: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:29.737563: | processing resume sending helper answer for #1 Sep 21 07:25:29.737568: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.737572: | crypto helper 1 replies to request ID 1 Sep 21 07:25:29.737574: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:29.737577: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:25:29.737606: | **emit ISAKMP Message: Sep 21 07:25:29.737609: | initiator cookie: Sep 21 07:25:29.737611: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.737613: | responder cookie: Sep 21 07:25:29.737615: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.737618: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:29.737620: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.737623: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:29.737625: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:29.737628: | Message ID: 0 (0x0) Sep 21 07:25:29.737630: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:29.737633: | Emitting ikev2_proposal ... Sep 21 07:25:29.737635: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:29.737638: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.737640: | flags: none (0x0) Sep 21 07:25:29.737643: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:29.737645: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.737648: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.737650: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.737652: | prop #: 1 (0x1) Sep 21 07:25:29.737655: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:29.737657: | spi size: 0 (0x0) Sep 21 07:25:29.737660: | # transforms: 4 (0x4) Sep 21 07:25:29.737662: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:29.737665: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.737667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.737670: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.737672: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.737675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.737677: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.737680: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.737682: | length/value: 256 (0x100) Sep 21 07:25:29.737685: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:29.737687: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.737691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.737693: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:29.737695: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:29.737698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.737701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.737703: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.737706: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.737708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.737710: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.737712: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:29.737715: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.737717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.737720: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.737722: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.737724: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.737726: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.737729: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:29.737731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.737734: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.737736: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.737738: | emitting length of IKEv2 Proposal Substructure Payload: 44 Sep 21 07:25:29.737741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:29.737743: | emitting length of IKEv2 Security Association Payload: 48 Sep 21 07:25:29.737745: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:29.737748: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:29.737751: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.737753: | flags: none (0x0) Sep 21 07:25:29.737755: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:29.737758: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:29.737760: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.737763: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:29.737766: | ikev2 g^x 84 c0 9f ff a2 0c 4a 82 28 a5 49 c6 f1 dd 83 c1 Sep 21 07:25:29.737768: | ikev2 g^x b8 34 cb b2 31 25 6f ab 7b 1f 7e 9e da 0d dd 40 Sep 21 07:25:29.737770: | ikev2 g^x c2 65 26 99 a4 69 17 56 ec ab e5 08 44 8a e3 55 Sep 21 07:25:29.737772: | ikev2 g^x 8b ac 59 65 30 f5 74 a9 f6 8d 6d a2 f4 fb ab 0f Sep 21 07:25:29.737774: | ikev2 g^x cc 3a db 76 d0 03 3d 50 74 97 ec 04 0d ac cd 3b Sep 21 07:25:29.737777: | ikev2 g^x e8 af bb 1f 0e dd 7e 6c 2f 14 c4 33 85 81 1b 59 Sep 21 07:25:29.737779: | ikev2 g^x d7 09 03 f3 3c 6c 25 08 30 b3 10 f3 4e ce 6c b9 Sep 21 07:25:29.737781: | ikev2 g^x 84 94 52 46 a2 3a 91 67 2e 6a f7 65 29 d1 aa 73 Sep 21 07:25:29.737786: | ikev2 g^x 84 c9 d8 37 60 d4 fe f7 44 b8 92 24 c2 01 cc 39 Sep 21 07:25:29.737791: | ikev2 g^x 04 f2 e4 b8 57 be e0 0c a4 a4 0d 03 a5 6f a8 f5 Sep 21 07:25:29.737794: | ikev2 g^x 85 5f 8a bf 88 e6 ae d4 61 3f 75 bd f4 9c 4e 9f Sep 21 07:25:29.737796: | ikev2 g^x 91 42 a4 8b 69 f6 c6 ca 44 84 1e 50 7e d6 98 59 Sep 21 07:25:29.737798: | ikev2 g^x bd ec 46 e0 b1 5e 11 d2 54 b9 9a 8f ee 9d 0d 3a Sep 21 07:25:29.737800: | ikev2 g^x 3f 98 23 80 a0 b7 bf 65 b8 36 f9 35 2a 72 c3 89 Sep 21 07:25:29.737802: | ikev2 g^x dc 9f a9 74 52 d2 6e 3b 75 01 a9 67 44 eb 48 13 Sep 21 07:25:29.737805: | ikev2 g^x bf df 24 ad 7b cc 6c c4 b6 8c 5a e3 81 95 eb 82 Sep 21 07:25:29.737807: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:29.737809: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:29.737812: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:29.737814: | flags: none (0x0) Sep 21 07:25:29.737816: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:29.737819: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.737822: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.737824: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:29.737826: | IKEv2 nonce 94 e7 32 c1 20 4c 49 ef 6c 08 c1 26 1a 75 da 79 Sep 21 07:25:29.737829: | IKEv2 nonce 88 b2 d8 0f 3f 1e b1 3d f7 a1 cb d3 d3 75 24 8a Sep 21 07:25:29.737831: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:29.737834: | Adding a v2N Payload Sep 21 07:25:29.737836: | ***emit IKEv2 Notify Payload: Sep 21 07:25:29.737838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.737840: | flags: none (0x0) Sep 21 07:25:29.737843: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.737845: | SPI size: 0 (0x0) Sep 21 07:25:29.737847: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:29.737850: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:29.737853: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.737855: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:29.737858: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:29.737866: | natd_hash: hasher=0x555cbc4867a0(20) Sep 21 07:25:29.737869: | natd_hash: icookie= 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.737871: | natd_hash: rcookie= a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.737873: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:29.737875: | natd_hash: port= 01 f4 Sep 21 07:25:29.737877: | natd_hash: hash= ff 64 ad 4e 30 fb f7 c3 e0 1e 5b ed 80 e6 5a 08 Sep 21 07:25:29.737879: | natd_hash: hash= 1a ad ac ee Sep 21 07:25:29.737881: | Adding a v2N Payload Sep 21 07:25:29.737883: | ***emit IKEv2 Notify Payload: Sep 21 07:25:29.737885: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.737888: | flags: none (0x0) Sep 21 07:25:29.737890: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.737892: | SPI size: 0 (0x0) Sep 21 07:25:29.737894: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:29.737897: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:29.737900: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.737902: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:29.737905: | Notify data ff 64 ad 4e 30 fb f7 c3 e0 1e 5b ed 80 e6 5a 08 Sep 21 07:25:29.737907: | Notify data 1a ad ac ee Sep 21 07:25:29.737909: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:29.737914: | natd_hash: hasher=0x555cbc4867a0(20) Sep 21 07:25:29.737916: | natd_hash: icookie= 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.737919: | natd_hash: rcookie= a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.737921: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:29.737924: | natd_hash: port= 01 f4 Sep 21 07:25:29.737927: | natd_hash: hash= f2 cc e6 d5 d2 99 90 5e d9 7c 66 0e 80 3f e3 95 Sep 21 07:25:29.737929: | natd_hash: hash= 56 bb b0 67 Sep 21 07:25:29.737931: | Adding a v2N Payload Sep 21 07:25:29.737933: | ***emit IKEv2 Notify Payload: Sep 21 07:25:29.737935: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.737938: | flags: none (0x0) Sep 21 07:25:29.737940: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:29.737942: | SPI size: 0 (0x0) Sep 21 07:25:29.737944: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:29.737947: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:29.737949: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.737952: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:29.737954: | Notify data f2 cc e6 d5 d2 99 90 5e d9 7c 66 0e 80 3f e3 95 Sep 21 07:25:29.737956: | Notify data 56 bb b0 67 Sep 21 07:25:29.737958: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:29.737961: | emitting length of ISAKMP Message: 440 Sep 21 07:25:29.737966: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.737969: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:29.737972: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:29.737975: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:29.737977: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:29.737982: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:29.737986: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.737990: "north-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Sep 21 07:25:29.737994: | sending V2 new request packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:29.737999: | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:29.738002: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.738004: | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:29.738006: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:29.738008: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:29.738010: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:29.738012: | 00 0e 00 00 84 c0 9f ff a2 0c 4a 82 28 a5 49 c6 Sep 21 07:25:29.738014: | f1 dd 83 c1 b8 34 cb b2 31 25 6f ab 7b 1f 7e 9e Sep 21 07:25:29.738016: | da 0d dd 40 c2 65 26 99 a4 69 17 56 ec ab e5 08 Sep 21 07:25:29.738018: | 44 8a e3 55 8b ac 59 65 30 f5 74 a9 f6 8d 6d a2 Sep 21 07:25:29.738021: | f4 fb ab 0f cc 3a db 76 d0 03 3d 50 74 97 ec 04 Sep 21 07:25:29.738023: | 0d ac cd 3b e8 af bb 1f 0e dd 7e 6c 2f 14 c4 33 Sep 21 07:25:29.738025: | 85 81 1b 59 d7 09 03 f3 3c 6c 25 08 30 b3 10 f3 Sep 21 07:25:29.738027: | 4e ce 6c b9 84 94 52 46 a2 3a 91 67 2e 6a f7 65 Sep 21 07:25:29.738029: | 29 d1 aa 73 84 c9 d8 37 60 d4 fe f7 44 b8 92 24 Sep 21 07:25:29.738031: | c2 01 cc 39 04 f2 e4 b8 57 be e0 0c a4 a4 0d 03 Sep 21 07:25:29.738033: | a5 6f a8 f5 85 5f 8a bf 88 e6 ae d4 61 3f 75 bd Sep 21 07:25:29.738035: | f4 9c 4e 9f 91 42 a4 8b 69 f6 c6 ca 44 84 1e 50 Sep 21 07:25:29.738037: | 7e d6 98 59 bd ec 46 e0 b1 5e 11 d2 54 b9 9a 8f Sep 21 07:25:29.738039: | ee 9d 0d 3a 3f 98 23 80 a0 b7 bf 65 b8 36 f9 35 Sep 21 07:25:29.738043: | 2a 72 c3 89 dc 9f a9 74 52 d2 6e 3b 75 01 a9 67 Sep 21 07:25:29.738045: | 44 eb 48 13 bf df 24 ad 7b cc 6c c4 b6 8c 5a e3 Sep 21 07:25:29.738047: | 81 95 eb 82 29 00 00 24 94 e7 32 c1 20 4c 49 ef Sep 21 07:25:29.738049: | 6c 08 c1 26 1a 75 da 79 88 b2 d8 0f 3f 1e b1 3d Sep 21 07:25:29.738051: | f7 a1 cb d3 d3 75 24 8a 29 00 00 08 00 00 40 2e Sep 21 07:25:29.738053: | 29 00 00 1c 00 00 40 04 ff 64 ad 4e 30 fb f7 c3 Sep 21 07:25:29.738055: | e0 1e 5b ed 80 e6 5a 08 1a ad ac ee 00 00 00 1c Sep 21 07:25:29.738057: | 00 00 40 05 f2 cc e6 d5 d2 99 90 5e d9 7c 66 0e Sep 21 07:25:29.738059: | 80 3f e3 95 56 bb b0 67 Sep 21 07:25:29.738091: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.738095: | libevent_free: release ptr-libevent@0x555cbddc06f0 Sep 21 07:25:29.738098: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc0680 Sep 21 07:25:29.738101: | event_schedule: new EVENT_SO_DISCARD-pe@0x555cbddc0870 Sep 21 07:25:29.738104: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:25:29.738107: | libevent_malloc: new ptr-libevent@0x555cbddc06f0 size 128 Sep 21 07:25:29.738110: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:29.738115: | #1 spent 0.522 milliseconds in resume sending helper answer Sep 21 07:25:29.738120: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.738122: | libevent_free: release ptr-libevent@0x7fd394006900 Sep 21 07:25:29.746040: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:29.746062: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:29.746066: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.746068: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Sep 21 07:25:29.746070: | 3f 71 2e 2a f5 40 4a 50 02 76 50 14 01 a0 ff 02 Sep 21 07:25:29.746072: | f8 65 24 7b ed 76 dc cf 46 fb f3 9b 5c 5a 59 41 Sep 21 07:25:29.746075: | 6e cb b9 39 cf 49 ea ca 63 ae d7 33 63 ed cf ad Sep 21 07:25:29.746077: | 1b cb a5 62 e4 cf 07 42 24 2c 0c 08 f7 ab e6 c9 Sep 21 07:25:29.746079: | ba 0e d8 c2 87 01 52 bd 4a 89 3c fe f0 f6 9b 5d Sep 21 07:25:29.746082: | a1 6d 76 f9 35 83 8b 2f 30 77 11 ed 18 31 76 20 Sep 21 07:25:29.746084: | 93 39 f6 b3 e7 35 42 ae e6 10 84 5f f2 83 5f 27 Sep 21 07:25:29.746086: | 53 03 ae 05 95 ee 54 f5 79 32 ba e3 f2 b8 a7 c9 Sep 21 07:25:29.746088: | b1 d5 ff 51 b0 a4 36 79 c5 8e 03 66 b9 94 22 9d Sep 21 07:25:29.746091: | 51 70 4b 53 bd ee 51 df 71 15 31 a1 a5 44 3a 99 Sep 21 07:25:29.746093: | 5a cc 8d f1 f8 03 1f 8a ca a7 50 97 8f 7c 6d 8e Sep 21 07:25:29.746095: | f6 fc ac d7 c7 b8 32 d2 9a 64 e9 ec 7b 39 b0 d5 Sep 21 07:25:29.746097: | a4 23 6e 66 cf 39 2b 11 93 f9 35 6a 8d df 32 13 Sep 21 07:25:29.746100: | f1 7c c9 dd 96 c9 7d 2b 3b b9 74 ea c5 c3 8e 65 Sep 21 07:25:29.746102: | e9 b6 70 3b 51 0f c2 56 f4 ce da 68 3b 62 09 08 Sep 21 07:25:29.746104: | a4 81 82 4e 1a dd 68 b4 65 4f 2c 63 14 00 6a a0 Sep 21 07:25:29.746106: | e4 0c a8 8a c1 54 dc c1 c0 67 95 d1 b7 bb 01 a8 Sep 21 07:25:29.746109: | db 5f 6f 28 1f 45 3f 29 03 b0 59 2e b1 56 43 d0 Sep 21 07:25:29.746111: | 64 52 9c 5b fb 40 13 2e 54 8b 08 f6 6d 89 f7 e9 Sep 21 07:25:29.746113: | 5d db c1 b8 c3 51 8a 80 05 c8 34 47 cf 7e 76 d3 Sep 21 07:25:29.746116: | 7e 51 95 35 92 3b 11 a8 04 65 1f dd 1f 94 c2 9d Sep 21 07:25:29.746118: | 6a d6 b3 ab 2c 72 82 ce 48 08 bc c3 4f 2c 3d ff Sep 21 07:25:29.746120: | 98 96 27 42 39 6b 55 2c a3 e3 4f b8 0c 60 c3 23 Sep 21 07:25:29.746122: | 20 ee 78 55 92 34 93 e2 7e bf f1 64 00 26 52 14 Sep 21 07:25:29.746125: | 73 6c 8e 57 f6 3f d8 72 34 47 6d fb 8e 1f 5d 81 Sep 21 07:25:29.746127: | b8 e0 d8 4a bf a6 22 c1 97 5e fe 15 03 6b ed 16 Sep 21 07:25:29.746129: | a0 83 e4 e8 b7 5e 8f 94 17 8d 62 2b a9 41 c4 fb Sep 21 07:25:29.746134: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:29.746140: | **parse ISAKMP Message: Sep 21 07:25:29.746143: | initiator cookie: Sep 21 07:25:29.746146: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.746148: | responder cookie: Sep 21 07:25:29.746150: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.746153: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:29.746155: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.746158: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:29.746161: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:29.746163: | Message ID: 1 (0x1) Sep 21 07:25:29.746166: | length: 464 (0x1d0) Sep 21 07:25:29.746169: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:29.746172: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:29.746177: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:29.746183: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:29.746187: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:29.746191: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:29.746194: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:29.746199: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:25:29.746201: | unpacking clear payload Sep 21 07:25:29.746204: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:29.746207: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:29.746210: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:29.746212: | flags: none (0x0) Sep 21 07:25:29.746214: | length: 436 (0x1b4) Sep 21 07:25:29.746217: | processing payload: ISAKMP_NEXT_v2SK (len=432) Sep 21 07:25:29.746222: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:29.746225: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:29.746228: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:29.746230: | Now let's proceed with state specific processing Sep 21 07:25:29.746233: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:29.746236: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:25:29.746244: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Sep 21 07:25:29.746248: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:25:29.746251: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:25:29.746256: | libevent_free: release ptr-libevent@0x555cbddc06f0 Sep 21 07:25:29.746259: | free_event_entry: release EVENT_SO_DISCARD-pe@0x555cbddc0870 Sep 21 07:25:29.746262: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc0870 Sep 21 07:25:29.746266: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:29.746269: | libevent_malloc: new ptr-libevent@0x555cbddc06f0 size 128 Sep 21 07:25:29.746330: | crypto helper 0 resuming Sep 21 07:25:29.746339: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:25:29.746344: | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:25:29.747230: | calculating skeyseed using prf=sha2_256 integ=sha2_256 cipherkey-size=32 salt-size=0 Sep 21 07:25:29.747788: | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.00144 seconds Sep 21 07:25:29.747799: | (#1) spent 1.45 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:25:29.747802: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:29.747805: | scheduling resume sending helper answer for #1 Sep 21 07:25:29.747811: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.747817: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:29.746280: | #1 spent 0.0423 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:25:29.747830: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.747834: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:29.747837: | suspending state #1 and saving MD Sep 21 07:25:29.747840: | #1 is busy; has a suspended MD Sep 21 07:25:29.747845: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.747849: | "north-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.747854: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:29.747860: | #1 spent 0.27 milliseconds in ikev2_process_packet() Sep 21 07:25:29.747864: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:29.747867: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:29.747870: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:29.747874: | spent 0.285 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:29.747884: | processing resume sending helper answer for #1 Sep 21 07:25:29.747889: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.747893: | crypto helper 0 replies to request ID 2 Sep 21 07:25:29.747895: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:29.747898: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:25:29.747900: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:29.747922: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.747926: | data for hmac: 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Sep 21 07:25:29.747928: | data for hmac: 3f 71 2e 2a f5 40 4a 50 02 76 50 14 01 a0 ff 02 Sep 21 07:25:29.747930: | data for hmac: f8 65 24 7b ed 76 dc cf 46 fb f3 9b 5c 5a 59 41 Sep 21 07:25:29.747933: | data for hmac: 6e cb b9 39 cf 49 ea ca 63 ae d7 33 63 ed cf ad Sep 21 07:25:29.747935: | data for hmac: 1b cb a5 62 e4 cf 07 42 24 2c 0c 08 f7 ab e6 c9 Sep 21 07:25:29.747937: | data for hmac: ba 0e d8 c2 87 01 52 bd 4a 89 3c fe f0 f6 9b 5d Sep 21 07:25:29.747940: | data for hmac: a1 6d 76 f9 35 83 8b 2f 30 77 11 ed 18 31 76 20 Sep 21 07:25:29.747942: | data for hmac: 93 39 f6 b3 e7 35 42 ae e6 10 84 5f f2 83 5f 27 Sep 21 07:25:29.747944: | data for hmac: 53 03 ae 05 95 ee 54 f5 79 32 ba e3 f2 b8 a7 c9 Sep 21 07:25:29.747946: | data for hmac: b1 d5 ff 51 b0 a4 36 79 c5 8e 03 66 b9 94 22 9d Sep 21 07:25:29.747949: | data for hmac: 51 70 4b 53 bd ee 51 df 71 15 31 a1 a5 44 3a 99 Sep 21 07:25:29.747951: | data for hmac: 5a cc 8d f1 f8 03 1f 8a ca a7 50 97 8f 7c 6d 8e Sep 21 07:25:29.747953: | data for hmac: f6 fc ac d7 c7 b8 32 d2 9a 64 e9 ec 7b 39 b0 d5 Sep 21 07:25:29.747956: | data for hmac: a4 23 6e 66 cf 39 2b 11 93 f9 35 6a 8d df 32 13 Sep 21 07:25:29.747958: | data for hmac: f1 7c c9 dd 96 c9 7d 2b 3b b9 74 ea c5 c3 8e 65 Sep 21 07:25:29.747960: | data for hmac: e9 b6 70 3b 51 0f c2 56 f4 ce da 68 3b 62 09 08 Sep 21 07:25:29.747962: | data for hmac: a4 81 82 4e 1a dd 68 b4 65 4f 2c 63 14 00 6a a0 Sep 21 07:25:29.747965: | data for hmac: e4 0c a8 8a c1 54 dc c1 c0 67 95 d1 b7 bb 01 a8 Sep 21 07:25:29.747971: | data for hmac: db 5f 6f 28 1f 45 3f 29 03 b0 59 2e b1 56 43 d0 Sep 21 07:25:29.747973: | data for hmac: 64 52 9c 5b fb 40 13 2e 54 8b 08 f6 6d 89 f7 e9 Sep 21 07:25:29.747978: | data for hmac: 5d db c1 b8 c3 51 8a 80 05 c8 34 47 cf 7e 76 d3 Sep 21 07:25:29.747980: | data for hmac: 7e 51 95 35 92 3b 11 a8 04 65 1f dd 1f 94 c2 9d Sep 21 07:25:29.747983: | data for hmac: 6a d6 b3 ab 2c 72 82 ce 48 08 bc c3 4f 2c 3d ff Sep 21 07:25:29.747985: | data for hmac: 98 96 27 42 39 6b 55 2c a3 e3 4f b8 0c 60 c3 23 Sep 21 07:25:29.747987: | data for hmac: 20 ee 78 55 92 34 93 e2 7e bf f1 64 00 26 52 14 Sep 21 07:25:29.747990: | data for hmac: 73 6c 8e 57 f6 3f d8 72 34 47 6d fb 8e 1f 5d 81 Sep 21 07:25:29.747992: | data for hmac: b8 e0 d8 4a bf a6 22 c1 97 5e fe 15 03 6b ed 16 Sep 21 07:25:29.747995: | calculated auth: a0 83 e4 e8 b7 5e 8f 94 17 8d 62 2b a9 41 c4 fb Sep 21 07:25:29.747997: | provided auth: a0 83 e4 e8 b7 5e 8f 94 17 8d 62 2b a9 41 c4 fb Sep 21 07:25:29.747999: | authenticator matched Sep 21 07:25:29.748010: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:29.748014: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:25:29.748017: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:25:29.748020: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:29.748023: | flags: none (0x0) Sep 21 07:25:29.748025: | length: 12 (0xc) Sep 21 07:25:29.748028: | ID type: ID_FQDN (0x2) Sep 21 07:25:29.748030: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:25:29.748033: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:29.748036: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:29.748038: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:29.748040: | flags: none (0x0) Sep 21 07:25:29.748043: | length: 13 (0xd) Sep 21 07:25:29.748045: | ID type: ID_FQDN (0x2) Sep 21 07:25:29.748048: | processing payload: ISAKMP_NEXT_v2IDr (len=5) Sep 21 07:25:29.748050: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:29.748053: | **parse IKEv2 Authentication Payload: Sep 21 07:25:29.748056: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:29.748058: | flags: none (0x0) Sep 21 07:25:29.748061: | length: 282 (0x11a) Sep 21 07:25:29.748063: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:29.748066: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:29.748068: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:29.748071: | **parse IKEv2 Security Association Payload: Sep 21 07:25:29.748073: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:29.748076: | flags: none (0x0) Sep 21 07:25:29.748078: | length: 44 (0x2c) Sep 21 07:25:29.748080: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:25:29.748083: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.748086: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.748088: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:29.748091: | flags: none (0x0) Sep 21 07:25:29.748093: | length: 24 (0x18) Sep 21 07:25:29.748096: | number of TS: 1 (0x1) Sep 21 07:25:29.748098: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:29.748101: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.748103: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.748106: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.748108: | flags: none (0x0) Sep 21 07:25:29.748110: | length: 24 (0x18) Sep 21 07:25:29.748113: | number of TS: 1 (0x1) Sep 21 07:25:29.748115: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:29.748118: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:25:29.748120: | Now let's proceed with state specific processing Sep 21 07:25:29.748123: | calling processor Responder: process IKE_AUTH request Sep 21 07:25:29.748129: "north-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:25:29.748135: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:29.748141: | received IDr payload - extracting our alleged ID Sep 21 07:25:29.748144: | refine_host_connection for IKEv2: starting with "north-eastnets/0x2" Sep 21 07:25:29.748149: | match_id a=@east Sep 21 07:25:29.748151: | b=@east Sep 21 07:25:29.748153: | results matched Sep 21 07:25:29.748158: | refine_host_connection: checking "north-eastnets/0x2" against "north-eastnets/0x2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:25:29.748160: | Warning: not switching back to template of current instance Sep 21 07:25:29.748163: | Peer expects us to be @north (ID_FQDN) according to its IDr payload Sep 21 07:25:29.748166: | This connection's local id is @north (ID_FQDN) Sep 21 07:25:29.748169: | refine_host_connection: checked north-eastnets/0x2 against north-eastnets/0x2, now for see if best Sep 21 07:25:29.748173: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:29.748176: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:29.748180: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:25:29.748184: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:25:29.748187: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:25:29.748189: | line 1: match=002 Sep 21 07:25:29.748192: | match 002 beats previous best_match 000 match=0x555cbddb40e0 (line=1) Sep 21 07:25:29.748195: | concluding with best_match=002 best=0x555cbddb40e0 (lineno=1) Sep 21 07:25:29.748198: | returning because exact peer id match Sep 21 07:25:29.748201: | offered CA: '%none' Sep 21 07:25:29.748204: "north-eastnets/0x2" #1: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:29.748221: | verifying AUTH payload Sep 21 07:25:29.748236: | required RSA CA is '%any' Sep 21 07:25:29.748241: | checking RSA keyid '@east' for match with '@east' Sep 21 07:25:29.748244: | RSA key issuer CA is '%any' Sep 21 07:25:29.748312: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:25:29.748319: | #1 spent 0.0704 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:29.748322: "north-eastnets/0x2" #1: Authenticated using RSA Sep 21 07:25:29.748326: | #1 spent 0.0991 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:29.748330: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:25:29.748335: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:29.748338: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.748341: | libevent_free: release ptr-libevent@0x555cbddc06f0 Sep 21 07:25:29.748344: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc0870 Sep 21 07:25:29.748347: | event_schedule: new EVENT_SA_REKEY-pe@0x555cbddc0870 Sep 21 07:25:29.748350: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:25:29.748353: | libevent_malloc: new ptr-libevent@0x555cbddc06f0 size 128 Sep 21 07:25:29.748534: | pstats #1 ikev2.ike established Sep 21 07:25:29.748545: | **emit ISAKMP Message: Sep 21 07:25:29.748548: | initiator cookie: Sep 21 07:25:29.748551: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.748553: | responder cookie: Sep 21 07:25:29.748555: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.748558: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:29.748561: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.748564: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:29.748567: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:29.748570: | Message ID: 1 (0x1) Sep 21 07:25:29.748573: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:29.748576: | IKEv2 CERT: send a certificate? Sep 21 07:25:29.748578: | IKEv2 CERT: no certificate to send Sep 21 07:25:29.748581: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:29.748583: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.748586: | flags: none (0x0) Sep 21 07:25:29.748589: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:29.748595: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.748599: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:29.748607: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:29.748623: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:29.748627: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.748629: | flags: none (0x0) Sep 21 07:25:29.748631: | ID type: ID_FQDN (0x2) Sep 21 07:25:29.748635: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:29.748637: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.748641: | emitting 5 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:25:29.748643: | my identity 6e 6f 72 74 68 Sep 21 07:25:29.748646: | emitting length of IKEv2 Identification - Responder - Payload: 13 Sep 21 07:25:29.748654: | assembled IDr payload Sep 21 07:25:29.748657: | CHILD SA proposals received Sep 21 07:25:29.748659: | going to assemble AUTH payload Sep 21 07:25:29.748661: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:29.748664: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:29.748667: | flags: none (0x0) Sep 21 07:25:29.748669: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:29.748672: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:25:29.748676: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:29.748678: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.748684: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:29.748687: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:29.748690: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:25:29.748694: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:25:29.748698: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:25:29.748700: | line 1: match=002 Sep 21 07:25:29.748703: | match 002 beats previous best_match 000 match=0x555cbddb40e0 (line=1) Sep 21 07:25:29.748706: | concluding with best_match=002 best=0x555cbddb40e0 (lineno=1) Sep 21 07:25:29.753895: | #1 spent 5.12 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:29.753908: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:29.753912: | rsa signature 25 25 13 e8 34 fb 67 39 b9 d6 1c 71 e0 83 f1 cb Sep 21 07:25:29.753914: | rsa signature 4e 53 57 52 55 46 c6 31 b1 52 f0 65 49 f4 04 6b Sep 21 07:25:29.753917: | rsa signature e8 6c c6 cf 49 7f 58 b2 32 7c ee 40 df 37 94 f4 Sep 21 07:25:29.753919: | rsa signature 4e e4 28 92 07 32 6b ed 68 a1 b0 f5 85 76 ae 0e Sep 21 07:25:29.753921: | rsa signature f3 04 7d a9 4d 02 b5 0e 6e 50 08 79 34 1d de cf Sep 21 07:25:29.753924: | rsa signature 9c 7b 62 c1 8d 17 f4 03 18 dd 8a 2a 46 48 16 75 Sep 21 07:25:29.753926: | rsa signature 51 ab ed 0c c5 fa a0 e2 60 97 5a bd 35 9f 95 2a Sep 21 07:25:29.753928: | rsa signature c5 37 6b ce f7 8d 3f 57 fe b2 af 96 c2 33 b5 34 Sep 21 07:25:29.753931: | rsa signature a3 bf 2b c9 1d aa 6a 4d 89 e6 ef a3 e0 ac b1 7f Sep 21 07:25:29.753933: | rsa signature ad b5 ef de 9b 82 6c da 9d ed 53 a6 7d 95 dc 89 Sep 21 07:25:29.753935: | rsa signature f1 20 a6 72 7e 92 be ae 1d 79 f8 7e 8b 84 93 3b Sep 21 07:25:29.753938: | rsa signature 47 20 fa 4b da 04 86 f5 ac a4 27 f3 04 ca e0 dd Sep 21 07:25:29.753940: | rsa signature 7f 16 5a 09 b7 e6 1b c2 5d 50 11 47 3e c3 68 6d Sep 21 07:25:29.753947: | rsa signature 82 7e 10 24 a6 57 51 59 db 51 ba f1 bb 40 d8 44 Sep 21 07:25:29.753949: | rsa signature e2 62 bd 58 b7 92 27 ec d3 f6 81 ed 91 5d 7f 5b Sep 21 07:25:29.753951: | rsa signature 13 74 87 c6 0a fb 38 8e b4 0c 5c ff a9 b7 60 43 Sep 21 07:25:29.753954: | rsa signature ef 49 0b 43 29 30 1d 92 32 53 22 4a 74 4e f5 d8 Sep 21 07:25:29.753956: | rsa signature 2d a2 Sep 21 07:25:29.753960: | #1 spent 5.22 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:29.753963: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:29.753969: | creating state object #2 at 0x555cbddcbca0 Sep 21 07:25:29.753972: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:29.753976: | pstats #2 ikev2.child started Sep 21 07:25:29.753979: | duplicating state object #1 "north-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:25:29.753985: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:29.753992: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:29.753996: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:29.754001: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:29.754004: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:25:29.754007: | TSi: parsing 1 traffic selectors Sep 21 07:25:29.754010: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.754013: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.754016: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.754018: | length: 16 (0x10) Sep 21 07:25:29.754020: | start port: 0 (0x0) Sep 21 07:25:29.754022: | end port: 65535 (0xffff) Sep 21 07:25:29.754025: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.754027: | TS low c0 00 02 00 Sep 21 07:25:29.754030: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.754032: | TS high c0 00 02 ff Sep 21 07:25:29.754034: | TSi: parsed 1 traffic selectors Sep 21 07:25:29.754037: | TSr: parsing 1 traffic selectors Sep 21 07:25:29.754039: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.754041: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.754044: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.754046: | length: 16 (0x10) Sep 21 07:25:29.754048: | start port: 0 (0x0) Sep 21 07:25:29.754050: | end port: 65535 (0xffff) Sep 21 07:25:29.754052: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.754055: | TS low c0 00 03 00 Sep 21 07:25:29.754057: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.754059: | TS high c0 00 03 ff Sep 21 07:25:29.754062: | TSr: parsed 1 traffic selectors Sep 21 07:25:29.754064: | looking for best SPD in current connection Sep 21 07:25:29.754071: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Sep 21 07:25:29.754076: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.754083: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:25:29.754085: | looking for better host pair Sep 21 07:25:29.754090: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:29.754095: | checking hostpair 192.0.3.0/24:0 -> 192.0.22.0/24:0 is found Sep 21 07:25:29.754098: | investigating connection "north-eastnets/0x2" as a better match Sep 21 07:25:29.754102: | match_id a=@east Sep 21 07:25:29.754104: | b=@east Sep 21 07:25:29.754106: | results matched Sep 21 07:25:29.754112: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Sep 21 07:25:29.754118: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.754124: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:25:29.754127: | investigating connection "north-eastnets/0x1" as a better match Sep 21 07:25:29.754129: | match_id a=@east Sep 21 07:25:29.754132: | b=@east Sep 21 07:25:29.754134: | results matched Sep 21 07:25:29.754139: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Sep 21 07:25:29.754144: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.754149: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:29.754152: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:29.754155: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:29.754158: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:29.754161: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.754165: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.754171: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:29.754174: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:29.754176: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:29.754179: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:29.754182: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.754184: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:29.754187: | protocol fitness found better match d north-eastnets/0x1, TSi[0],TSr[0] Sep 21 07:25:29.754193: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:29.754195: | printing contents struct traffic_selector Sep 21 07:25:29.754198: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:29.754200: | ipprotoid: 0 Sep 21 07:25:29.754202: | port range: 0-65535 Sep 21 07:25:29.754206: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:29.754208: | printing contents struct traffic_selector Sep 21 07:25:29.754210: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:29.754213: | ipprotoid: 0 Sep 21 07:25:29.754215: | port range: 0-65535 Sep 21 07:25:29.754218: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:29.754223: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:25:29.754227: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:25:29.754234: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:25:29.754238: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:25:29.754242: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Sep 21 07:25:29.754245: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:29.754247: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:29.754250: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:29.754252: | local proposal 1 type DH has 1 transforms Sep 21 07:25:29.754255: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:29.754258: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:29.754261: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.754263: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.754266: | length: 40 (0x28) Sep 21 07:25:29.754268: | prop #: 1 (0x1) Sep 21 07:25:29.754271: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.754273: | spi size: 4 (0x4) Sep 21 07:25:29.754275: | # transforms: 3 (0x3) Sep 21 07:25:29.754278: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:29.754326: | remote SPI a8 c7 19 18 Sep 21 07:25:29.754332: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:29.754335: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.754339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.754341: | length: 12 (0xc) Sep 21 07:25:29.754344: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.754346: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.754349: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.754352: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.754354: | length/value: 128 (0x80) Sep 21 07:25:29.754359: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:29.754362: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.754364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.754366: | length: 8 (0x8) Sep 21 07:25:29.754369: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.754371: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.754375: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:29.754378: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.754380: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.754383: | length: 8 (0x8) Sep 21 07:25:29.754385: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.754387: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.754391: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:29.754395: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:25:29.754399: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:25:29.754402: | remote proposal 1 matches local proposal 1 Sep 21 07:25:29.754408: "north-eastnets/0x2" #1: proposal 1:ESP:SPI=a8c71918;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Sep 21 07:25:29.754413: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=a8c71918;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED Sep 21 07:25:29.754416: | converting proposal to internal trans attrs Sep 21 07:25:29.754441: | netlink_get_spi: allocated 0xc9118a85 for esp.0@192.1.3.33 Sep 21 07:25:29.754445: | Emitting ikev2_proposal ... Sep 21 07:25:29.754447: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:29.754450: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.754453: | flags: none (0x0) Sep 21 07:25:29.754457: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:29.754460: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.754463: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.754466: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.754468: | prop #: 1 (0x1) Sep 21 07:25:29.754471: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.754473: | spi size: 4 (0x4) Sep 21 07:25:29.754475: | # transforms: 3 (0x3) Sep 21 07:25:29.754478: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:29.754482: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:29.754484: | our spi c9 11 8a 85 Sep 21 07:25:29.754487: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.754489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.754492: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.754496: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.754499: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.754502: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.754505: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.754508: | length/value: 128 (0x80) Sep 21 07:25:29.754510: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:29.754513: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.754515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.754518: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.754520: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.754524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.754526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.754529: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.754532: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.754534: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.754537: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.754539: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.754542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.754545: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.754547: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.754550: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:29.754553: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:29.754555: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:25:29.754558: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:29.754561: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.754564: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.754566: | flags: none (0x0) Sep 21 07:25:29.754568: | number of TS: 1 (0x1) Sep 21 07:25:29.754572: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.754575: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.754577: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.754580: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.754582: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.754584: | start port: 0 (0x0) Sep 21 07:25:29.754587: | end port: 65535 (0xffff) Sep 21 07:25:29.754590: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.754592: | IP start c0 00 02 00 Sep 21 07:25:29.754595: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.754597: | IP end c0 00 02 ff Sep 21 07:25:29.754600: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.754602: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:29.754605: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.754607: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.754610: | flags: none (0x0) Sep 21 07:25:29.754612: | number of TS: 1 (0x1) Sep 21 07:25:29.754615: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.754620: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.754623: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.754625: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.754628: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.754630: | start port: 0 (0x0) Sep 21 07:25:29.754632: | end port: 65535 (0xffff) Sep 21 07:25:29.754635: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.754637: | IP start c0 00 03 00 Sep 21 07:25:29.754640: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.754642: | IP end c0 00 03 ff Sep 21 07:25:29.754645: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.754647: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:29.754650: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:29.754654: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:25:29.754992: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:25:29.755005: | #1 spent 1.01 milliseconds Sep 21 07:25:29.755008: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:29.755011: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:25:29.755014: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.755017: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.755020: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.755022: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.755025: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.755030: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:29.755034: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.755037: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.755040: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.755044: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.755046: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:25:29.755050: | netlink: enabling tunnel mode Sep 21 07:25:29.755052: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.755055: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.755297: | netlink response for Add SA esp.a8c71918@192.1.2.23 included non-error error Sep 21 07:25:29.755304: | set up outgoing SA, ref=0/0 Sep 21 07:25:29.755308: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.755311: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.755314: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.755318: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.755320: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:25:29.755323: | netlink: enabling tunnel mode Sep 21 07:25:29.755326: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.755328: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.755501: | netlink response for Add SA esp.c9118a85@192.1.3.33 included non-error error Sep 21 07:25:29.755507: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.755515: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:29.755519: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.755763: | raw_eroute result=success Sep 21 07:25:29.755768: | set up incoming SA, ref=0/0 Sep 21 07:25:29.755771: | sr for #2: unrouted Sep 21 07:25:29.755774: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:29.755780: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.755788: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.755793: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.755796: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.755798: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.755802: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:29.755806: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:29.755809: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.755817: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:29.755820: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.755943: | raw_eroute result=success Sep 21 07:25:29.755949: | running updown command "ipsec _updown" for verb up Sep 21 07:25:29.755952: | command executing up-client Sep 21 07:25:29.755980: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa8c7 Sep 21 07:25:29.755983: | popen cmd is 1038 chars long Sep 21 07:25:29.755986: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Sep 21 07:25:29.755989: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Sep 21 07:25:29.755992: | cmd( 160):MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PL: Sep 21 07:25:29.755994: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:25:29.755997: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:25:29.756000: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Sep 21 07:25:29.756002: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:25:29.756005: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCR: Sep 21 07:25:29.756008: | cmd( 640):YPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='C: Sep 21 07:25:29.756010: | cmd( 720):K_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0': Sep 21 07:25:29.756013: | cmd( 800): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Sep 21 07:25:29.756015: | cmd( 880):_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Sep 21 07:25:29.756018: | cmd( 960):G='no' VTI_SHARED='no' SPI_IN=0xa8c71918 SPI_OUT=0xc9118a85 ipsec _updown 2>&1: Sep 21 07:25:29.768141: | route_and_eroute: firewall_notified: true Sep 21 07:25:29.768155: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:29.768158: | command executing prepare-client Sep 21 07:25:29.768190: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI Sep 21 07:25:29.768196: | popen cmd is 1043 chars long Sep 21 07:25:29.768199: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:25:29.768202: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:25:29.768204: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:25:29.768207: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:29.768209: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:25:29.768212: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:25:29.768214: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:29.768217: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:25:29.768219: | cmd( 640):+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:25:29.768222: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:25:29.768224: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:25:29.768227: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:25:29.768229: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0xa8c71918 SPI_OUT=0xc9118a85 ipsec _updown 2: Sep 21 07:25:29.768232: | cmd(1040):>&1: Sep 21 07:25:29.782405: | running updown command "ipsec _updown" for verb route Sep 21 07:25:29.782419: | command executing route-client Sep 21 07:25:29.782450: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN= Sep 21 07:25:29.782455: | popen cmd is 1041 chars long Sep 21 07:25:29.782458: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Sep 21 07:25:29.782461: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:25:29.782463: | cmd( 160):TO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Sep 21 07:25:29.782470: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:25:29.782473: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Sep 21 07:25:29.782475: | cmd( 400):@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_: Sep 21 07:25:29.782478: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Sep 21 07:25:29.782480: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E: Sep 21 07:25:29.782483: | cmd( 640):NCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND: Sep 21 07:25:29.782486: | cmd( 720):='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=: Sep 21 07:25:29.782488: | cmd( 800):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Sep 21 07:25:29.782491: | cmd( 880):CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Sep 21 07:25:29.782494: | cmd( 960):TING='no' VTI_SHARED='no' SPI_IN=0xa8c71918 SPI_OUT=0xc9118a85 ipsec _updown 2>&: Sep 21 07:25:29.782496: | cmd(1040):1: Sep 21 07:25:29.792388: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x555cbddbfa10,sr=0x555cbddbfa10} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:29.792525: | #1 spent 1.02 milliseconds in install_ipsec_sa() Sep 21 07:25:29.792533: | ISAKMP_v2_IKE_AUTH: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:29.792537: | adding 13 bytes of padding (including 1 byte padding-length) Sep 21 07:25:29.792541: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792545: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792549: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792552: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792556: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792559: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792563: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792566: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792570: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792573: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792576: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792579: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792583: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.792587: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:29.792589: | emitting length of IKEv2 Encryption Payload: 436 Sep 21 07:25:29.792592: | emitting length of ISAKMP Message: 464 Sep 21 07:25:29.792644: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.792648: | data being hmac: 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Sep 21 07:25:29.792650: | data being hmac: af fc 13 a5 e7 03 cf ff c3 ca 3e e1 1a 84 10 23 Sep 21 07:25:29.792652: | data being hmac: 29 4c dd 57 af 59 0f c1 c0 8b 25 24 64 c3 0e 88 Sep 21 07:25:29.792653: | data being hmac: 9d 3d 6e 45 5f dc 51 d1 6f f8 98 6f 87 13 fc cd Sep 21 07:25:29.792655: | data being hmac: 6c 9e 34 1b 38 4d 25 51 2b 97 6b c7 40 16 c9 4a Sep 21 07:25:29.792656: | data being hmac: cb 82 cd db 2b 2d 93 bf 37 3d 92 ab 99 30 00 ea Sep 21 07:25:29.792660: | data being hmac: e1 26 14 5a 09 4f 0e ff bf 8e 93 90 69 1d 98 45 Sep 21 07:25:29.792661: | data being hmac: 61 10 16 64 51 53 42 32 c3 3d 71 dc 8c da c2 47 Sep 21 07:25:29.792663: | data being hmac: 1f cc 0f cd a7 14 f9 cf 9a b7 cc 8d 51 e8 46 b0 Sep 21 07:25:29.792664: | data being hmac: 64 07 73 3c 1a 59 17 cc 29 f3 cd 44 f8 6d ce 43 Sep 21 07:25:29.792666: | data being hmac: 32 49 10 1c ce 5c a4 9d fb 35 44 a0 a6 1c 3a e5 Sep 21 07:25:29.792667: | data being hmac: 65 87 ee 54 96 f3 e4 58 08 33 e9 91 eb 71 4a 2b Sep 21 07:25:29.792669: | data being hmac: 54 c4 d3 e4 50 11 2b 51 71 32 f8 39 ff b6 bd ba Sep 21 07:25:29.792670: | data being hmac: 69 85 f3 d1 8e b2 da 48 0b 89 62 67 49 c5 57 7e Sep 21 07:25:29.792671: | data being hmac: 88 f6 21 87 06 4b 65 d7 9a 53 a2 e8 a8 b0 69 92 Sep 21 07:25:29.792673: | data being hmac: 5b e5 87 68 a1 47 b3 d6 bf cb 91 83 55 5a 0b e7 Sep 21 07:25:29.792674: | data being hmac: f5 d9 7f 72 2b 6c cf 71 1a 40 02 3d 5d 42 8e de Sep 21 07:25:29.792676: | data being hmac: 71 fd f3 00 42 e7 f0 aa 7d 35 b5 0e e7 8f ae 2c Sep 21 07:25:29.792677: | data being hmac: ba 4f 62 fc 88 74 1e 67 37 17 09 55 55 d7 73 a7 Sep 21 07:25:29.792679: | data being hmac: af 2f c6 24 93 d5 a9 d0 d9 9b db 37 7b 48 93 59 Sep 21 07:25:29.792680: | data being hmac: ed 7b e6 91 fc ea 79 09 d6 d1 a8 df 44 aa 2b 14 Sep 21 07:25:29.792681: | data being hmac: f3 d2 3b 4a 1c d8 f5 69 11 21 3c c4 82 1f 52 df Sep 21 07:25:29.792683: | data being hmac: 83 4d 3c b7 76 4c 3f 5f df be be ef 9f fb de cb Sep 21 07:25:29.792684: | data being hmac: 46 1f a6 72 00 8f db 57 a7 ba 55 60 f3 82 2b 96 Sep 21 07:25:29.792686: | data being hmac: 8e 1a c0 30 1f 4f f6 cc 56 3a a5 65 48 2f 8e 01 Sep 21 07:25:29.792687: | data being hmac: e5 21 d6 00 6e 5c 9d 6d a5 21 33 00 60 2e 4c 75 Sep 21 07:25:29.792689: | data being hmac: 60 b1 2f 5d 91 bf 92 da 34 44 f5 29 b4 f3 e3 b8 Sep 21 07:25:29.792690: | out calculated auth: Sep 21 07:25:29.792692: | b8 e7 5d 50 ad 0e e5 04 a7 bf 84 37 95 75 8f 42 Sep 21 07:25:29.792697: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:25:29.792704: | #1 spent 7.91 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:25:29.792712: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.792718: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.792724: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:25:29.792728: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:25:29.792731: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:29.792735: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:29.792740: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:29.792743: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.792745: | pstats #2 ikev2.child established Sep 21 07:25:29.792750: "north-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:29.792753: | NAT-T: encaps is 'auto' Sep 21 07:25:29.792756: "north-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xa8c71918 <0xc9118a85 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Sep 21 07:25:29.792760: | sending V2 new request packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:29.792767: | sending 464 bytes for STATE_PARENT_R1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:29.792770: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.792771: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Sep 21 07:25:29.792773: | af fc 13 a5 e7 03 cf ff c3 ca 3e e1 1a 84 10 23 Sep 21 07:25:29.792774: | 29 4c dd 57 af 59 0f c1 c0 8b 25 24 64 c3 0e 88 Sep 21 07:25:29.792775: | 9d 3d 6e 45 5f dc 51 d1 6f f8 98 6f 87 13 fc cd Sep 21 07:25:29.792777: | 6c 9e 34 1b 38 4d 25 51 2b 97 6b c7 40 16 c9 4a Sep 21 07:25:29.792778: | cb 82 cd db 2b 2d 93 bf 37 3d 92 ab 99 30 00 ea Sep 21 07:25:29.792780: | e1 26 14 5a 09 4f 0e ff bf 8e 93 90 69 1d 98 45 Sep 21 07:25:29.792781: | 61 10 16 64 51 53 42 32 c3 3d 71 dc 8c da c2 47 Sep 21 07:25:29.792786: | 1f cc 0f cd a7 14 f9 cf 9a b7 cc 8d 51 e8 46 b0 Sep 21 07:25:29.792791: | 64 07 73 3c 1a 59 17 cc 29 f3 cd 44 f8 6d ce 43 Sep 21 07:25:29.792793: | 32 49 10 1c ce 5c a4 9d fb 35 44 a0 a6 1c 3a e5 Sep 21 07:25:29.792795: | 65 87 ee 54 96 f3 e4 58 08 33 e9 91 eb 71 4a 2b Sep 21 07:25:29.792797: | 54 c4 d3 e4 50 11 2b 51 71 32 f8 39 ff b6 bd ba Sep 21 07:25:29.792798: | 69 85 f3 d1 8e b2 da 48 0b 89 62 67 49 c5 57 7e Sep 21 07:25:29.792799: | 88 f6 21 87 06 4b 65 d7 9a 53 a2 e8 a8 b0 69 92 Sep 21 07:25:29.792801: | 5b e5 87 68 a1 47 b3 d6 bf cb 91 83 55 5a 0b e7 Sep 21 07:25:29.792802: | f5 d9 7f 72 2b 6c cf 71 1a 40 02 3d 5d 42 8e de Sep 21 07:25:29.792804: | 71 fd f3 00 42 e7 f0 aa 7d 35 b5 0e e7 8f ae 2c Sep 21 07:25:29.792805: | ba 4f 62 fc 88 74 1e 67 37 17 09 55 55 d7 73 a7 Sep 21 07:25:29.792806: | af 2f c6 24 93 d5 a9 d0 d9 9b db 37 7b 48 93 59 Sep 21 07:25:29.792808: | ed 7b e6 91 fc ea 79 09 d6 d1 a8 df 44 aa 2b 14 Sep 21 07:25:29.792822: | f3 d2 3b 4a 1c d8 f5 69 11 21 3c c4 82 1f 52 df Sep 21 07:25:29.792823: | 83 4d 3c b7 76 4c 3f 5f df be be ef 9f fb de cb Sep 21 07:25:29.792825: | 46 1f a6 72 00 8f db 57 a7 ba 55 60 f3 82 2b 96 Sep 21 07:25:29.792826: | 8e 1a c0 30 1f 4f f6 cc 56 3a a5 65 48 2f 8e 01 Sep 21 07:25:29.792827: | e5 21 d6 00 6e 5c 9d 6d a5 21 33 00 60 2e 4c 75 Sep 21 07:25:29.792829: | 60 b1 2f 5d 91 bf 92 da 34 44 f5 29 b4 f3 e3 b8 Sep 21 07:25:29.792830: | b8 e7 5d 50 ad 0e e5 04 a7 bf 84 37 95 75 8f 42 Sep 21 07:25:29.792868: | releasing whack for #2 (sock=fd@-1) Sep 21 07:25:29.792871: | releasing whack and unpending for parent #1 Sep 21 07:25:29.792887: | unpending state #1 connection "north-eastnets/0x1" Sep 21 07:25:29.792890: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:29.792893: | event_schedule: new EVENT_SA_REKEY-pe@0x555cbddca060 Sep 21 07:25:29.792895: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:25:29.792898: | libevent_malloc: new ptr-libevent@0x555cbddcb900 size 128 Sep 21 07:25:29.792902: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:29.792906: | #1 spent 8.32 milliseconds in resume sending helper answer Sep 21 07:25:29.792910: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.792912: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.792924: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.792935: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:25:29.792937: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:29.792938: initiating all conns with alias='north-eastnets' Sep 21 07:25:29.792944: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:29.792948: | start processing: connection "north-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:29.792949: | connection 'north-eastnets/0x2' +POLICY_UP Sep 21 07:25:29.792952: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:29.792954: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:29.792958: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:29.792961: | creating state object #3 at 0x555cbddc4800 Sep 21 07:25:29.792963: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:29.792967: | pstats #3 ikev2.child started Sep 21 07:25:29.792969: | duplicating state object #1 "north-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:25:29.792972: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:29.792981: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:29.792985: | suspend processing: connection "north-eastnets/0x2" (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:29.792989: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:29.792993: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:25:29.792996: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:29.792999: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:25:29.793003: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:25:29.793009: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.793013: "north-eastnets/0x2": constructed local ESP/AH proposals for north-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.793023: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP3072 Sep 21 07:25:29.793026: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x555cbddca3a0 Sep 21 07:25:29.793030: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:25:29.793033: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.793036: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:29.793041: | RESET processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:29.793044: | RESET processing: connection "north-eastnets/0x2" (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:29.793046: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:29.793050: | start processing: connection "north-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:29.793053: | connection 'north-eastnets/0x1' +POLICY_UP Sep 21 07:25:29.793056: | dup_any(fd@23) -> fd@25 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:29.793058: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:29.793060: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:29.793064: | creating state object #4 at 0x555cbddd0720 Sep 21 07:25:29.793066: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:29.793069: | pstats #4 ikev2.child started Sep 21 07:25:29.793072: | duplicating state object #1 "north-eastnets/0x2" as #4 for IPSEC SA Sep 21 07:25:29.793076: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:29.793081: | Message ID: init_child #1.#4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:29.793084: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:29.793087: | suspend processing: connection "north-eastnets/0x1" (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:29.793091: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:29.793095: | child state #4: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:25:29.793099: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:29.793102: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x1 (ESP/AH initiator emitting proposals) Sep 21 07:25:29.793106: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:25:29.793111: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.793114: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.793122: | #4 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP3072 Sep 21 07:25:29.793126: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x555cbddc8ae0 Sep 21 07:25:29.793129: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:25:29.793132: | libevent_malloc: new ptr-libevent@0x555cbddc9430 size 128 Sep 21 07:25:29.793134: | libevent_realloc: release ptr-libevent@0x555cbdda2760 Sep 21 07:25:29.793137: | libevent_realloc: new ptr-libevent@0x555cbddc94c0 size 128 Sep 21 07:25:29.793142: | RESET processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:29.793145: | RESET processing: connection "north-eastnets/0x1" (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:29.793146: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:29.793149: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:25:29.793151: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.793154: | spent 0.234 milliseconds in whack Sep 21 07:25:29.793160: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.793163: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.793166: | spent 0.00364 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.793167: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.793170: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.793172: | spent 0.00226 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.793173: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.793176: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.793178: | spent 0.00223 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.793182: | timer_event_cb: processing event@0x555cbddca3a0 Sep 21 07:25:29.793184: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:25:29.793187: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:29.793193: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:25:29.793195: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:29.793197: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:29.793199: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:29.793205: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.793207: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x555cbddca3a0 Sep 21 07:25:29.793210: | #3 spent 0.0279 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:29.793213: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:29.793216: | timer_event_cb: processing event@0x555cbddc8ae0 Sep 21 07:25:29.793214: | crypto helper 3 resuming Sep 21 07:25:29.793218: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:25:29.793228: | crypto helper 3 starting work-order 3 for state #3 Sep 21 07:25:29.793234: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:29.793240: | crypto helper 3 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:25:29.793245: | adding Child Initiator KE and nonce ni work-order 4 for state #4 Sep 21 07:25:29.793252: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca3a0 Sep 21 07:25:29.793255: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:29.793257: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.793261: | libevent_free: release ptr-libevent@0x555cbddc9430 Sep 21 07:25:29.793264: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x555cbddc8ae0 Sep 21 07:25:29.793268: | crypto helper 5 resuming Sep 21 07:25:29.793269: | #4 spent 0.0434 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:29.793276: | crypto helper 5 starting work-order 4 for state #4 Sep 21 07:25:29.793282: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:29.793284: | crypto helper 5 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 4 Sep 21 07:25:29.797508: | crypto helper 3 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.004267 seconds Sep 21 07:25:29.797510: | crypto helper 5 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 4 time elapsed 0.004224 seconds Sep 21 07:25:29.797528: | (#3) spent 1.91 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:25:29.797531: | (#4) spent 2.42 milliseconds in crypto helper computing work-order 4: Child Initiator KE and nonce ni (pcr) Sep 21 07:25:29.797531: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:29.797538: | crypto helper 5 sending results from work-order 4 for state #4 to event queue Sep 21 07:25:29.797549: | scheduling resume sending helper answer for #4 Sep 21 07:25:29.797543: | scheduling resume sending helper answer for #3 Sep 21 07:25:29.797553: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:29.797561: | libevent_malloc: new ptr-libevent@0x7fd390005780 size 128 Sep 21 07:25:29.797571: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:29.797578: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:29.797580: | processing resume sending helper answer for #4 Sep 21 07:25:29.797589: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.797593: | crypto helper 5 replies to request ID 4 Sep 21 07:25:29.797595: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:29.797598: | ikev2_child_outI_continue for #4 STATE_V2_CREATE_I0 Sep 21 07:25:29.797600: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.797603: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.797605: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca3a0 Sep 21 07:25:29.797607: | event_schedule: new EVENT_SA_REPLACE-pe@0x555cbddca3a0 Sep 21 07:25:29.797610: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:25:29.797611: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.797615: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.797617: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:29.797619: | libevent_malloc: new ptr-libevent@0x555cbddc9430 size 128 Sep 21 07:25:29.797622: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.797625: | #4 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:25:29.797627: | suspending state #4 and saving MD Sep 21 07:25:29.797628: | #4 is busy; has a suspended MD Sep 21 07:25:29.797631: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.797637: | "north-eastnets/0x1" #4 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.797639: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:25:29.797643: | #4 spent 0.0495 milliseconds in resume sending helper answer Sep 21 07:25:29.797646: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.797648: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:29.797650: | processing resume sending helper answer for #3 Sep 21 07:25:29.797653: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.797655: | crypto helper 3 replies to request ID 3 Sep 21 07:25:29.797657: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:29.797661: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:25:29.797663: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.797665: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:29.797667: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:29.797668: | event_schedule: new EVENT_SA_REPLACE-pe@0x555cbddca260 Sep 21 07:25:29.797671: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:25:29.797672: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:29.797675: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.797677: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:29.797678: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:29.797681: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.797683: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:25:29.797685: | suspending state #3 and saving MD Sep 21 07:25:29.797686: | #3 is busy; has a suspended MD Sep 21 07:25:29.797689: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.797691: | "north-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.797692: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:25:29.797695: | #3 spent 0.0396 milliseconds in resume sending helper answer Sep 21 07:25:29.797698: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.797699: | libevent_free: release ptr-libevent@0x7fd390005780 Sep 21 07:25:29.797703: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:29.797706: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:29.797709: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.797713: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:29.797715: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:29.797720: | **emit ISAKMP Message: Sep 21 07:25:29.797722: | initiator cookie: Sep 21 07:25:29.797723: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.797725: | responder cookie: Sep 21 07:25:29.797726: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.797728: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:29.797730: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.797733: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:29.797735: | flags: none (0x0) Sep 21 07:25:29.797736: | Message ID: 0 (0x0) Sep 21 07:25:29.797738: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:29.797740: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:29.797742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.797744: | flags: none (0x0) Sep 21 07:25:29.797746: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:29.797748: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.797750: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:29.797767: | netlink_get_spi: allocated 0x53e891ee for esp.0@192.1.3.33 Sep 21 07:25:29.797769: | Emitting ikev2_proposals ... Sep 21 07:25:29.797771: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:29.797772: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.797774: | flags: none (0x0) Sep 21 07:25:29.797776: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:29.797778: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.797780: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.797781: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.797790: | prop #: 1 (0x1) Sep 21 07:25:29.797796: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.797797: | spi size: 4 (0x4) Sep 21 07:25:29.797799: | # transforms: 4 (0x4) Sep 21 07:25:29.797801: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:29.797803: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:29.797804: | our spi 53 e8 91 ee Sep 21 07:25:29.797806: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.797808: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.797809: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.797811: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.797813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.797815: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.797817: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.797818: | length/value: 128 (0x80) Sep 21 07:25:29.797820: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:29.797822: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.797823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.797825: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.797826: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.797828: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.797830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.797832: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.797833: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.797835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.797836: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.797838: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.797840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.797841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.797844: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.797846: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.797847: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.797849: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.797850: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.797852: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.797854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.797855: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.797857: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:29.797858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:29.797860: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:25:29.797862: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:29.797863: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:29.797865: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.797866: | flags: none (0x0) Sep 21 07:25:29.797868: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.797870: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.797872: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:29.797874: | IKEv2 nonce ea 01 53 cf cd 9d f8 4c 2d a8 52 ad f4 eb 34 14 Sep 21 07:25:29.797875: | IKEv2 nonce 16 06 1b 8d ba eb fc e5 e3 f9 c4 0a aa d6 06 9b Sep 21 07:25:29.797877: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:29.797878: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:29.797880: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.797881: | flags: none (0x0) Sep 21 07:25:29.797883: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.797885: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:29.797886: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.797888: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:29.797890: | ikev2 g^x 47 47 ef 7d 22 47 5b 24 d8 f6 17 73 c2 0d d2 e6 Sep 21 07:25:29.797891: | ikev2 g^x db 62 9c 1e 75 3f 1b ac a7 ac fb 9a 43 0a f8 91 Sep 21 07:25:29.797892: | ikev2 g^x 46 7d 0f ec 59 bc a5 80 9f 8b b9 6e d1 36 9f 52 Sep 21 07:25:29.797894: | ikev2 g^x e2 ba 8f f1 95 5b a7 26 30 f4 d0 59 f4 8b e4 3f Sep 21 07:25:29.797895: | ikev2 g^x af 21 2d b7 76 f7 40 82 36 de d0 2d 94 27 5f ac Sep 21 07:25:29.797897: | ikev2 g^x ac 17 53 fe c5 5b 92 30 e8 1e ab 14 64 3a 59 9e Sep 21 07:25:29.797898: | ikev2 g^x e3 ae 46 3e 54 e0 57 c4 d1 81 0f 10 29 c8 97 77 Sep 21 07:25:29.797900: | ikev2 g^x 82 03 de 11 77 1a 12 72 26 d7 fb 82 96 60 48 1d Sep 21 07:25:29.797901: | ikev2 g^x 86 98 4e c1 72 60 28 da 8d 99 85 14 03 7a 4f 83 Sep 21 07:25:29.797902: | ikev2 g^x 01 e7 3c 8d c2 2c 7c ab dc a8 b9 84 34 a4 15 c9 Sep 21 07:25:29.797904: | ikev2 g^x 15 fb 50 d0 0d 3e 4b 3d f9 f0 ca 13 82 8f 5c c0 Sep 21 07:25:29.797905: | ikev2 g^x 01 13 68 06 87 e9 64 5c 84 c5 9d 1f af 1c 6b 7f Sep 21 07:25:29.797907: | ikev2 g^x 99 9e 2b 58 f7 0c 62 10 1c 99 4c 5a 78 fe 0f 37 Sep 21 07:25:29.797908: | ikev2 g^x 32 5a 06 00 43 44 4e d2 1e 3b 89 cf 71 af ee a5 Sep 21 07:25:29.797909: | ikev2 g^x 0e c1 58 93 e4 23 b0 f0 7d 28 b2 90 45 62 30 90 Sep 21 07:25:29.797912: | ikev2 g^x e9 af aa d5 36 cd ff 87 47 75 de af ce 16 40 a1 Sep 21 07:25:29.797913: | ikev2 g^x 92 bf a1 ef ce bf 20 d6 8b 8b 0d e6 c5 4b fe 63 Sep 21 07:25:29.797914: | ikev2 g^x f1 6c ff 27 3a 35 14 c9 97 0a a8 41 e8 fc 39 33 Sep 21 07:25:29.797916: | ikev2 g^x 25 04 ef e0 99 9d 78 93 9e f9 61 77 45 19 fc b0 Sep 21 07:25:29.797917: | ikev2 g^x 8f a2 23 93 54 23 65 81 40 29 bc f4 d4 6f 87 b1 Sep 21 07:25:29.797919: | ikev2 g^x 3b 2e 7f 76 f9 84 1d 90 87 fa db e6 89 12 44 81 Sep 21 07:25:29.797920: | ikev2 g^x b1 a3 ed 26 4f 6a 73 da f0 3b f5 b1 42 fe f9 99 Sep 21 07:25:29.797921: | ikev2 g^x 91 7a 83 be a4 59 0d 16 cf ab a8 5a bb 42 a8 d7 Sep 21 07:25:29.797923: | ikev2 g^x 49 61 60 36 11 ac e8 bb 06 81 b5 55 da f2 f5 43 Sep 21 07:25:29.797924: | emitting length of IKEv2 Key Exchange Payload: 392 Sep 21 07:25:29.797927: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.797928: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.797930: | flags: none (0x0) Sep 21 07:25:29.797931: | number of TS: 1 (0x1) Sep 21 07:25:29.797933: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.797935: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.797937: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.797938: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.797940: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.797941: | start port: 0 (0x0) Sep 21 07:25:29.797943: | end port: 65535 (0xffff) Sep 21 07:25:29.797944: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.797946: | IP start c0 00 03 00 Sep 21 07:25:29.797948: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.797949: | IP end c0 00 03 ff Sep 21 07:25:29.797950: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.797952: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:29.797953: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.797955: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.797956: | flags: none (0x0) Sep 21 07:25:29.797958: | number of TS: 1 (0x1) Sep 21 07:25:29.797960: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.797961: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.797963: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.797964: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.797966: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.797967: | start port: 0 (0x0) Sep 21 07:25:29.797969: | end port: 65535 (0xffff) Sep 21 07:25:29.797970: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.797972: | IP start c0 00 02 00 Sep 21 07:25:29.797973: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.797975: | IP end c0 00 02 ff Sep 21 07:25:29.797976: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.797978: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:29.797979: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:29.797981: | adding 16 bytes of padding (including 1 byte padding-length) Sep 21 07:25:29.797983: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797985: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797987: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797988: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797991: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797992: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797994: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797996: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797997: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.797999: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798001: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798002: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798004: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798005: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798007: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798009: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.798010: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:29.798012: | emitting length of IKEv2 Encryption Payload: 580 Sep 21 07:25:29.798013: | emitting length of ISAKMP Message: 608 Sep 21 07:25:29.798043: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.798045: | data being hmac: 2e 20 24 00 00 00 00 00 00 00 02 60 21 00 02 44 Sep 21 07:25:29.798047: | data being hmac: 7b 26 18 32 eb a7 84 15 57 ba 1b 62 14 41 c8 61 Sep 21 07:25:29.798048: | data being hmac: 24 e4 f6 39 11 9e 9c 1a bf f8 4d cf ff 65 04 af Sep 21 07:25:29.798050: | data being hmac: ed cd 31 07 fd e3 88 03 6e bd 52 ff 4c 0f 6e fd Sep 21 07:25:29.798051: | data being hmac: 8e 8c 44 1e f4 2b e1 9b fe f4 ea e5 79 ba dd 42 Sep 21 07:25:29.798052: | data being hmac: d6 16 59 a7 7f e6 fd bc 01 a5 13 ec fa 28 d2 79 Sep 21 07:25:29.798054: | data being hmac: 1e 8f 36 a0 2c b8 a3 9a eb 89 59 24 18 e3 4b 4a Sep 21 07:25:29.798055: | data being hmac: 4e 31 1c 9b a2 d8 5a 1d a9 2f 50 27 73 02 94 6f Sep 21 07:25:29.798057: | data being hmac: b4 b6 a3 3c b7 12 99 4b 51 68 c7 e4 f0 63 a8 d6 Sep 21 07:25:29.798058: | data being hmac: cf 23 a2 1e de 22 e3 06 94 d2 6f d5 03 2b 37 2d Sep 21 07:25:29.798060: | data being hmac: 11 87 51 12 c8 ae 0c 85 d5 76 f6 d2 75 fd 6d 90 Sep 21 07:25:29.798061: | data being hmac: 98 0f 7c 1c 14 da 84 05 d8 6c 3a e8 da 58 c5 b6 Sep 21 07:25:29.798062: | data being hmac: 87 ba 8f d1 e7 8e be e6 c5 17 06 d1 d5 29 33 26 Sep 21 07:25:29.798064: | data being hmac: 68 75 96 27 e9 60 7c c6 ac 2f 48 64 09 0e fc f8 Sep 21 07:25:29.798065: | data being hmac: f7 82 4c 12 ee fe 76 d6 e1 e3 1e 71 eb f5 52 98 Sep 21 07:25:29.798067: | data being hmac: 96 43 56 ae 96 5f 68 3c ae 88 41 d3 e7 6a fc 10 Sep 21 07:25:29.798068: | data being hmac: 7f 07 58 e5 b7 4d 2c 4f 21 6a fd fb b7 16 ec 2c Sep 21 07:25:29.798070: | data being hmac: 25 9d 2b c0 43 c0 26 78 9d dc 83 3e 10 9d 89 16 Sep 21 07:25:29.798071: | data being hmac: 9a 75 3b 20 8a 0d 90 82 7b bd 1c ad d3 63 14 a4 Sep 21 07:25:29.798072: | data being hmac: 9d 31 59 b9 c6 7f 32 3a 14 10 1b f7 8a df e7 6e Sep 21 07:25:29.798074: | data being hmac: 1b fd 35 09 05 e2 5d bc 20 82 cd ce a9 94 e9 21 Sep 21 07:25:29.798075: | data being hmac: 15 59 86 f8 27 a5 59 ab 23 2d 68 94 4d b5 c5 59 Sep 21 07:25:29.798077: | data being hmac: 46 c5 32 c7 25 65 1e 76 39 1b 66 6c 03 b4 32 b0 Sep 21 07:25:29.798078: | data being hmac: 00 76 51 b7 33 7f 3f e7 cd a1 41 ce bd 3b a7 a3 Sep 21 07:25:29.798079: | data being hmac: 01 7b 06 fd e6 fc c9 91 0f 24 1e a8 aa 73 c2 96 Sep 21 07:25:29.798082: | data being hmac: a3 50 4f 2e 80 6c 73 e3 95 32 5b e1 75 2d 2c 51 Sep 21 07:25:29.798084: | data being hmac: 54 4b 9d b6 a5 76 a8 f0 ea 1d b9 54 ad b2 17 56 Sep 21 07:25:29.798085: | data being hmac: d7 8d 27 b8 ef a5 72 79 34 99 ec ce d7 3f 7d d1 Sep 21 07:25:29.798086: | data being hmac: 66 76 55 58 5d 8e 4d 7a 95 7c 4a 72 40 6b 0a 37 Sep 21 07:25:29.798088: | data being hmac: ee 2e bb ed d1 09 d8 e0 7c 44 f4 9b 44 5e b8 41 Sep 21 07:25:29.798089: | data being hmac: e2 3b b7 7b 17 5a a3 2a 4e bb f4 94 2d 9c d0 ee Sep 21 07:25:29.798091: | data being hmac: 0b 42 cb fa 66 68 eb 05 39 59 56 a9 f9 75 a4 f1 Sep 21 07:25:29.798092: | data being hmac: 12 ef 03 ea 21 c3 c1 b8 68 66 3f 2f 90 51 1b f5 Sep 21 07:25:29.798093: | data being hmac: 26 86 7b 0a d9 a1 05 b0 bd f9 30 26 93 97 03 bc Sep 21 07:25:29.798095: | data being hmac: da cd c4 bf f8 4b b1 ed b2 30 7f 0d 20 f9 d1 88 Sep 21 07:25:29.798096: | data being hmac: f9 c0 27 49 de b9 81 15 95 37 71 a7 eb ba 2c 66 Sep 21 07:25:29.798098: | out calculated auth: Sep 21 07:25:29.798099: | ce c6 2e 7a ac a3 09 77 d9 cd ff e9 69 c0 26 09 Sep 21 07:25:29.798104: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.798106: | #4 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:25:29.798108: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:25:29.798110: | child state #4: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:25:29.798112: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:25:29.798114: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:29.798117: | Message ID: sent #1.#4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:29.798120: "north-eastnets/0x1" #4: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:29.798129: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:29.798134: | sending 608 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:29.798135: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.798137: | 2e 20 24 00 00 00 00 00 00 00 02 60 21 00 02 44 Sep 21 07:25:29.798138: | 7b 26 18 32 eb a7 84 15 57 ba 1b 62 14 41 c8 61 Sep 21 07:25:29.798139: | 24 e4 f6 39 11 9e 9c 1a bf f8 4d cf ff 65 04 af Sep 21 07:25:29.798141: | ed cd 31 07 fd e3 88 03 6e bd 52 ff 4c 0f 6e fd Sep 21 07:25:29.798142: | 8e 8c 44 1e f4 2b e1 9b fe f4 ea e5 79 ba dd 42 Sep 21 07:25:29.798144: | d6 16 59 a7 7f e6 fd bc 01 a5 13 ec fa 28 d2 79 Sep 21 07:25:29.798145: | 1e 8f 36 a0 2c b8 a3 9a eb 89 59 24 18 e3 4b 4a Sep 21 07:25:29.798146: | 4e 31 1c 9b a2 d8 5a 1d a9 2f 50 27 73 02 94 6f Sep 21 07:25:29.798148: | b4 b6 a3 3c b7 12 99 4b 51 68 c7 e4 f0 63 a8 d6 Sep 21 07:25:29.798149: | cf 23 a2 1e de 22 e3 06 94 d2 6f d5 03 2b 37 2d Sep 21 07:25:29.798151: | 11 87 51 12 c8 ae 0c 85 d5 76 f6 d2 75 fd 6d 90 Sep 21 07:25:29.798152: | 98 0f 7c 1c 14 da 84 05 d8 6c 3a e8 da 58 c5 b6 Sep 21 07:25:29.798153: | 87 ba 8f d1 e7 8e be e6 c5 17 06 d1 d5 29 33 26 Sep 21 07:25:29.798155: | 68 75 96 27 e9 60 7c c6 ac 2f 48 64 09 0e fc f8 Sep 21 07:25:29.798156: | f7 82 4c 12 ee fe 76 d6 e1 e3 1e 71 eb f5 52 98 Sep 21 07:25:29.798157: | 96 43 56 ae 96 5f 68 3c ae 88 41 d3 e7 6a fc 10 Sep 21 07:25:29.798159: | 7f 07 58 e5 b7 4d 2c 4f 21 6a fd fb b7 16 ec 2c Sep 21 07:25:29.798160: | 25 9d 2b c0 43 c0 26 78 9d dc 83 3e 10 9d 89 16 Sep 21 07:25:29.798162: | 9a 75 3b 20 8a 0d 90 82 7b bd 1c ad d3 63 14 a4 Sep 21 07:25:29.798163: | 9d 31 59 b9 c6 7f 32 3a 14 10 1b f7 8a df e7 6e Sep 21 07:25:29.798164: | 1b fd 35 09 05 e2 5d bc 20 82 cd ce a9 94 e9 21 Sep 21 07:25:29.798167: | 15 59 86 f8 27 a5 59 ab 23 2d 68 94 4d b5 c5 59 Sep 21 07:25:29.798168: | 46 c5 32 c7 25 65 1e 76 39 1b 66 6c 03 b4 32 b0 Sep 21 07:25:29.798170: | 00 76 51 b7 33 7f 3f e7 cd a1 41 ce bd 3b a7 a3 Sep 21 07:25:29.798171: | 01 7b 06 fd e6 fc c9 91 0f 24 1e a8 aa 73 c2 96 Sep 21 07:25:29.798172: | a3 50 4f 2e 80 6c 73 e3 95 32 5b e1 75 2d 2c 51 Sep 21 07:25:29.798174: | 54 4b 9d b6 a5 76 a8 f0 ea 1d b9 54 ad b2 17 56 Sep 21 07:25:29.798175: | d7 8d 27 b8 ef a5 72 79 34 99 ec ce d7 3f 7d d1 Sep 21 07:25:29.798176: | 66 76 55 58 5d 8e 4d 7a 95 7c 4a 72 40 6b 0a 37 Sep 21 07:25:29.798178: | ee 2e bb ed d1 09 d8 e0 7c 44 f4 9b 44 5e b8 41 Sep 21 07:25:29.798179: | e2 3b b7 7b 17 5a a3 2a 4e bb f4 94 2d 9c d0 ee Sep 21 07:25:29.798181: | 0b 42 cb fa 66 68 eb 05 39 59 56 a9 f9 75 a4 f1 Sep 21 07:25:29.798182: | 12 ef 03 ea 21 c3 c1 b8 68 66 3f 2f 90 51 1b f5 Sep 21 07:25:29.798183: | 26 86 7b 0a d9 a1 05 b0 bd f9 30 26 93 97 03 bc Sep 21 07:25:29.798185: | da cd c4 bf f8 4b b1 ed b2 30 7f 0d 20 f9 d1 88 Sep 21 07:25:29.798186: | f9 c0 27 49 de b9 81 15 95 37 71 a7 eb ba 2c 66 Sep 21 07:25:29.798187: | ce c6 2e 7a ac a3 09 77 d9 cd ff e9 69 c0 26 09 Sep 21 07:25:29.798231: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:29.798234: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.798236: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555cbddca3a0 Sep 21 07:25:29.798238: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:29.798240: | event_schedule: new EVENT_RETRANSMIT-pe@0x555cbddca3a0 Sep 21 07:25:29.798243: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:25:29.798245: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.798248: | #4 STATE_V2_CREATE_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.166505 Sep 21 07:25:29.798251: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:29.798254: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:29.798257: | #1 spent 0.519 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:29.798260: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:29.798262: | libevent_free: release ptr-libevent@0x555cbddc9430 Sep 21 07:25:29.798264: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:29.798266: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:29.798270: | #1 spent 0.000542 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:29.798272: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:29.798274: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:29.823434: | spent 0.00316 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:29.823459: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:29.823463: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.823465: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:29.823468: | 09 50 f9 4f a8 da b9 06 17 61 cc 77 f8 1e e5 46 Sep 21 07:25:29.823470: | f8 b7 24 41 8a c2 01 73 ad a4 85 bc d8 86 fe dd Sep 21 07:25:29.823472: | bd 6c 03 39 74 79 10 5c b6 35 10 e3 14 9d b8 fa Sep 21 07:25:29.823475: | 36 79 7f 9c ba 45 05 d9 c1 f1 28 8b 42 5e 81 7c Sep 21 07:25:29.823477: | 50 74 18 fd 27 06 bd c0 24 07 98 f4 a1 d7 a6 5a Sep 21 07:25:29.823479: | 81 22 c1 f9 d2 25 3f d8 eb d1 51 37 50 9d 54 6a Sep 21 07:25:29.823482: | d1 5c e3 0e 7b f7 85 8c e2 85 e6 34 39 1e f7 15 Sep 21 07:25:29.823488: | ca 5b ef e3 ae 96 6c fe 20 0b e7 e6 36 ad 0c 1a Sep 21 07:25:29.823490: | 1a a0 7b d3 ea db 2e 11 1d 36 56 c2 f9 05 69 d5 Sep 21 07:25:29.823493: | 44 27 1f d4 13 f1 bd 3b 8e 8c 2f 53 39 e2 19 ad Sep 21 07:25:29.823495: | 80 ee b3 02 02 87 92 39 8c 01 45 2d 22 27 49 67 Sep 21 07:25:29.823498: | 45 8c b5 e1 ff 76 29 b1 84 7e 66 7d 01 de 39 67 Sep 21 07:25:29.823500: | b9 f1 f6 aa 45 95 04 5d 11 05 e7 70 4f c0 8e e7 Sep 21 07:25:29.823502: | 81 fc 2b b5 58 f5 74 19 0b 10 88 4f c1 29 58 1d Sep 21 07:25:29.823504: | d7 e0 3f 67 14 e9 f3 ba 98 72 f3 27 a6 31 ef ea Sep 21 07:25:29.823506: | 05 27 ae cd 6c 68 62 d0 5b e5 3b a3 ba 96 fe 41 Sep 21 07:25:29.823509: | 0e 66 e3 c1 4c 25 7f bb 25 cb 80 38 b3 5f bb 0a Sep 21 07:25:29.823511: | 2c d1 57 d9 26 e8 ae 26 96 9b d1 ff 7f 5e 03 cb Sep 21 07:25:29.823513: | 90 73 45 46 2b f4 bd 9a df 9d 69 cc 6f 22 ff d9 Sep 21 07:25:29.823515: | 36 78 d4 16 75 2a 92 0a 6e 3a b0 12 e3 91 7a ad Sep 21 07:25:29.823518: | 0d 79 74 15 41 d7 01 e2 58 c7 c4 70 f8 fb a8 3d Sep 21 07:25:29.823520: | e1 8e e8 ab 59 60 76 31 5d a0 3a 56 9d c1 47 76 Sep 21 07:25:29.823522: | d9 15 44 14 6c 0d 75 d1 a3 09 67 7b dc 93 9a d4 Sep 21 07:25:29.823525: | 28 6d 7b e9 3d 83 b6 60 7f 21 36 1e 7b 06 68 93 Sep 21 07:25:29.823527: | 09 8e fc ac 16 29 1f ab 80 70 97 23 58 6a 35 63 Sep 21 07:25:29.823530: | 6b 8e 38 98 29 83 f0 50 97 03 8b 3a 79 c3 81 91 Sep 21 07:25:29.823532: | 58 20 5e f4 2a 00 8b d6 1b 24 70 e7 c7 e2 8b 75 Sep 21 07:25:29.823534: | 31 ec e9 03 89 e9 c0 ee 45 50 db 1c 29 88 24 7f Sep 21 07:25:29.823536: | da 28 58 3b 67 a7 49 3e 41 d2 e6 8c 3d 29 79 77 Sep 21 07:25:29.823539: | 43 e7 0a a6 60 69 26 7e b3 76 ea b9 ed 8f 76 20 Sep 21 07:25:29.823541: | 64 a3 c2 c2 67 ee a8 de ac 1b bd c8 71 54 71 37 Sep 21 07:25:29.823543: | 51 9f b7 3d 88 dc d1 6f f4 5d 03 02 fa d5 c4 5a Sep 21 07:25:29.823545: | e6 d3 80 11 41 fe 59 82 00 dd 18 29 32 e5 1d 0f Sep 21 07:25:29.823548: | 84 e1 9e 41 32 d3 a7 19 2b 2f 40 1e 02 11 7e c3 Sep 21 07:25:29.823550: | 4a 37 71 20 67 9e df d1 ce 68 e4 29 fd 13 2d fc Sep 21 07:25:29.823552: | 35 b1 c9 9f 50 ce 1f 05 fe 05 2f 43 af e3 94 58 Sep 21 07:25:29.823557: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:29.823561: | **parse ISAKMP Message: Sep 21 07:25:29.823563: | initiator cookie: Sep 21 07:25:29.823566: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.823568: | responder cookie: Sep 21 07:25:29.823570: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.823573: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:29.823576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.823578: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:29.823581: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:29.823583: | Message ID: 2 (0x2) Sep 21 07:25:29.823586: | length: 608 (0x260) Sep 21 07:25:29.823589: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:29.823592: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Sep 21 07:25:29.823597: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:29.823603: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:29.823606: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:29.823610: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:29.823613: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:25:29.823616: | Message ID: #1 not a duplicate - message is new; initiator.sent=0 initiator.recv=-1 responder.sent=1 responder.recv=1 Sep 21 07:25:29.823618: | unpacking clear payload Sep 21 07:25:29.823620: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:29.823627: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:29.823630: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:29.823632: | flags: none (0x0) Sep 21 07:25:29.823634: | length: 580 (0x244) Sep 21 07:25:29.823637: | processing payload: ISAKMP_NEXT_v2SK (len=576) Sep 21 07:25:29.823641: | Message ID: start-responder #1 request 2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:29.823644: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:29.823674: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.823678: | data for hmac: 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:29.823680: | data for hmac: 09 50 f9 4f a8 da b9 06 17 61 cc 77 f8 1e e5 46 Sep 21 07:25:29.823682: | data for hmac: f8 b7 24 41 8a c2 01 73 ad a4 85 bc d8 86 fe dd Sep 21 07:25:29.823685: | data for hmac: bd 6c 03 39 74 79 10 5c b6 35 10 e3 14 9d b8 fa Sep 21 07:25:29.823687: | data for hmac: 36 79 7f 9c ba 45 05 d9 c1 f1 28 8b 42 5e 81 7c Sep 21 07:25:29.823689: | data for hmac: 50 74 18 fd 27 06 bd c0 24 07 98 f4 a1 d7 a6 5a Sep 21 07:25:29.823691: | data for hmac: 81 22 c1 f9 d2 25 3f d8 eb d1 51 37 50 9d 54 6a Sep 21 07:25:29.823693: | data for hmac: d1 5c e3 0e 7b f7 85 8c e2 85 e6 34 39 1e f7 15 Sep 21 07:25:29.823695: | data for hmac: ca 5b ef e3 ae 96 6c fe 20 0b e7 e6 36 ad 0c 1a Sep 21 07:25:29.823697: | data for hmac: 1a a0 7b d3 ea db 2e 11 1d 36 56 c2 f9 05 69 d5 Sep 21 07:25:29.823699: | data for hmac: 44 27 1f d4 13 f1 bd 3b 8e 8c 2f 53 39 e2 19 ad Sep 21 07:25:29.823701: | data for hmac: 80 ee b3 02 02 87 92 39 8c 01 45 2d 22 27 49 67 Sep 21 07:25:29.823703: | data for hmac: 45 8c b5 e1 ff 76 29 b1 84 7e 66 7d 01 de 39 67 Sep 21 07:25:29.823706: | data for hmac: b9 f1 f6 aa 45 95 04 5d 11 05 e7 70 4f c0 8e e7 Sep 21 07:25:29.823708: | data for hmac: 81 fc 2b b5 58 f5 74 19 0b 10 88 4f c1 29 58 1d Sep 21 07:25:29.823710: | data for hmac: d7 e0 3f 67 14 e9 f3 ba 98 72 f3 27 a6 31 ef ea Sep 21 07:25:29.823712: | data for hmac: 05 27 ae cd 6c 68 62 d0 5b e5 3b a3 ba 96 fe 41 Sep 21 07:25:29.823714: | data for hmac: 0e 66 e3 c1 4c 25 7f bb 25 cb 80 38 b3 5f bb 0a Sep 21 07:25:29.823716: | data for hmac: 2c d1 57 d9 26 e8 ae 26 96 9b d1 ff 7f 5e 03 cb Sep 21 07:25:29.823719: | data for hmac: 90 73 45 46 2b f4 bd 9a df 9d 69 cc 6f 22 ff d9 Sep 21 07:25:29.823721: | data for hmac: 36 78 d4 16 75 2a 92 0a 6e 3a b0 12 e3 91 7a ad Sep 21 07:25:29.823723: | data for hmac: 0d 79 74 15 41 d7 01 e2 58 c7 c4 70 f8 fb a8 3d Sep 21 07:25:29.823725: | data for hmac: e1 8e e8 ab 59 60 76 31 5d a0 3a 56 9d c1 47 76 Sep 21 07:25:29.823726: | data for hmac: d9 15 44 14 6c 0d 75 d1 a3 09 67 7b dc 93 9a d4 Sep 21 07:25:29.823728: | data for hmac: 28 6d 7b e9 3d 83 b6 60 7f 21 36 1e 7b 06 68 93 Sep 21 07:25:29.823729: | data for hmac: 09 8e fc ac 16 29 1f ab 80 70 97 23 58 6a 35 63 Sep 21 07:25:29.823731: | data for hmac: 6b 8e 38 98 29 83 f0 50 97 03 8b 3a 79 c3 81 91 Sep 21 07:25:29.823732: | data for hmac: 58 20 5e f4 2a 00 8b d6 1b 24 70 e7 c7 e2 8b 75 Sep 21 07:25:29.823733: | data for hmac: 31 ec e9 03 89 e9 c0 ee 45 50 db 1c 29 88 24 7f Sep 21 07:25:29.823735: | data for hmac: da 28 58 3b 67 a7 49 3e 41 d2 e6 8c 3d 29 79 77 Sep 21 07:25:29.823736: | data for hmac: 43 e7 0a a6 60 69 26 7e b3 76 ea b9 ed 8f 76 20 Sep 21 07:25:29.823737: | data for hmac: 64 a3 c2 c2 67 ee a8 de ac 1b bd c8 71 54 71 37 Sep 21 07:25:29.823739: | data for hmac: 51 9f b7 3d 88 dc d1 6f f4 5d 03 02 fa d5 c4 5a Sep 21 07:25:29.823740: | data for hmac: e6 d3 80 11 41 fe 59 82 00 dd 18 29 32 e5 1d 0f Sep 21 07:25:29.823742: | data for hmac: 84 e1 9e 41 32 d3 a7 19 2b 2f 40 1e 02 11 7e c3 Sep 21 07:25:29.823743: | data for hmac: 4a 37 71 20 67 9e df d1 ce 68 e4 29 fd 13 2d fc Sep 21 07:25:29.823744: | calculated auth: 35 b1 c9 9f 50 ce 1f 05 fe 05 2f 43 af e3 94 58 Sep 21 07:25:29.823748: | provided auth: 35 b1 c9 9f 50 ce 1f 05 fe 05 2f 43 af e3 94 58 Sep 21 07:25:29.823749: | authenticator matched Sep 21 07:25:29.823757: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:29.823759: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:29.823761: | **parse IKEv2 Security Association Payload: Sep 21 07:25:29.823763: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:29.823764: | flags: none (0x0) Sep 21 07:25:29.823766: | length: 52 (0x34) Sep 21 07:25:29.823767: | processing payload: ISAKMP_NEXT_v2SA (len=48) Sep 21 07:25:29.823769: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.823770: | **parse IKEv2 Nonce Payload: Sep 21 07:25:29.823772: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:29.823773: | flags: none (0x0) Sep 21 07:25:29.823774: | length: 36 (0x24) Sep 21 07:25:29.823776: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:29.823777: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:29.823779: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:29.823780: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:29.823782: | flags: none (0x0) Sep 21 07:25:29.823855: | length: 392 (0x188) Sep 21 07:25:29.823857: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.823858: | processing payload: ISAKMP_NEXT_v2KE (len=384) Sep 21 07:25:29.823860: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.823861: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.823878: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:29.823879: | flags: none (0x0) Sep 21 07:25:29.823881: | length: 24 (0x18) Sep 21 07:25:29.823882: | number of TS: 1 (0x1) Sep 21 07:25:29.823884: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:29.823885: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.823887: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.823888: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.823889: | flags: none (0x0) Sep 21 07:25:29.823891: | length: 24 (0x18) Sep 21 07:25:29.823892: | number of TS: 1 (0x1) Sep 21 07:25:29.823894: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:29.823896: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Sep 21 07:25:29.823898: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:25:29.823914: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:29.823918: | creating state object #5 at 0x555cbddd1850 Sep 21 07:25:29.823919: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:25:29.823922: | pstats #5 ikev2.child started Sep 21 07:25:29.823923: | duplicating state object #1 "north-eastnets/0x2" as #5 for IPSEC SA Sep 21 07:25:29.823926: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:29.823930: | Message ID: init_child #1.#5; ike: initiator.sent=0 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:29.823932: | child state #5: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Sep 21 07:25:29.823935: | "north-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.2.23:500 Child "north-eastnets/0x2" #5 in STATE_V2_CREATE_R will process it further Sep 21 07:25:29.823938: | Message ID: switch-from #1 request 2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Sep 21 07:25:29.823941: | Message ID: switch-to #1.#5 request 2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:29.823942: | forcing ST #1 to CHILD #1.#5 in FSM processor Sep 21 07:25:29.823944: | Now let's proceed with state specific processing Sep 21 07:25:29.823945: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:25:29.823953: | using existing local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.823955: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 1 local proposals Sep 21 07:25:29.823957: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:29.823959: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:29.823960: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:29.823962: | local proposal 1 type DH has 1 transforms Sep 21 07:25:29.823963: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:29.823965: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:29.823967: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.823969: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.823970: | length: 48 (0x30) Sep 21 07:25:29.823972: | prop #: 1 (0x1) Sep 21 07:25:29.823973: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.823974: | spi size: 4 (0x4) Sep 21 07:25:29.823976: | # transforms: 4 (0x4) Sep 21 07:25:29.823978: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:29.823979: | remote SPI 95 7b 28 d2 Sep 21 07:25:29.823996: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:29.823998: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.823999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.824001: | length: 12 (0xc) Sep 21 07:25:29.824002: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.824004: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.824006: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.824007: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.824009: | length/value: 128 (0x80) Sep 21 07:25:29.824011: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:29.824013: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.824015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.824016: | length: 8 (0x8) Sep 21 07:25:29.824018: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.824019: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.824021: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:29.824023: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.824024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.824026: | length: 8 (0x8) Sep 21 07:25:29.824027: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.824029: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.824031: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:29.824032: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.824034: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.824035: | length: 8 (0x8) Sep 21 07:25:29.824037: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.824038: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.824040: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:29.824043: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Sep 21 07:25:29.824045: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Sep 21 07:25:29.824047: | remote proposal 1 matches local proposal 1 Sep 21 07:25:29.824050: "north-eastnets/0x2" #1: proposal 1:ESP:SPI=957b28d2;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Sep 21 07:25:29.824054: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=957b28d2;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.824056: | converting proposal to internal trans attrs Sep 21 07:25:29.824059: | updating #5's .st_oakley with preserved PRF, but why update? Sep 21 07:25:29.824064: | Child SA TS Request has child->sa == md->st; so using child connection Sep 21 07:25:29.824066: | TSi: parsing 1 traffic selectors Sep 21 07:25:29.824068: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.824069: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.824071: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.824072: | length: 16 (0x10) Sep 21 07:25:29.824074: | start port: 0 (0x0) Sep 21 07:25:29.824075: | end port: 65535 (0xffff) Sep 21 07:25:29.824077: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.824078: | TS low c0 00 16 00 Sep 21 07:25:29.824081: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.824083: | TS high c0 00 16 ff Sep 21 07:25:29.824085: | TSi: parsed 1 traffic selectors Sep 21 07:25:29.824087: | TSr: parsing 1 traffic selectors Sep 21 07:25:29.824089: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.824091: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.824094: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.824096: | length: 16 (0x10) Sep 21 07:25:29.824098: | start port: 0 (0x0) Sep 21 07:25:29.824101: | end port: 65535 (0xffff) Sep 21 07:25:29.824102: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.824103: | TS low c0 00 03 00 Sep 21 07:25:29.824105: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.824106: | TS high c0 00 03 ff Sep 21 07:25:29.824108: | TSr: parsed 1 traffic selectors Sep 21 07:25:29.824109: | looking for best SPD in current connection Sep 21 07:25:29.824113: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Sep 21 07:25:29.824116: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.824120: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:29.824122: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:29.824124: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:29.824126: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:29.824128: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.824130: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.824133: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:29.824135: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:29.824137: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:29.824138: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:29.824140: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.824142: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:29.824143: | found better spd route for TSi[0],TSr[0] Sep 21 07:25:29.824145: | looking for better host pair Sep 21 07:25:29.824148: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:29.824151: | checking hostpair 192.0.3.0/24:0 -> 192.0.22.0/24:0 is found Sep 21 07:25:29.824152: | investigating connection "north-eastnets/0x2" as a better match Sep 21 07:25:29.824155: | match_id a=@east Sep 21 07:25:29.824156: | b=@east Sep 21 07:25:29.824158: | results matched Sep 21 07:25:29.824161: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Sep 21 07:25:29.824164: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.824171: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:29.824174: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:29.824176: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:29.824177: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:29.824179: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.824182: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.824185: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:29.824186: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:29.824188: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:29.824190: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:29.824191: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.824193: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:29.824194: | investigating connection "north-eastnets/0x1" as a better match Sep 21 07:25:29.824196: | match_id a=@east Sep 21 07:25:29.824198: | b=@east Sep 21 07:25:29.824199: | results matched Sep 21 07:25:29.824202: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Sep 21 07:25:29.824204: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.824208: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: NO Sep 21 07:25:29.824209: | did not find a better connection using host pair Sep 21 07:25:29.824211: | printing contents struct traffic_selector Sep 21 07:25:29.824212: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:29.824214: | ipprotoid: 0 Sep 21 07:25:29.824215: | port range: 0-65535 Sep 21 07:25:29.824217: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:29.824219: | printing contents struct traffic_selector Sep 21 07:25:29.824220: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:29.824221: | ipprotoid: 0 Sep 21 07:25:29.824223: | port range: 0-65535 Sep 21 07:25:29.824225: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:25:29.824229: | adding Child Responder KE and nonce nr work-order 5 for state #5 Sep 21 07:25:29.824231: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc8ae0 Sep 21 07:25:29.824234: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:25:29.824237: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:29.824245: | #5 spent 0.294 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Sep 21 07:25:29.824249: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.824252: | start processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.824251: | crypto helper 4 resuming Sep 21 07:25:29.824264: | crypto helper 4 starting work-order 5 for state #5 Sep 21 07:25:29.824256: | #5 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:25:29.824269: | crypto helper 4 doing build KE and nonce (Child Responder KE and nonce nr); request ID 5 Sep 21 07:25:29.824276: | suspending state #5 and saving MD Sep 21 07:25:29.824282: | #5 is busy; has a suspended MD Sep 21 07:25:29.824288: | [RE]START processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.824292: | "north-eastnets/0x2" #5 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.824298: | stop processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:29.824304: | #1 spent 0.813 milliseconds in ikev2_process_packet() Sep 21 07:25:29.824311: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:29.824315: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:29.824318: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:29.824323: | spent 0.833 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:29.824574: | spent 0.00181 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:29.824586: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:29.824588: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.824590: | 2e 20 24 28 00 00 00 00 00 00 02 60 21 00 02 44 Sep 21 07:25:29.824591: | 79 b7 67 cf 21 61 38 77 f9 1c 3c c1 86 9b e6 b6 Sep 21 07:25:29.824593: | 5f e5 69 b2 55 74 13 b9 b4 6c 1f 75 03 2e 73 0a Sep 21 07:25:29.824594: | 1d 7e 42 43 89 bf 66 3e c9 46 f2 5a 0c 7b b4 98 Sep 21 07:25:29.824595: | 4c ff 3f 9b 6b e8 96 ff fc 8a c4 f2 73 4b 48 cd Sep 21 07:25:29.824597: | b9 80 e2 cd 24 3a 2e 7e 07 36 75 66 86 3e 98 db Sep 21 07:25:29.824598: | 3d 84 fa 0f f5 81 1a f8 e6 44 e1 cc 91 8b 23 2c Sep 21 07:25:29.824599: | 12 01 56 56 64 51 ab ca 28 34 ff 10 0f 99 52 55 Sep 21 07:25:29.824601: | 61 42 68 de 24 1a 60 d5 47 2b 5b f9 fc 65 3a fe Sep 21 07:25:29.824602: | 56 de 19 65 a2 d5 a2 72 28 83 e1 5a f5 ee e2 3e Sep 21 07:25:29.824603: | 89 99 55 26 ca 66 49 a9 a2 e9 04 06 21 7b 6f e5 Sep 21 07:25:29.824605: | 49 60 13 41 ff ea 42 38 62 1c 4b 8d 31 2c 16 13 Sep 21 07:25:29.824606: | a7 39 28 c2 22 e9 cd 29 2a 57 ea e3 82 f5 7e fb Sep 21 07:25:29.824607: | 73 e8 11 d3 e8 00 8e 0c 87 f8 09 4f 0e bb 22 34 Sep 21 07:25:29.824609: | 41 89 e6 b8 71 b8 45 26 2c 83 cb d7 e0 d5 75 85 Sep 21 07:25:29.824610: | 87 e2 e7 aa 77 5b 5b 9c 33 c4 aa f4 26 46 a8 79 Sep 21 07:25:29.824611: | 4f 21 37 c8 8d a1 a4 d5 8f 30 ac 8f 4c b3 60 f1 Sep 21 07:25:29.824613: | a5 f1 d7 d9 9e bc 38 28 29 d2 e8 99 64 45 0b e2 Sep 21 07:25:29.824614: | 1d 87 33 fb fe 24 f8 0d b1 73 e2 6b 30 cf f0 31 Sep 21 07:25:29.824615: | 4e e5 91 6d 55 dc 81 bf 7f 26 85 35 13 72 2e 55 Sep 21 07:25:29.824617: | 7d 81 86 bd 46 b6 0a 0f 72 74 7a 27 23 70 d5 5f Sep 21 07:25:29.824618: | b0 bd 90 a9 be 80 13 df a2 f2 93 67 a3 90 0b aa Sep 21 07:25:29.824619: | f5 e7 c8 86 13 27 2e f8 ee e4 76 24 af 7f 45 84 Sep 21 07:25:29.824621: | 11 7a f3 f0 61 a4 93 cc 19 cf a9 ab 79 be 92 09 Sep 21 07:25:29.824622: | e6 20 7f 61 9d 8f f1 72 37 fc 7e 16 5b d8 20 02 Sep 21 07:25:29.824623: | d2 58 7d 29 38 14 ef 8b 86 0f 42 ab 10 2b 7b ee Sep 21 07:25:29.824625: | e1 ec 9a dc 6c 2b 43 f8 d4 21 2f 8f cf a5 b7 61 Sep 21 07:25:29.824626: | b4 20 62 41 8d 49 3b e9 98 e8 6e 84 f7 43 5e 7c Sep 21 07:25:29.824628: | 5c eb 65 38 aa 6a 60 9c 5e 71 bd b2 c1 a9 b6 ac Sep 21 07:25:29.824629: | 7b 25 5e d0 38 64 7c 82 b1 55 04 9c 3b 65 f9 74 Sep 21 07:25:29.824630: | e7 89 77 b4 2e 81 6d 14 dc 4b 6c 1b 26 fc e1 dd Sep 21 07:25:29.824632: | 0a 63 ff af f4 16 62 17 f7 6a e3 8c ff 82 8e fb Sep 21 07:25:29.824633: | 46 bc c9 e6 c9 1b 0e e3 91 49 70 ba 90 a7 1a e7 Sep 21 07:25:29.824634: | 09 da 7e 40 c2 8f 9e 1c 7e ab fc bf 39 39 05 65 Sep 21 07:25:29.824636: | f1 38 88 27 83 04 cd 40 57 d1 94 65 71 0b 95 b8 Sep 21 07:25:29.824637: | 25 cf d4 50 46 08 b8 91 8b 12 d4 30 da a3 4a 6b Sep 21 07:25:29.824638: | 4e b0 7e 4b 0e 99 8d 3a 09 00 32 24 cf 08 8e 1e Sep 21 07:25:29.824641: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:29.824643: | **parse ISAKMP Message: Sep 21 07:25:29.824644: | initiator cookie: Sep 21 07:25:29.824646: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.824647: | responder cookie: Sep 21 07:25:29.824649: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.824650: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:29.824652: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.824655: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:29.824657: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:29.824658: | Message ID: 0 (0x0) Sep 21 07:25:29.824660: | length: 608 (0x260) Sep 21 07:25:29.824662: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:29.824664: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:25:29.824666: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:29.824670: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:29.824672: | State DB: found IKEv2 state #4 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:25:29.824674: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:29.824677: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:29.824679: | #4 is idle Sep 21 07:25:29.824680: | #4 idle Sep 21 07:25:29.824681: | unpacking clear payload Sep 21 07:25:29.824683: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:29.824685: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:29.824686: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:29.824688: | flags: none (0x0) Sep 21 07:25:29.824689: | length: 580 (0x244) Sep 21 07:25:29.824691: | processing payload: ISAKMP_NEXT_v2SK (len=576) Sep 21 07:25:29.824692: | #4 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:29.824721: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.824723: | data for hmac: 2e 20 24 28 00 00 00 00 00 00 02 60 21 00 02 44 Sep 21 07:25:29.824725: | data for hmac: 79 b7 67 cf 21 61 38 77 f9 1c 3c c1 86 9b e6 b6 Sep 21 07:25:29.824726: | data for hmac: 5f e5 69 b2 55 74 13 b9 b4 6c 1f 75 03 2e 73 0a Sep 21 07:25:29.824727: | data for hmac: 1d 7e 42 43 89 bf 66 3e c9 46 f2 5a 0c 7b b4 98 Sep 21 07:25:29.824729: | data for hmac: 4c ff 3f 9b 6b e8 96 ff fc 8a c4 f2 73 4b 48 cd Sep 21 07:25:29.824730: | data for hmac: b9 80 e2 cd 24 3a 2e 7e 07 36 75 66 86 3e 98 db Sep 21 07:25:29.824732: | data for hmac: 3d 84 fa 0f f5 81 1a f8 e6 44 e1 cc 91 8b 23 2c Sep 21 07:25:29.824733: | data for hmac: 12 01 56 56 64 51 ab ca 28 34 ff 10 0f 99 52 55 Sep 21 07:25:29.824734: | data for hmac: 61 42 68 de 24 1a 60 d5 47 2b 5b f9 fc 65 3a fe Sep 21 07:25:29.824736: | data for hmac: 56 de 19 65 a2 d5 a2 72 28 83 e1 5a f5 ee e2 3e Sep 21 07:25:29.824737: | data for hmac: 89 99 55 26 ca 66 49 a9 a2 e9 04 06 21 7b 6f e5 Sep 21 07:25:29.824739: | data for hmac: 49 60 13 41 ff ea 42 38 62 1c 4b 8d 31 2c 16 13 Sep 21 07:25:29.824740: | data for hmac: a7 39 28 c2 22 e9 cd 29 2a 57 ea e3 82 f5 7e fb Sep 21 07:25:29.824741: | data for hmac: 73 e8 11 d3 e8 00 8e 0c 87 f8 09 4f 0e bb 22 34 Sep 21 07:25:29.824743: | data for hmac: 41 89 e6 b8 71 b8 45 26 2c 83 cb d7 e0 d5 75 85 Sep 21 07:25:29.824744: | data for hmac: 87 e2 e7 aa 77 5b 5b 9c 33 c4 aa f4 26 46 a8 79 Sep 21 07:25:29.824745: | data for hmac: 4f 21 37 c8 8d a1 a4 d5 8f 30 ac 8f 4c b3 60 f1 Sep 21 07:25:29.824747: | data for hmac: a5 f1 d7 d9 9e bc 38 28 29 d2 e8 99 64 45 0b e2 Sep 21 07:25:29.824748: | data for hmac: 1d 87 33 fb fe 24 f8 0d b1 73 e2 6b 30 cf f0 31 Sep 21 07:25:29.824750: | data for hmac: 4e e5 91 6d 55 dc 81 bf 7f 26 85 35 13 72 2e 55 Sep 21 07:25:29.824751: | data for hmac: 7d 81 86 bd 46 b6 0a 0f 72 74 7a 27 23 70 d5 5f Sep 21 07:25:29.824752: | data for hmac: b0 bd 90 a9 be 80 13 df a2 f2 93 67 a3 90 0b aa Sep 21 07:25:29.824754: | data for hmac: f5 e7 c8 86 13 27 2e f8 ee e4 76 24 af 7f 45 84 Sep 21 07:25:29.824755: | data for hmac: 11 7a f3 f0 61 a4 93 cc 19 cf a9 ab 79 be 92 09 Sep 21 07:25:29.824757: | data for hmac: e6 20 7f 61 9d 8f f1 72 37 fc 7e 16 5b d8 20 02 Sep 21 07:25:29.824759: | data for hmac: d2 58 7d 29 38 14 ef 8b 86 0f 42 ab 10 2b 7b ee Sep 21 07:25:29.824761: | data for hmac: e1 ec 9a dc 6c 2b 43 f8 d4 21 2f 8f cf a5 b7 61 Sep 21 07:25:29.824762: | data for hmac: b4 20 62 41 8d 49 3b e9 98 e8 6e 84 f7 43 5e 7c Sep 21 07:25:29.824763: | data for hmac: 5c eb 65 38 aa 6a 60 9c 5e 71 bd b2 c1 a9 b6 ac Sep 21 07:25:29.824765: | data for hmac: 7b 25 5e d0 38 64 7c 82 b1 55 04 9c 3b 65 f9 74 Sep 21 07:25:29.824766: | data for hmac: e7 89 77 b4 2e 81 6d 14 dc 4b 6c 1b 26 fc e1 dd Sep 21 07:25:29.824768: | data for hmac: 0a 63 ff af f4 16 62 17 f7 6a e3 8c ff 82 8e fb Sep 21 07:25:29.824769: | data for hmac: 46 bc c9 e6 c9 1b 0e e3 91 49 70 ba 90 a7 1a e7 Sep 21 07:25:29.824770: | data for hmac: 09 da 7e 40 c2 8f 9e 1c 7e ab fc bf 39 39 05 65 Sep 21 07:25:29.824772: | data for hmac: f1 38 88 27 83 04 cd 40 57 d1 94 65 71 0b 95 b8 Sep 21 07:25:29.824773: | data for hmac: 25 cf d4 50 46 08 b8 91 8b 12 d4 30 da a3 4a 6b Sep 21 07:25:29.824775: | calculated auth: 4e b0 7e 4b 0e 99 8d 3a 09 00 32 24 cf 08 8e 1e Sep 21 07:25:29.824776: | provided auth: 4e b0 7e 4b 0e 99 8d 3a 09 00 32 24 cf 08 8e 1e Sep 21 07:25:29.824777: | authenticator matched Sep 21 07:25:29.824803: | #4 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:29.824808: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:29.824810: | **parse IKEv2 Security Association Payload: Sep 21 07:25:29.824825: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:29.824826: | flags: none (0x0) Sep 21 07:25:29.824828: | length: 52 (0x34) Sep 21 07:25:29.824829: | processing payload: ISAKMP_NEXT_v2SA (len=48) Sep 21 07:25:29.824830: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.824832: | **parse IKEv2 Nonce Payload: Sep 21 07:25:29.824833: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:29.824835: | flags: none (0x0) Sep 21 07:25:29.824836: | length: 36 (0x24) Sep 21 07:25:29.824837: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:29.824839: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:29.824840: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:29.824842: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:29.824843: | flags: none (0x0) Sep 21 07:25:29.824845: | length: 392 (0x188) Sep 21 07:25:29.824846: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.824848: | processing payload: ISAKMP_NEXT_v2KE (len=384) Sep 21 07:25:29.824849: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.824851: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.824852: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:29.824853: | flags: none (0x0) Sep 21 07:25:29.824855: | length: 24 (0x18) Sep 21 07:25:29.824856: | number of TS: 1 (0x1) Sep 21 07:25:29.824872: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:29.824874: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.824876: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.824877: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.824878: | flags: none (0x0) Sep 21 07:25:29.824880: | length: 24 (0x18) Sep 21 07:25:29.824881: | number of TS: 1 (0x1) Sep 21 07:25:29.824883: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:29.824884: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:29.824887: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:29.824889: | forcing ST #4 to CHILD #1.#4 in FSM processor Sep 21 07:25:29.824891: | Now let's proceed with state specific processing Sep 21 07:25:29.824892: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:29.824910: | using existing local ESP/AH proposals for north-eastnets/0x1 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.824913: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:25:29.824915: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:29.824917: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:29.824918: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:29.824920: | local proposal 1 type DH has 1 transforms Sep 21 07:25:29.824921: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:29.824923: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:29.824925: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.824926: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.824928: | length: 48 (0x30) Sep 21 07:25:29.824929: | prop #: 1 (0x1) Sep 21 07:25:29.824931: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.824932: | spi size: 4 (0x4) Sep 21 07:25:29.824933: | # transforms: 4 (0x4) Sep 21 07:25:29.824950: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:29.824952: | remote SPI 70 9a b2 78 Sep 21 07:25:29.824954: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:29.824955: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.824957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.824958: | length: 12 (0xc) Sep 21 07:25:29.824960: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.824961: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.824963: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.824965: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.824979: | length/value: 128 (0x80) Sep 21 07:25:29.824982: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:29.824983: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.824985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.824986: | length: 8 (0x8) Sep 21 07:25:29.824987: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.824989: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.824991: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:29.824993: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.824994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.824995: | length: 8 (0x8) Sep 21 07:25:29.824997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.824998: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.825000: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:29.825002: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.825003: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.825005: | length: 8 (0x8) Sep 21 07:25:29.825006: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.825008: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.825009: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:29.825012: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Sep 21 07:25:29.825014: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Sep 21 07:25:29.825016: | remote proposal 1 matches local proposal 1 Sep 21 07:25:29.825018: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Sep 21 07:25:29.825021: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=709ab278;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.825022: | converting proposal to internal trans attrs Sep 21 07:25:29.825026: | updating #4's .st_oakley with preserved PRF, but why update? Sep 21 07:25:29.825029: | adding ikev2 Child SA initiator pfs=yes work-order 6 for state #4 Sep 21 07:25:29.825030: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:29.825032: | #4 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:25:29.825035: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.825037: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555cbddca3a0 Sep 21 07:25:29.825038: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca3a0 Sep 21 07:25:29.825040: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:29.825042: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.825049: | #4 spent 0.141 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:25:29.825052: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.825054: | #4 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:25:29.825056: | suspending state #4 and saving MD Sep 21 07:25:29.825057: | #4 is busy; has a suspended MD Sep 21 07:25:29.825060: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.825062: | "north-eastnets/0x1" #4 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.825065: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:29.825067: | #1 spent 0.485 milliseconds in ikev2_process_packet() Sep 21 07:25:29.825069: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:29.825071: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:29.825073: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:29.825075: | spent 0.493 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:29.825081: | crypto helper 2 resuming Sep 21 07:25:29.825089: | crypto helper 2 starting work-order 6 for state #4 Sep 21 07:25:29.825092: | crypto helper 2 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 6 Sep 21 07:25:29.826733: | crypto helper 2 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 6 time elapsed 0.001639 seconds Sep 21 07:25:29.826747: | (#4) spent 1.62 milliseconds in crypto helper computing work-order 6: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:25:29.826751: | crypto helper 2 sending results from work-order 6 for state #4 to event queue Sep 21 07:25:29.826754: | scheduling resume sending helper answer for #4 Sep 21 07:25:29.826758: | libevent_malloc: new ptr-libevent@0x7fd37c001100 size 128 Sep 21 07:25:29.826768: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:29.826800: | processing resume sending helper answer for #4 Sep 21 07:25:29.826814: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.826819: | crypto helper 2 replies to request ID 6 Sep 21 07:25:29.826822: | calling continuation function 0x555cbc3b14f0 Sep 21 07:25:29.826826: | ikev2_child_inR_continue for #4 STATE_V2_CREATE_I Sep 21 07:25:29.826829: | TSi: parsing 1 traffic selectors Sep 21 07:25:29.826831: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.826833: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.826834: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.826836: | length: 16 (0x10) Sep 21 07:25:29.826837: | start port: 0 (0x0) Sep 21 07:25:29.826839: | end port: 65535 (0xffff) Sep 21 07:25:29.826841: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.826842: | TS low c0 00 03 00 Sep 21 07:25:29.826844: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.826848: | TS high c0 00 03 ff Sep 21 07:25:29.826849: | TSi: parsed 1 traffic selectors Sep 21 07:25:29.826851: | TSr: parsing 1 traffic selectors Sep 21 07:25:29.826852: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.826854: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.826855: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.826857: | length: 16 (0x10) Sep 21 07:25:29.826858: | start port: 0 (0x0) Sep 21 07:25:29.826860: | end port: 65535 (0xffff) Sep 21 07:25:29.826861: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.826863: | TS low c0 00 02 00 Sep 21 07:25:29.826864: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.826866: | TS high c0 00 02 ff Sep 21 07:25:29.826867: | TSr: parsed 1 traffic selectors Sep 21 07:25:29.826871: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:29.826874: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.826878: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:29.826880: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:29.826882: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:29.826883: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:29.826885: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.826888: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.826891: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:29.826893: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:29.826895: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:29.826896: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:29.826898: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.826900: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:29.826901: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:29.826903: | printing contents struct traffic_selector Sep 21 07:25:29.826904: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:29.826906: | ipprotoid: 0 Sep 21 07:25:29.826907: | port range: 0-65535 Sep 21 07:25:29.826909: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:29.826911: | printing contents struct traffic_selector Sep 21 07:25:29.826912: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:29.826913: | ipprotoid: 0 Sep 21 07:25:29.826915: | port range: 0-65535 Sep 21 07:25:29.826914: | crypto helper 4 finished build KE and nonce (Child Responder KE and nonce nr); request ID 5 time elapsed 0.002644 seconds Sep 21 07:25:29.826934: | (#5) spent 2.6 milliseconds in crypto helper computing work-order 5: Child Responder KE and nonce nr (pcr) Sep 21 07:25:29.826924: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:29.826938: | crypto helper 4 sending results from work-order 5 for state #5 to event queue Sep 21 07:25:29.826949: | scheduling resume sending helper answer for #5 Sep 21 07:25:29.826953: | libevent_malloc: new ptr-libevent@0x7fd388006e20 size 128 Sep 21 07:25:29.826945: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:25:29.826959: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:29.827180: | install_ipsec_sa() for #4: inbound and outbound Sep 21 07:25:29.827184: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:25:29.827186: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.827188: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.827190: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.827192: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.827193: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.827196: | route owner of "north-eastnets/0x1" erouted: self; eroute owner: self Sep 21 07:25:29.827198: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.827202: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.827204: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.827206: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.827208: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:25:29.827210: | netlink: enabling tunnel mode Sep 21 07:25:29.827211: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.827213: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.827279: | netlink response for Add SA esp.709ab278@192.1.2.23 included non-error error Sep 21 07:25:29.827300: | set up outgoing SA, ref=0/0 Sep 21 07:25:29.827317: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.827320: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.827323: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.827327: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.827331: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:25:29.827334: | netlink: enabling tunnel mode Sep 21 07:25:29.827336: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.827339: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.827385: | netlink response for Add SA esp.53e891ee@192.1.3.33 included non-error error Sep 21 07:25:29.827389: | set up incoming SA, ref=0/0 Sep 21 07:25:29.827390: | sr for #4: erouted Sep 21 07:25:29.827392: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:29.827394: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.827396: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.827399: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.827402: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.827405: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.827409: | route owner of "north-eastnets/0x1" erouted: self; eroute owner: self Sep 21 07:25:29.827414: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:north-eastnets/0x1 esr:{(nil)} ro:north-eastnets/0x1 rosr:{(nil)} and state: #4 Sep 21 07:25:29.827418: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:29.827427: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:29.827430: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.827457: | raw_eroute result=success Sep 21 07:25:29.827461: | route_and_eroute: firewall_notified: true Sep 21 07:25:29.827466: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x555cbddbfa10,sr=0x555cbddbfa10} to #4 (was #2) (newest_ipsec_sa=#2) Sep 21 07:25:29.827523: | #1 spent 0.34 milliseconds in install_ipsec_sa() Sep 21 07:25:29.827529: | inR2: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #4 (was #2) (spd.eroute=#4) cloned from #1 Sep 21 07:25:29.827547: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.827551: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.827555: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca3a0 Sep 21 07:25:29.827562: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.827567: | #4 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:25:29.827571: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:25:29.827575: | child state #4: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:29.827578: | Message ID: updating counters for #4 to 0 after switching state Sep 21 07:25:29.827585: | Message ID: recv #1.#4 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:29.827593: | Message ID: #1.#4 skipping update_send as nothing to send; initiator.sent=0 initiator.recv=0 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.827598: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=0 initiator.recv=0 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.827602: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:29.827605: | libevent_malloc: new ptr-libevent@0x7fd38c003060 size 128 Sep 21 07:25:29.827607: | pstats #4 ikev2.child established Sep 21 07:25:29.827612: "north-eastnets/0x1" #4: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:29.827619: | NAT-T: encaps is 'auto' Sep 21 07:25:29.827623: "north-eastnets/0x1" #4: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x709ab278 <0x53e891ee xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Sep 21 07:25:29.827626: | releasing whack for #4 (sock=fd@25) Sep 21 07:25:29.827628: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:25:29.827630: | releasing whack and unpending for parent #1 Sep 21 07:25:29.827632: | unpending state #1 connection "north-eastnets/0x1" Sep 21 07:25:29.827639: | #4 will start re-keying in 27807 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:29.827643: | event_schedule: new EVENT_SA_REKEY-pe@0x555cbddca3a0 Sep 21 07:25:29.827646: | inserting event EVENT_SA_REKEY, timeout in 27807 seconds for #4 Sep 21 07:25:29.827649: | libevent_malloc: new ptr-libevent@0x7fd390005780 size 128 Sep 21 07:25:29.827655: | #4 spent 0.827 milliseconds in resume sending helper answer Sep 21 07:25:29.827660: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.827663: | libevent_free: release ptr-libevent@0x7fd37c001100 Sep 21 07:25:29.827669: | processing resume sending helper answer for #5 Sep 21 07:25:29.827674: | start processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.827677: | crypto helper 4 replies to request ID 5 Sep 21 07:25:29.827680: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:29.827682: | ikev2_child_inIoutR_continue for #5 STATE_V2_CREATE_R Sep 21 07:25:29.827686: | adding DHv2 for child sa work-order 7 for state #5 Sep 21 07:25:29.827688: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.827691: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:29.827694: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc8ae0 Sep 21 07:25:29.827696: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc8ae0 Sep 21 07:25:29.827700: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:25:29.827702: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:29.827711: | [RE]START processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.827711: | crypto helper 6 resuming Sep 21 07:25:29.827717: | #5 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:25:29.827722: | crypto helper 6 starting work-order 7 for state #5 Sep 21 07:25:29.827727: | suspending state #5 and saving MD Sep 21 07:25:29.827732: | crypto helper 6 doing crypto (DHv2 for child sa); request ID 7 Sep 21 07:25:29.827735: | #5 is busy; has a suspended MD Sep 21 07:25:29.827744: | [RE]START processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.827748: | "north-eastnets/0x2" #5 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.827751: | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:29.827758: | #5 spent 0.0742 milliseconds in resume sending helper answer Sep 21 07:25:29.827762: | stop processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.827766: | libevent_free: release ptr-libevent@0x7fd388006e20 Sep 21 07:25:29.827769: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:29.827773: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:29.827779: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=0 initiator.recv=0 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.827793: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:29.827801: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:29.827807: | **emit ISAKMP Message: Sep 21 07:25:29.827809: | initiator cookie: Sep 21 07:25:29.827811: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.827812: | responder cookie: Sep 21 07:25:29.827814: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.827815: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:29.827817: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.827819: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:29.827821: | flags: none (0x0) Sep 21 07:25:29.827822: | Message ID: 1 (0x1) Sep 21 07:25:29.827824: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:29.827826: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:29.827828: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.827830: | flags: none (0x0) Sep 21 07:25:29.827832: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:29.827834: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.827836: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:29.827848: | netlink_get_spi: allocated 0xd708ce0 for esp.0@192.1.3.33 Sep 21 07:25:29.827850: | Emitting ikev2_proposals ... Sep 21 07:25:29.827851: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:29.827853: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.827855: | flags: none (0x0) Sep 21 07:25:29.827857: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:29.827858: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.827860: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.827862: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.827864: | prop #: 1 (0x1) Sep 21 07:25:29.827866: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.827867: | spi size: 4 (0x4) Sep 21 07:25:29.827868: | # transforms: 4 (0x4) Sep 21 07:25:29.827870: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:29.827872: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:29.827874: | our spi 0d 70 8c e0 Sep 21 07:25:29.827875: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.827877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.827879: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.827881: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.827882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.827884: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.827888: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.827889: | length/value: 128 (0x80) Sep 21 07:25:29.827891: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:29.827893: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.827894: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.827896: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.827898: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.827900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.827901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.827903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.827904: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.827906: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.827907: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.827909: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.827911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.827913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.827914: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.827916: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.827917: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.827919: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.827920: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.827922: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.827924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.827925: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.827927: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:29.827929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:29.827930: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:25:29.827932: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:29.827934: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:29.827935: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.827937: | flags: none (0x0) Sep 21 07:25:29.827938: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.827940: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.827942: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:29.827944: | IKEv2 nonce 39 bc ee 99 3a 20 98 8c 8c 5b cf e3 30 27 75 70 Sep 21 07:25:29.827946: | IKEv2 nonce f3 a9 f7 53 07 89 ed 49 78 35 21 7a 68 19 4e 55 Sep 21 07:25:29.827947: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:29.827949: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:29.827950: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.827952: | flags: none (0x0) Sep 21 07:25:29.827954: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.827956: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:29.827959: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.827966: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:29.827969: | ikev2 g^x 62 1e b6 3d fc 69 8c 5c 98 5a 08 54 44 dd 80 ab Sep 21 07:25:29.827971: | ikev2 g^x 90 f5 63 79 ff 24 48 68 e1 6c 4d 6c 34 66 1f bd Sep 21 07:25:29.827973: | ikev2 g^x 52 4b ab 1f 34 4c 00 ed a2 b2 a1 43 3d 41 63 f0 Sep 21 07:25:29.827975: | ikev2 g^x 4a 24 07 fc 4c 15 75 c5 80 d5 3d cd 45 26 93 4c Sep 21 07:25:29.827977: | ikev2 g^x 98 a2 6f e0 9d f2 76 74 b3 e7 07 1f 6e 17 bb b9 Sep 21 07:25:29.827979: | ikev2 g^x 97 11 07 b3 f8 01 aa 7b 91 36 91 54 0f 7d 2a f3 Sep 21 07:25:29.827981: | ikev2 g^x 05 e2 fd 6e a6 68 32 64 28 58 97 d4 a8 29 37 dc Sep 21 07:25:29.827983: | ikev2 g^x 45 ec 9a ec a7 d4 6b 7f e1 5b da 8b aa d1 8c c6 Sep 21 07:25:29.827985: | ikev2 g^x 6b 28 b0 cd 2b 3c df 9e b4 ff 9d 76 9b 78 49 d6 Sep 21 07:25:29.827987: | ikev2 g^x 22 fa 94 70 37 24 52 4d 47 80 e9 89 17 aa 4c 04 Sep 21 07:25:29.827989: | ikev2 g^x fc 15 41 20 26 8c 9f 69 8b 7e 55 9c b4 2c 09 b2 Sep 21 07:25:29.827992: | ikev2 g^x af c0 e5 d1 83 f3 14 76 81 db dd e0 a3 56 51 af Sep 21 07:25:29.827994: | ikev2 g^x da 27 e9 44 14 48 db d7 46 85 72 7e 48 86 11 30 Sep 21 07:25:29.827996: | ikev2 g^x 57 ac 41 96 d6 99 ac ea ce 38 e3 e9 75 db 84 3e Sep 21 07:25:29.827998: | ikev2 g^x ad 29 4c f1 5f bf 46 39 fd 95 e1 c0 08 78 ed 1b Sep 21 07:25:29.828000: | ikev2 g^x 07 16 3c 05 92 f9 db 01 f0 b6 d3 5d cc 3f 5f d1 Sep 21 07:25:29.828002: | ikev2 g^x 79 c1 ce 99 aa 0c f1 f7 6e bf 49 29 13 6d 45 6d Sep 21 07:25:29.828004: | ikev2 g^x 98 34 e9 f1 80 ac 54 4e 5b a6 fa 8a 22 c8 0a 74 Sep 21 07:25:29.828006: | ikev2 g^x 62 58 a1 2e f8 6f 1c df bc 9f c7 06 71 82 31 51 Sep 21 07:25:29.828009: | ikev2 g^x 81 c7 2c b4 67 9e 9f 14 6d a2 e7 e3 75 2c 39 2d Sep 21 07:25:29.828010: | ikev2 g^x 32 ca d3 f4 7b 80 34 01 7a 06 74 52 7e ee 7e 50 Sep 21 07:25:29.828011: | ikev2 g^x d4 39 83 3a f1 bd 8b 63 28 bd 1b 6a fb 5a 43 b3 Sep 21 07:25:29.828013: | ikev2 g^x 40 3d 33 23 a8 b9 e8 9f e9 52 1f 5e d5 b8 ca 7d Sep 21 07:25:29.828014: | ikev2 g^x b5 b3 10 54 4a 60 2d 2c 16 57 3f 9a b0 08 b4 ae Sep 21 07:25:29.828016: | emitting length of IKEv2 Key Exchange Payload: 392 Sep 21 07:25:29.828018: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.828020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.828022: | flags: none (0x0) Sep 21 07:25:29.828023: | number of TS: 1 (0x1) Sep 21 07:25:29.828025: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.828027: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.828029: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.828030: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.828032: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.828033: | start port: 0 (0x0) Sep 21 07:25:29.828035: | end port: 65535 (0xffff) Sep 21 07:25:29.828037: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.828038: | IP start c0 00 03 00 Sep 21 07:25:29.828040: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.828041: | IP end c0 00 03 ff Sep 21 07:25:29.828043: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.828044: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:29.828046: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.828047: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.828049: | flags: none (0x0) Sep 21 07:25:29.828050: | number of TS: 1 (0x1) Sep 21 07:25:29.828052: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.828056: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.828058: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.828059: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.828061: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.828062: | start port: 0 (0x0) Sep 21 07:25:29.828064: | end port: 65535 (0xffff) Sep 21 07:25:29.828065: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.828067: | IP start c0 00 16 00 Sep 21 07:25:29.828068: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.828070: | IP end c0 00 16 ff Sep 21 07:25:29.828071: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.828073: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:29.828074: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:29.828076: | adding 16 bytes of padding (including 1 byte padding-length) Sep 21 07:25:29.828078: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828080: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828082: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828083: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828085: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828087: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828088: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828090: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828091: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828093: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828095: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828096: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828098: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828100: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828101: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828103: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.828104: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:29.828106: | emitting length of IKEv2 Encryption Payload: 580 Sep 21 07:25:29.828108: | emitting length of ISAKMP Message: 608 Sep 21 07:25:29.828131: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.828133: | data being hmac: 2e 20 24 00 00 00 00 01 00 00 02 60 21 00 02 44 Sep 21 07:25:29.828134: | data being hmac: fa de 77 ec 80 64 5f 2c f4 22 50 28 60 3a d4 d3 Sep 21 07:25:29.828136: | data being hmac: c8 a1 8a 48 1e 34 94 08 20 31 3c 4e c4 dc a7 67 Sep 21 07:25:29.828137: | data being hmac: a7 ff 87 3e a8 28 53 b8 51 ef 8d 46 d1 c0 e5 f8 Sep 21 07:25:29.828139: | data being hmac: 18 ae c8 61 11 86 b3 f9 37 62 95 07 7a 3d c1 84 Sep 21 07:25:29.828140: | data being hmac: 17 55 d8 a0 9b 9f 47 ab 0b f3 6f d1 af d7 e4 37 Sep 21 07:25:29.828142: | data being hmac: f6 77 56 ac 99 a7 f1 60 67 91 8d 41 e3 f3 44 98 Sep 21 07:25:29.828143: | data being hmac: fe 71 23 f6 c7 90 2c 79 84 ff d0 ca ef b1 a9 fa Sep 21 07:25:29.828145: | data being hmac: 30 a2 ed 11 a5 4d 7c d5 96 9d 90 b6 95 a5 ca 1c Sep 21 07:25:29.828146: | data being hmac: 83 cc 3d fa c2 97 f5 92 7d 9b 6b e9 cc e5 ec 06 Sep 21 07:25:29.828149: | data being hmac: e7 fc 63 6c af 07 46 63 ae 9f 64 e1 71 70 f4 60 Sep 21 07:25:29.828150: | data being hmac: c7 fe b0 11 48 59 57 c0 24 ea 31 72 b2 66 a8 c8 Sep 21 07:25:29.828152: | data being hmac: 22 0f 77 92 75 d6 42 9c 30 c4 16 ad 06 2c d2 fc Sep 21 07:25:29.828153: | data being hmac: 30 b9 aa ec 1c 4d 4e 4c c3 cd a5 53 99 b8 ca 3e Sep 21 07:25:29.828155: | data being hmac: 73 33 8b 6c 14 ef d7 a6 db cb 5b 83 9f ab da e0 Sep 21 07:25:29.828156: | data being hmac: 85 da 66 bb 35 55 12 e5 7c f4 b8 fe 56 67 26 3a Sep 21 07:25:29.828157: | data being hmac: a1 f1 f8 37 e4 22 e6 fa 90 f0 d9 1c be 3e a7 1e Sep 21 07:25:29.828159: | data being hmac: 27 0e 84 5e 2f 85 c6 1f c4 90 fa b1 0e 02 7e 99 Sep 21 07:25:29.828160: | data being hmac: 82 64 15 82 d5 a7 29 8f 3f 39 e9 c0 41 e3 91 3a Sep 21 07:25:29.828162: | data being hmac: 68 2f c9 d3 fd 7f 56 f5 29 70 8f 02 24 cf e0 4b Sep 21 07:25:29.828163: | data being hmac: 24 fd b5 36 f2 d8 ea 9d f4 67 ca 0d 96 56 a2 1e Sep 21 07:25:29.828165: | data being hmac: bc aa 9c 2a 0f 0e 2d 2b 2b e9 30 89 f2 b2 28 20 Sep 21 07:25:29.828166: | data being hmac: e0 de 4b ec 2d 45 0a 98 0c de f4 41 b9 bf 62 44 Sep 21 07:25:29.828167: | data being hmac: e1 c6 9d 70 72 1f d2 1e 07 e7 06 03 5f e5 00 c6 Sep 21 07:25:29.828169: | data being hmac: 8a 5d ba a0 15 84 57 7a 03 d3 82 a8 bd 3f cf 43 Sep 21 07:25:29.828170: | data being hmac: db 42 41 95 84 55 84 c8 43 28 26 b2 ef 3c 14 d5 Sep 21 07:25:29.828172: | data being hmac: d4 23 cb ee f0 16 d7 4d 86 97 13 8f 5d 7a d9 35 Sep 21 07:25:29.828173: | data being hmac: 0b 3f 48 50 28 a3 91 a2 7b d0 7c d8 b9 93 98 a4 Sep 21 07:25:29.828175: | data being hmac: dc fb 60 af 9a 3a b9 76 9d d8 59 3e f6 93 4d 64 Sep 21 07:25:29.828176: | data being hmac: da 14 1a 0c 7a 92 05 68 93 09 96 80 40 6a 1a ec Sep 21 07:25:29.828177: | data being hmac: f1 b5 cc a2 ae 0f 9e d8 c1 eb 7c 74 3c db 43 6d Sep 21 07:25:29.828179: | data being hmac: fb 8c d6 0f f6 45 00 a9 8e 45 9a 02 86 e4 20 38 Sep 21 07:25:29.828180: | data being hmac: ba 07 e1 5c d0 2a cb 0e 7d 08 0a 51 3f 34 98 2b Sep 21 07:25:29.828182: | data being hmac: b9 96 ec d8 79 77 e0 9e e5 d8 36 f9 bc 27 b4 3f Sep 21 07:25:29.828183: | data being hmac: 1b 4a 88 dd f4 ab bc 2f c7 4b a4 fd 90 b2 47 23 Sep 21 07:25:29.828185: | data being hmac: f6 9e 3e 1c 8f 24 c4 db 2c cf d5 dc 34 84 9e 35 Sep 21 07:25:29.828186: | out calculated auth: Sep 21 07:25:29.828187: | 74 4c 33 54 72 19 cf 4b 61 f9 89 50 bf 27 56 3b Sep 21 07:25:29.828192: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.828195: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:25:29.828196: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:25:29.828198: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:25:29.828200: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:25:29.828202: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:29.828205: | Message ID: sent #1.#3 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=1 responder.recv=1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:29.828207: "north-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:29.828215: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:29.828219: | sending 608 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:29.828221: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.828222: | 2e 20 24 00 00 00 00 01 00 00 02 60 21 00 02 44 Sep 21 07:25:29.828224: | fa de 77 ec 80 64 5f 2c f4 22 50 28 60 3a d4 d3 Sep 21 07:25:29.828225: | c8 a1 8a 48 1e 34 94 08 20 31 3c 4e c4 dc a7 67 Sep 21 07:25:29.828228: | a7 ff 87 3e a8 28 53 b8 51 ef 8d 46 d1 c0 e5 f8 Sep 21 07:25:29.828230: | 18 ae c8 61 11 86 b3 f9 37 62 95 07 7a 3d c1 84 Sep 21 07:25:29.828232: | 17 55 d8 a0 9b 9f 47 ab 0b f3 6f d1 af d7 e4 37 Sep 21 07:25:29.828234: | f6 77 56 ac 99 a7 f1 60 67 91 8d 41 e3 f3 44 98 Sep 21 07:25:29.828236: | fe 71 23 f6 c7 90 2c 79 84 ff d0 ca ef b1 a9 fa Sep 21 07:25:29.828238: | 30 a2 ed 11 a5 4d 7c d5 96 9d 90 b6 95 a5 ca 1c Sep 21 07:25:29.828240: | 83 cc 3d fa c2 97 f5 92 7d 9b 6b e9 cc e5 ec 06 Sep 21 07:25:29.828243: | e7 fc 63 6c af 07 46 63 ae 9f 64 e1 71 70 f4 60 Sep 21 07:25:29.828245: | c7 fe b0 11 48 59 57 c0 24 ea 31 72 b2 66 a8 c8 Sep 21 07:25:29.828247: | 22 0f 77 92 75 d6 42 9c 30 c4 16 ad 06 2c d2 fc Sep 21 07:25:29.828249: | 30 b9 aa ec 1c 4d 4e 4c c3 cd a5 53 99 b8 ca 3e Sep 21 07:25:29.828250: | 73 33 8b 6c 14 ef d7 a6 db cb 5b 83 9f ab da e0 Sep 21 07:25:29.828252: | 85 da 66 bb 35 55 12 e5 7c f4 b8 fe 56 67 26 3a Sep 21 07:25:29.828254: | a1 f1 f8 37 e4 22 e6 fa 90 f0 d9 1c be 3e a7 1e Sep 21 07:25:29.828257: | 27 0e 84 5e 2f 85 c6 1f c4 90 fa b1 0e 02 7e 99 Sep 21 07:25:29.828259: | 82 64 15 82 d5 a7 29 8f 3f 39 e9 c0 41 e3 91 3a Sep 21 07:25:29.828261: | 68 2f c9 d3 fd 7f 56 f5 29 70 8f 02 24 cf e0 4b Sep 21 07:25:29.828263: | 24 fd b5 36 f2 d8 ea 9d f4 67 ca 0d 96 56 a2 1e Sep 21 07:25:29.828265: | bc aa 9c 2a 0f 0e 2d 2b 2b e9 30 89 f2 b2 28 20 Sep 21 07:25:29.828267: | e0 de 4b ec 2d 45 0a 98 0c de f4 41 b9 bf 62 44 Sep 21 07:25:29.828269: | e1 c6 9d 70 72 1f d2 1e 07 e7 06 03 5f e5 00 c6 Sep 21 07:25:29.828271: | 8a 5d ba a0 15 84 57 7a 03 d3 82 a8 bd 3f cf 43 Sep 21 07:25:29.828273: | db 42 41 95 84 55 84 c8 43 28 26 b2 ef 3c 14 d5 Sep 21 07:25:29.828275: | d4 23 cb ee f0 16 d7 4d 86 97 13 8f 5d 7a d9 35 Sep 21 07:25:29.828277: | 0b 3f 48 50 28 a3 91 a2 7b d0 7c d8 b9 93 98 a4 Sep 21 07:25:29.828280: | dc fb 60 af 9a 3a b9 76 9d d8 59 3e f6 93 4d 64 Sep 21 07:25:29.828282: | da 14 1a 0c 7a 92 05 68 93 09 96 80 40 6a 1a ec Sep 21 07:25:29.828284: | f1 b5 cc a2 ae 0f 9e d8 c1 eb 7c 74 3c db 43 6d Sep 21 07:25:29.828286: | fb 8c d6 0f f6 45 00 a9 8e 45 9a 02 86 e4 20 38 Sep 21 07:25:29.828288: | ba 07 e1 5c d0 2a cb 0e 7d 08 0a 51 3f 34 98 2b Sep 21 07:25:29.828290: | b9 96 ec d8 79 77 e0 9e e5 d8 36 f9 bc 27 b4 3f Sep 21 07:25:29.828292: | 1b 4a 88 dd f4 ab bc 2f c7 4b a4 fd 90 b2 47 23 Sep 21 07:25:29.828294: | f6 9e 3e 1c 8f 24 c4 db 2c cf d5 dc 34 84 9e 35 Sep 21 07:25:29.828297: | 74 4c 33 54 72 19 cf 4b 61 f9 89 50 bf 27 56 3b Sep 21 07:25:29.828336: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:29.828340: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:29.828342: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555cbddca260 Sep 21 07:25:29.828344: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:29.828347: | event_schedule: new EVENT_RETRANSMIT-pe@0x555cbddca260 Sep 21 07:25:29.828349: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:25:29.828351: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:29.828354: | #3 STATE_V2_CREATE_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.196611 Sep 21 07:25:29.828358: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:29.828361: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:29.828364: | #1 spent 0.557 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:29.828367: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:29.828369: | libevent_free: release ptr-libevent@0x7fd38c003060 Sep 21 07:25:29.829074: | crypto helper 6 finished crypto (DHv2 for child sa); request ID 7 time elapsed 0.001342 seconds Sep 21 07:25:29.829083: | (#5) spent 1.34 milliseconds in crypto helper computing work-order 7: DHv2 for child sa (dh) Sep 21 07:25:29.829085: | crypto helper 6 sending results from work-order 7 for state #5 to event queue Sep 21 07:25:29.829087: | scheduling resume sending helper answer for #5 Sep 21 07:25:29.829089: | libevent_malloc: new ptr-libevent@0x7fd380001100 size 128 Sep 21 07:25:29.829095: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:29.829101: | processing resume sending helper answer for #5 Sep 21 07:25:29.829108: | start processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.829111: | crypto helper 6 replies to request ID 7 Sep 21 07:25:29.829112: | calling continuation function 0x555cbc3b14f0 Sep 21 07:25:29.829115: | ikev2_child_inIoutR_continue_continue for #5 STATE_V2_CREATE_R Sep 21 07:25:29.829119: | **emit ISAKMP Message: Sep 21 07:25:29.829120: | initiator cookie: Sep 21 07:25:29.829122: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.829123: | responder cookie: Sep 21 07:25:29.829125: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.829126: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:29.829128: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.829130: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:29.829132: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:29.829133: | Message ID: 2 (0x2) Sep 21 07:25:29.829135: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:29.829137: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:29.829139: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.829140: | flags: none (0x0) Sep 21 07:25:29.829142: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:29.829144: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.829146: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:29.829173: | netlink_get_spi: allocated 0x46f5226f for esp.0@192.1.3.33 Sep 21 07:25:29.829190: | Emitting ikev2_proposal ... Sep 21 07:25:29.829191: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:29.829193: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.829194: | flags: none (0x0) Sep 21 07:25:29.829196: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:29.829198: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.829200: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.829201: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.829203: | prop #: 1 (0x1) Sep 21 07:25:29.829204: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.829206: | spi size: 4 (0x4) Sep 21 07:25:29.829207: | # transforms: 4 (0x4) Sep 21 07:25:29.829209: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:29.829211: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:29.829213: | our spi 46 f5 22 6f Sep 21 07:25:29.829214: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.829216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.829217: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.829219: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.829221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.829223: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.829224: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.829229: | length/value: 128 (0x80) Sep 21 07:25:29.829231: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:29.829233: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.829234: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.829236: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.829237: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.829239: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.829241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.829243: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.829244: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.829246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.829247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.829249: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.829251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.829252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.829254: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.829268: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:29.829270: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.829271: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.829273: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.829274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.829276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:29.829277: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:29.829279: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:29.829281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:29.829282: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:25:29.829284: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:29.829285: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:29.829287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.829288: | flags: none (0x0) Sep 21 07:25:29.829290: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.829292: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.829294: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:29.829295: | IKEv2 nonce d2 52 d7 c6 3d b5 94 89 f7 a8 52 a5 46 9a da 16 Sep 21 07:25:29.829297: | IKEv2 nonce 50 5e 83 bd 67 4e 42 04 25 d0 77 fb 1a 9e 03 3e Sep 21 07:25:29.829298: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:29.829300: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:29.829301: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.829303: | flags: none (0x0) Sep 21 07:25:29.829304: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.829306: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:29.829307: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.829310: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:29.829312: | ikev2 g^x cf 9b ce 42 e8 af c7 5b c2 7a dd 7b 5a d6 42 8b Sep 21 07:25:29.829313: | ikev2 g^x d7 99 ec 3f 0a 52 54 19 0f 4a d1 16 e6 73 85 5b Sep 21 07:25:29.829315: | ikev2 g^x 7f 5b c9 bc 69 b5 24 21 53 3f a7 62 eb 4e c4 74 Sep 21 07:25:29.829316: | ikev2 g^x 10 75 c6 b2 88 d6 ec 1d c8 e0 86 57 0e 59 ea 3d Sep 21 07:25:29.829317: | ikev2 g^x 9e a4 2d 6f 0d 1e e7 92 3c cd 5b ae 5f 5f aa ef Sep 21 07:25:29.829319: | ikev2 g^x c9 8c 01 db e8 27 1a a9 aa 86 ab b9 5d 36 f9 b2 Sep 21 07:25:29.829320: | ikev2 g^x 83 2f 91 02 e1 2b e8 e4 dc 21 cc 99 b9 95 95 58 Sep 21 07:25:29.829322: | ikev2 g^x 9d 2f ee bd 97 51 27 08 82 84 81 66 fd c1 90 88 Sep 21 07:25:29.829323: | ikev2 g^x 07 65 4d 1e bc 29 23 d2 5a 70 06 18 ba aa b3 29 Sep 21 07:25:29.829324: | ikev2 g^x 8b d4 e5 1f c6 92 5d 9c bc 5e 31 1f fa 6d 98 9c Sep 21 07:25:29.829326: | ikev2 g^x e0 00 28 04 10 ba 22 fa 2b 0a 6f c8 78 a2 22 d4 Sep 21 07:25:29.829327: | ikev2 g^x a0 87 db 48 5e f8 cf 3e 15 eb cf 42 0d db e5 51 Sep 21 07:25:29.829328: | ikev2 g^x 7b 88 dc b6 e0 83 f3 ed 7c 4a c4 7f 34 c9 a2 15 Sep 21 07:25:29.829330: | ikev2 g^x 28 25 44 b0 77 cb 1a 46 1e 33 4a b4 ad 5a 4d 1b Sep 21 07:25:29.829331: | ikev2 g^x 5e 9c c7 68 83 34 6b 80 38 8a 95 a4 c7 20 41 c1 Sep 21 07:25:29.829332: | ikev2 g^x 05 10 91 a5 1b 6b 07 e0 9a 4b be 4a 26 12 ba 54 Sep 21 07:25:29.829334: | ikev2 g^x 11 1a 6a 91 9c 40 95 aa 4b 95 0f b5 be c1 47 73 Sep 21 07:25:29.829335: | ikev2 g^x 8a 34 22 c3 58 46 53 07 47 44 f9 9c 26 ef cc dd Sep 21 07:25:29.829337: | ikev2 g^x 27 66 32 0b 7c 39 0c f4 cc 40 0e de f2 0c d4 31 Sep 21 07:25:29.829338: | ikev2 g^x 05 45 78 59 61 0a 5e 25 16 f9 83 5c 05 f9 d8 58 Sep 21 07:25:29.829339: | ikev2 g^x 37 0e 7a f9 b6 f8 d5 13 5f 62 c0 db f8 e4 c0 d9 Sep 21 07:25:29.829341: | ikev2 g^x 83 9b e7 20 53 30 6d 6e 71 36 cd 00 c3 0f 76 ae Sep 21 07:25:29.829342: | ikev2 g^x 72 4a c3 da bc b1 f5 a1 92 fc 66 0f 24 1f 9c 6b Sep 21 07:25:29.829343: | ikev2 g^x 9b 4f fe 05 ed 8a d9 aa cc f5 9b 9e c2 e8 d1 1d Sep 21 07:25:29.829345: | emitting length of IKEv2 Key Exchange Payload: 392 Sep 21 07:25:29.829347: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.829348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.829350: | flags: none (0x0) Sep 21 07:25:29.829351: | number of TS: 1 (0x1) Sep 21 07:25:29.829353: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.829355: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.829356: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.829358: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.829359: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.829361: | start port: 0 (0x0) Sep 21 07:25:29.829362: | end port: 65535 (0xffff) Sep 21 07:25:29.829364: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.829378: | IP start c0 00 16 00 Sep 21 07:25:29.829380: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.829381: | IP end c0 00 16 ff Sep 21 07:25:29.829383: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.829384: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:29.829386: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.829387: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.829389: | flags: none (0x0) Sep 21 07:25:29.829390: | number of TS: 1 (0x1) Sep 21 07:25:29.829392: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.829395: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:29.829397: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:29.829398: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.829399: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.829401: | start port: 0 (0x0) Sep 21 07:25:29.829402: | end port: 65535 (0xffff) Sep 21 07:25:29.829404: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:29.829405: | IP start c0 00 03 00 Sep 21 07:25:29.829407: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:29.829408: | IP end c0 00 03 ff Sep 21 07:25:29.829410: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:29.829411: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:29.829413: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:29.829415: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:25:29.829619: | install_ipsec_sa() for #5: inbound and outbound Sep 21 07:25:29.829622: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:25:29.829624: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.829626: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.829628: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.829629: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.829631: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.829633: | route owner of "north-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:29.829636: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.829638: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.829639: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.829642: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.829644: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:25:29.829646: | netlink: enabling tunnel mode Sep 21 07:25:29.829647: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.829649: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.829705: | netlink response for Add SA esp.957b28d2@192.1.2.23 included non-error error Sep 21 07:25:29.829708: | set up outgoing SA, ref=0/0 Sep 21 07:25:29.829710: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.829712: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.829713: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.829715: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.829717: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:25:29.829718: | netlink: enabling tunnel mode Sep 21 07:25:29.829720: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.829721: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.829773: | netlink response for Add SA esp.46f5226f@192.1.3.33 included non-error error Sep 21 07:25:29.829777: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.829781: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:29.829789: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.829858: | raw_eroute result=success Sep 21 07:25:29.829861: | set up incoming SA, ref=0/0 Sep 21 07:25:29.829862: | sr for #5: unrouted Sep 21 07:25:29.829864: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:29.829866: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.829867: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.829869: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.829873: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.829874: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.829877: | route owner of "north-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:29.829892: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #5 Sep 21 07:25:29.829894: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.829898: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:29.829900: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.829918: | raw_eroute result=success Sep 21 07:25:29.829933: | running updown command "ipsec _updown" for verb up Sep 21 07:25:29.829935: | command executing up-client Sep 21 07:25:29.829952: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Sep 21 07:25:29.829967: | popen cmd is 1043 chars long Sep 21 07:25:29.829969: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Sep 21 07:25:29.829970: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Sep 21 07:25:29.829972: | cmd( 160):MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PL: Sep 21 07:25:29.829974: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:25:29.829975: | cmd( 320):_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:25:29.829977: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_P: Sep 21 07:25:29.829978: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:29.829980: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:29.829981: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:25:29.829983: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:25:29.829984: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:25:29.829986: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:25:29.829987: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0x957b28d2 SPI_OUT=0x46f5226f ipsec _updown 2: Sep 21 07:25:29.829989: | cmd(1040):>&1: Sep 21 07:25:29.838405: | route_and_eroute: firewall_notified: true Sep 21 07:25:29.838418: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:29.838421: | command executing prepare-client Sep 21 07:25:29.838452: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no Sep 21 07:25:29.838459: | popen cmd is 1048 chars long Sep 21 07:25:29.838462: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:25:29.838465: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:25:29.838468: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:25:29.838471: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:29.838474: | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:25:29.838477: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PL: Sep 21 07:25:29.838479: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:25:29.838482: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Sep 21 07:25:29.838485: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Sep 21 07:25:29.838488: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Sep 21 07:25:29.838490: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Sep 21 07:25:29.838493: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Sep 21 07:25:29.838496: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x957b28d2 SPI_OUT=0x46f5226f ipsec _upd: Sep 21 07:25:29.838498: | cmd(1040):own 2>&1: Sep 21 07:25:29.845254: | running updown command "ipsec _updown" for verb route Sep 21 07:25:29.845263: | command executing route-client Sep 21 07:25:29.845292: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:29.845295: | popen cmd is 1046 chars long Sep 21 07:25:29.845298: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Sep 21 07:25:29.845301: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:25:29.845304: | cmd( 160):TO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Sep 21 07:25:29.845306: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:25:29.845309: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Sep 21 07:25:29.845314: | cmd( 400):@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUT: Sep 21 07:25:29.845317: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:29.845319: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:25:29.845321: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:25:29.845324: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:25:29.845326: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:25:29.845329: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:25:29.845331: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x957b28d2 SPI_OUT=0x46f5226f ipsec _updow: Sep 21 07:25:29.845334: | cmd(1040):n 2>&1: Sep 21 07:25:29.854161: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x555cbddc0a60,sr=0x555cbddc0a60} to #5 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:29.854246: | #1 spent 0.836 milliseconds in install_ipsec_sa() Sep 21 07:25:29.854254: | ISAKMP_v2_CREATE_CHILD_SA: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #5 (was #0) (spd.eroute=#5) cloned from #1 Sep 21 07:25:29.854257: | adding 16 bytes of padding (including 1 byte padding-length) Sep 21 07:25:29.854259: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854261: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854263: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854265: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854266: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854268: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854270: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854271: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854273: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854274: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854276: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854278: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854279: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854281: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854291: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854300: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:29.854303: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:29.854306: | emitting length of IKEv2 Encryption Payload: 580 Sep 21 07:25:29.854309: | emitting length of ISAKMP Message: 608 Sep 21 07:25:29.854349: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.854353: | data being hmac: 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:29.854354: | data being hmac: 93 10 9a a8 53 5c 1f e0 f8 c4 ac bc c2 d8 35 43 Sep 21 07:25:29.854356: | data being hmac: 33 9b 58 3a ae fb 82 dd 69 34 b5 a3 40 30 3b af Sep 21 07:25:29.854357: | data being hmac: 56 77 2b 64 9d 0d 02 cd e7 84 f5 6b 8f 1e 60 21 Sep 21 07:25:29.854358: | data being hmac: c6 1d c7 65 c2 7f b1 21 52 03 90 d7 5f 47 a6 3b Sep 21 07:25:29.854363: | data being hmac: 9c 41 7e 7e 8f cc 6f bd 06 21 07 a6 7f 49 4b 15 Sep 21 07:25:29.854365: | data being hmac: 35 6c e7 be 41 19 ba 15 19 ae 68 a2 15 da bb 10 Sep 21 07:25:29.854366: | data being hmac: 66 c2 f0 25 31 29 6d 13 0e e6 83 81 15 cb e9 44 Sep 21 07:25:29.854367: | data being hmac: 1c 97 60 7f fc 2a 13 e9 ac 21 f0 4c d2 4f 18 27 Sep 21 07:25:29.854369: | data being hmac: e8 7d 53 2e 28 cf fa cc 9b f3 48 8c df f6 60 4b Sep 21 07:25:29.854370: | data being hmac: 90 cb 5d 18 a0 e6 a7 9b a2 cb c3 0a d8 7c 9c ff Sep 21 07:25:29.854372: | data being hmac: 2f 72 c6 cd 75 d1 c9 37 73 ac 9c 9a 3d de 1a c5 Sep 21 07:25:29.854373: | data being hmac: dc d0 32 35 ba 58 1c e9 08 e0 ac 3a 09 84 9a 1f Sep 21 07:25:29.854375: | data being hmac: 66 87 b4 eb 34 d0 0d fe a9 72 65 ca 1e 1b 65 8c Sep 21 07:25:29.854376: | data being hmac: 63 9a 26 4e 76 15 c1 6a e7 a1 b6 0f 34 93 0a 42 Sep 21 07:25:29.854377: | data being hmac: 1c 96 8e 33 6e f3 c4 a1 11 f2 ac 67 55 d9 4e 57 Sep 21 07:25:29.854379: | data being hmac: c0 23 52 94 94 0a e1 bb 2c 05 6d 22 65 06 21 99 Sep 21 07:25:29.854380: | data being hmac: 19 ba e4 a9 a1 ad 07 03 f9 8d ca 34 f3 ae 4c 14 Sep 21 07:25:29.854382: | data being hmac: 6c c7 76 fa 0b 67 fd 87 35 2f a2 c2 b7 7b 36 23 Sep 21 07:25:29.854383: | data being hmac: 8c d5 50 c2 70 52 12 b1 37 24 c5 80 96 55 69 1f Sep 21 07:25:29.854385: | data being hmac: d2 54 1b bf b3 0c e8 e2 6e e6 9d 10 d6 2d ed 0b Sep 21 07:25:29.854386: | data being hmac: a1 49 e9 69 50 d1 69 91 cc d6 34 26 ec 17 79 ff Sep 21 07:25:29.854388: | data being hmac: 24 cf 58 85 a4 24 60 40 4f 5e de d8 b0 46 0a ad Sep 21 07:25:29.854389: | data being hmac: 37 3d da 86 0d 07 2e ec cc ba 59 9d 42 3a 16 a1 Sep 21 07:25:29.854390: | data being hmac: f0 c5 d4 43 f7 97 79 c3 a0 e0 4b f1 8a 3d 63 53 Sep 21 07:25:29.854392: | data being hmac: 88 a2 41 ee fc 5a c0 24 93 26 c9 67 ed 4e ca d1 Sep 21 07:25:29.854393: | data being hmac: 3f b2 2a b1 9d c2 96 c7 69 55 88 c7 a0 dd 6b 33 Sep 21 07:25:29.854395: | data being hmac: 7f 2a 83 cd 79 01 7a 04 4b 37 c7 82 98 86 95 dd Sep 21 07:25:29.854396: | data being hmac: f6 3f 32 10 b5 fd f0 97 fb 0e d6 34 80 79 fd 7a Sep 21 07:25:29.854398: | data being hmac: db f9 de 6b cc b7 e5 2e 47 07 b4 5e 26 19 2e 74 Sep 21 07:25:29.854399: | data being hmac: 0a 53 14 7b 55 e6 a9 5f 3f 0c 73 be 8a 2c d7 39 Sep 21 07:25:29.854401: | data being hmac: f9 01 cd 34 f5 e5 ff 10 d2 b0 e8 16 68 75 3a 21 Sep 21 07:25:29.854402: | data being hmac: c7 cb f8 23 f4 ed 47 92 a9 6d 1f ea e0 7a a7 71 Sep 21 07:25:29.854403: | data being hmac: 87 a0 01 f4 94 bf a4 a7 8d e9 8a 32 08 2d 3d 8b Sep 21 07:25:29.854405: | data being hmac: d9 3a f3 7a c6 45 e5 59 7f 32 33 db cd 22 5d b0 Sep 21 07:25:29.854406: | data being hmac: 84 97 b2 8c a7 e9 2c ea 9d 96 a5 2f ab a2 64 b3 Sep 21 07:25:29.854408: | out calculated auth: Sep 21 07:25:29.854409: | e1 21 e3 1e be 66 c0 c8 a6 4a f9 a2 f9 83 6e a8 Sep 21 07:25:29.854416: "north-eastnets/0x2" #5: negotiated new IPsec SA [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:25:29.854422: | [RE]START processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.854425: | #5 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Sep 21 07:25:29.854427: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Sep 21 07:25:29.854429: | child state #5: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:29.854431: | Message ID: updating counters for #5 to 2 after switching state Sep 21 07:25:29.854435: | Message ID: recv #1.#5 request 2; ike: initiator.sent=1 initiator.recv=0 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Sep 21 07:25:29.854438: | Message ID: sent #1.#5 response 2; ike: initiator.sent=1 initiator.recv=0 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.854441: | pstats #5 ikev2.child established Sep 21 07:25:29.854445: "north-eastnets/0x2" #5: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:25:29.854448: | NAT-T: encaps is 'auto' Sep 21 07:25:29.854451: "north-eastnets/0x2" #5: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x957b28d2 <0x46f5226f xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Sep 21 07:25:29.854454: | sending V2 new request packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:29.854458: | sending 608 bytes for STATE_V2_CREATE_R through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:29.854460: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.854461: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:25:29.854463: | 93 10 9a a8 53 5c 1f e0 f8 c4 ac bc c2 d8 35 43 Sep 21 07:25:29.854464: | 33 9b 58 3a ae fb 82 dd 69 34 b5 a3 40 30 3b af Sep 21 07:25:29.854465: | 56 77 2b 64 9d 0d 02 cd e7 84 f5 6b 8f 1e 60 21 Sep 21 07:25:29.854467: | c6 1d c7 65 c2 7f b1 21 52 03 90 d7 5f 47 a6 3b Sep 21 07:25:29.854468: | 9c 41 7e 7e 8f cc 6f bd 06 21 07 a6 7f 49 4b 15 Sep 21 07:25:29.854469: | 35 6c e7 be 41 19 ba 15 19 ae 68 a2 15 da bb 10 Sep 21 07:25:29.854471: | 66 c2 f0 25 31 29 6d 13 0e e6 83 81 15 cb e9 44 Sep 21 07:25:29.854472: | 1c 97 60 7f fc 2a 13 e9 ac 21 f0 4c d2 4f 18 27 Sep 21 07:25:29.854474: | e8 7d 53 2e 28 cf fa cc 9b f3 48 8c df f6 60 4b Sep 21 07:25:29.854475: | 90 cb 5d 18 a0 e6 a7 9b a2 cb c3 0a d8 7c 9c ff Sep 21 07:25:29.854476: | 2f 72 c6 cd 75 d1 c9 37 73 ac 9c 9a 3d de 1a c5 Sep 21 07:25:29.854478: | dc d0 32 35 ba 58 1c e9 08 e0 ac 3a 09 84 9a 1f Sep 21 07:25:29.854479: | 66 87 b4 eb 34 d0 0d fe a9 72 65 ca 1e 1b 65 8c Sep 21 07:25:29.854481: | 63 9a 26 4e 76 15 c1 6a e7 a1 b6 0f 34 93 0a 42 Sep 21 07:25:29.854482: | 1c 96 8e 33 6e f3 c4 a1 11 f2 ac 67 55 d9 4e 57 Sep 21 07:25:29.854483: | c0 23 52 94 94 0a e1 bb 2c 05 6d 22 65 06 21 99 Sep 21 07:25:29.854485: | 19 ba e4 a9 a1 ad 07 03 f9 8d ca 34 f3 ae 4c 14 Sep 21 07:25:29.854486: | 6c c7 76 fa 0b 67 fd 87 35 2f a2 c2 b7 7b 36 23 Sep 21 07:25:29.854487: | 8c d5 50 c2 70 52 12 b1 37 24 c5 80 96 55 69 1f Sep 21 07:25:29.854489: | d2 54 1b bf b3 0c e8 e2 6e e6 9d 10 d6 2d ed 0b Sep 21 07:25:29.854490: | a1 49 e9 69 50 d1 69 91 cc d6 34 26 ec 17 79 ff Sep 21 07:25:29.854492: | 24 cf 58 85 a4 24 60 40 4f 5e de d8 b0 46 0a ad Sep 21 07:25:29.854493: | 37 3d da 86 0d 07 2e ec cc ba 59 9d 42 3a 16 a1 Sep 21 07:25:29.854494: | f0 c5 d4 43 f7 97 79 c3 a0 e0 4b f1 8a 3d 63 53 Sep 21 07:25:29.854496: | 88 a2 41 ee fc 5a c0 24 93 26 c9 67 ed 4e ca d1 Sep 21 07:25:29.854497: | 3f b2 2a b1 9d c2 96 c7 69 55 88 c7 a0 dd 6b 33 Sep 21 07:25:29.854498: | 7f 2a 83 cd 79 01 7a 04 4b 37 c7 82 98 86 95 dd Sep 21 07:25:29.854500: | f6 3f 32 10 b5 fd f0 97 fb 0e d6 34 80 79 fd 7a Sep 21 07:25:29.854501: | db f9 de 6b cc b7 e5 2e 47 07 b4 5e 26 19 2e 74 Sep 21 07:25:29.854503: | 0a 53 14 7b 55 e6 a9 5f 3f 0c 73 be 8a 2c d7 39 Sep 21 07:25:29.854504: | f9 01 cd 34 f5 e5 ff 10 d2 b0 e8 16 68 75 3a 21 Sep 21 07:25:29.854505: | c7 cb f8 23 f4 ed 47 92 a9 6d 1f ea e0 7a a7 71 Sep 21 07:25:29.854507: | 87 a0 01 f4 94 bf a4 a7 8d e9 8a 32 08 2d 3d 8b Sep 21 07:25:29.854508: | d9 3a f3 7a c6 45 e5 59 7f 32 33 db cd 22 5d b0 Sep 21 07:25:29.854510: | 84 97 b2 8c a7 e9 2c ea 9d 96 a5 2f ab a2 64 b3 Sep 21 07:25:29.854511: | e1 21 e3 1e be 66 c0 c8 a6 4a f9 a2 f9 83 6e a8 Sep 21 07:25:29.854551: | releasing whack for #5 (sock=fd@-1) Sep 21 07:25:29.854554: | releasing whack and unpending for parent #1 Sep 21 07:25:29.854556: | unpending state #1 connection "north-eastnets/0x2" Sep 21 07:25:29.854559: | #5 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:29.854561: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.854566: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:29.854568: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddc8ae0 Sep 21 07:25:29.854570: | event_schedule: new EVENT_SA_REKEY-pe@0x555cbddc8ae0 Sep 21 07:25:29.854572: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #5 Sep 21 07:25:29.854574: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:29.854579: | #5 spent 1.65 milliseconds in resume sending helper answer Sep 21 07:25:29.854583: | stop processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.854585: | libevent_free: release ptr-libevent@0x7fd380001100 Sep 21 07:25:29.854596: | spent 0.00118 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:29.854603: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:29.854605: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.854606: | 2e 20 24 28 00 00 00 01 00 00 02 60 21 00 02 44 Sep 21 07:25:29.854607: | b4 6a c9 f1 66 e4 f6 68 17 36 a2 13 b0 85 2a 64 Sep 21 07:25:29.854609: | 79 b2 d2 a4 22 8b 36 f6 f2 d1 fd 41 b7 85 99 44 Sep 21 07:25:29.854610: | b4 67 e4 28 50 ff a8 cb a3 25 8d ad e9 3f 37 43 Sep 21 07:25:29.854612: | fd 43 b4 8a e7 bc 19 d6 65 51 3c 8e 8f b0 63 97 Sep 21 07:25:29.854613: | 0e c5 10 a1 48 a1 dd e5 77 c1 26 ac e7 b5 10 8b Sep 21 07:25:29.854614: | 9e ee c7 54 93 b0 fd 3b da 02 2d aa df 7b a9 91 Sep 21 07:25:29.854616: | 65 53 ce bc 4e 26 e6 fd ac 7c 94 b2 d4 55 36 4f Sep 21 07:25:29.854617: | bc 6a 48 13 90 4c 9d 00 28 c8 2d 19 29 75 69 83 Sep 21 07:25:29.854618: | 26 75 3d d7 c1 e8 a1 11 1d ef b2 25 1f 67 a2 64 Sep 21 07:25:29.854620: | a4 68 6d a1 a9 8f ed da f6 90 91 d0 fc 20 0b 81 Sep 21 07:25:29.854621: | d0 03 5a a3 41 29 63 a0 93 ea c4 64 e2 db 6d 57 Sep 21 07:25:29.854623: | 4e 08 1a 37 4f 8a bf 29 b3 02 65 b7 d8 c6 ab 35 Sep 21 07:25:29.854624: | 5f 2f 0c 89 c0 4e 1f 6a 72 29 0a 30 b4 b3 57 75 Sep 21 07:25:29.854625: | 40 1d c7 02 47 88 45 d0 b7 96 72 31 dc eb 87 16 Sep 21 07:25:29.854627: | 6e 55 7a 9f da f6 5f ac 29 24 60 ad ae cc 6f 0c Sep 21 07:25:29.854628: | 95 bd 06 be 68 34 36 3a 5f 98 e9 4e c5 70 4b b7 Sep 21 07:25:29.854629: | 36 4d 61 9c f8 49 a3 28 e0 95 86 e8 22 20 c3 58 Sep 21 07:25:29.854631: | d2 fb 30 96 56 5c 6f 54 81 76 a4 e4 2f db d4 df Sep 21 07:25:29.854632: | 69 5d 20 dc ee f5 7e af 11 16 78 da e5 81 1a 8c Sep 21 07:25:29.854634: | 7e 06 25 a8 49 35 4a b3 9c c2 eb ee ab 02 52 38 Sep 21 07:25:29.854635: | 55 12 7b 49 9e 22 0d a9 60 68 ee 92 41 9c 57 28 Sep 21 07:25:29.854636: | 75 09 14 4c df e6 e7 03 e1 c5 ff 38 98 ea 92 d3 Sep 21 07:25:29.854638: | b7 21 d8 50 c3 57 be a4 70 eb 16 da 9a 70 90 6c Sep 21 07:25:29.854639: | 6c 62 47 81 e2 d8 5f 79 5c 98 b0 ef 9a b5 35 c6 Sep 21 07:25:29.854640: | c9 8d 12 50 e1 7c 17 36 0c 72 68 fc a6 e3 6e 58 Sep 21 07:25:29.854642: | 04 5a b3 c9 d5 57 09 85 82 99 97 87 75 3e 8b f8 Sep 21 07:25:29.854643: | 45 a0 41 7d 12 2a 4d f4 70 ea b2 b4 ec 2f d4 34 Sep 21 07:25:29.854645: | 69 6a df bf c0 a4 62 66 8b 08 23 c1 c8 ff 05 17 Sep 21 07:25:29.854646: | 94 78 22 94 34 6a df 71 42 f8 38 22 1f 96 bc 6f Sep 21 07:25:29.854647: | 46 73 6b 85 55 ab 36 5a 7c 5c 27 bf 5a 61 62 38 Sep 21 07:25:29.854649: | 09 bf 7c 73 61 8e 72 98 42 d4 0d 98 af bf c1 e1 Sep 21 07:25:29.854650: | 67 a5 5d 13 2c 43 bf fe d6 30 a4 06 85 d7 3b 8c Sep 21 07:25:29.854651: | 4b 97 e5 8d aa 9e 3d 1e 25 2c 28 dd 9c fb d8 e3 Sep 21 07:25:29.854653: | c5 0e 17 d0 70 5d 44 81 ba ed cb 12 ec b9 44 8c Sep 21 07:25:29.854654: | 1a de 03 ea da db f3 09 02 3f de 26 bf 2e c9 19 Sep 21 07:25:29.854656: | 25 46 e6 be 1a 95 2f b5 e4 f0 31 af 95 81 9c a4 Sep 21 07:25:29.854658: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:29.854662: | **parse ISAKMP Message: Sep 21 07:25:29.854664: | initiator cookie: Sep 21 07:25:29.854665: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:29.854667: | responder cookie: Sep 21 07:25:29.854668: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.854670: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:29.854672: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:29.854673: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:29.854675: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:29.854677: | Message ID: 1 (0x1) Sep 21 07:25:29.854678: | length: 608 (0x260) Sep 21 07:25:29.854680: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:29.854682: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:25:29.854685: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:29.854689: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:29.854691: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:25:29.854694: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:29.854696: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:29.854698: | #3 is idle Sep 21 07:25:29.854699: | #3 idle Sep 21 07:25:29.854701: | unpacking clear payload Sep 21 07:25:29.854702: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:29.854704: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:29.854706: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:29.854707: | flags: none (0x0) Sep 21 07:25:29.854709: | length: 580 (0x244) Sep 21 07:25:29.854711: | processing payload: ISAKMP_NEXT_v2SK (len=576) Sep 21 07:25:29.854712: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:29.854728: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:29.854730: | data for hmac: 2e 20 24 28 00 00 00 01 00 00 02 60 21 00 02 44 Sep 21 07:25:29.854732: | data for hmac: b4 6a c9 f1 66 e4 f6 68 17 36 a2 13 b0 85 2a 64 Sep 21 07:25:29.854733: | data for hmac: 79 b2 d2 a4 22 8b 36 f6 f2 d1 fd 41 b7 85 99 44 Sep 21 07:25:29.854735: | data for hmac: b4 67 e4 28 50 ff a8 cb a3 25 8d ad e9 3f 37 43 Sep 21 07:25:29.854736: | data for hmac: fd 43 b4 8a e7 bc 19 d6 65 51 3c 8e 8f b0 63 97 Sep 21 07:25:29.854738: | data for hmac: 0e c5 10 a1 48 a1 dd e5 77 c1 26 ac e7 b5 10 8b Sep 21 07:25:29.854739: | data for hmac: 9e ee c7 54 93 b0 fd 3b da 02 2d aa df 7b a9 91 Sep 21 07:25:29.854740: | data for hmac: 65 53 ce bc 4e 26 e6 fd ac 7c 94 b2 d4 55 36 4f Sep 21 07:25:29.854742: | data for hmac: bc 6a 48 13 90 4c 9d 00 28 c8 2d 19 29 75 69 83 Sep 21 07:25:29.854743: | data for hmac: 26 75 3d d7 c1 e8 a1 11 1d ef b2 25 1f 67 a2 64 Sep 21 07:25:29.854745: | data for hmac: a4 68 6d a1 a9 8f ed da f6 90 91 d0 fc 20 0b 81 Sep 21 07:25:29.854746: | data for hmac: d0 03 5a a3 41 29 63 a0 93 ea c4 64 e2 db 6d 57 Sep 21 07:25:29.854748: | data for hmac: 4e 08 1a 37 4f 8a bf 29 b3 02 65 b7 d8 c6 ab 35 Sep 21 07:25:29.854749: | data for hmac: 5f 2f 0c 89 c0 4e 1f 6a 72 29 0a 30 b4 b3 57 75 Sep 21 07:25:29.854750: | data for hmac: 40 1d c7 02 47 88 45 d0 b7 96 72 31 dc eb 87 16 Sep 21 07:25:29.854752: | data for hmac: 6e 55 7a 9f da f6 5f ac 29 24 60 ad ae cc 6f 0c Sep 21 07:25:29.854753: | data for hmac: 95 bd 06 be 68 34 36 3a 5f 98 e9 4e c5 70 4b b7 Sep 21 07:25:29.854755: | data for hmac: 36 4d 61 9c f8 49 a3 28 e0 95 86 e8 22 20 c3 58 Sep 21 07:25:29.854756: | data for hmac: d2 fb 30 96 56 5c 6f 54 81 76 a4 e4 2f db d4 df Sep 21 07:25:29.854757: | data for hmac: 69 5d 20 dc ee f5 7e af 11 16 78 da e5 81 1a 8c Sep 21 07:25:29.854759: | data for hmac: 7e 06 25 a8 49 35 4a b3 9c c2 eb ee ab 02 52 38 Sep 21 07:25:29.854761: | data for hmac: 55 12 7b 49 9e 22 0d a9 60 68 ee 92 41 9c 57 28 Sep 21 07:25:29.854763: | data for hmac: 75 09 14 4c df e6 e7 03 e1 c5 ff 38 98 ea 92 d3 Sep 21 07:25:29.854764: | data for hmac: b7 21 d8 50 c3 57 be a4 70 eb 16 da 9a 70 90 6c Sep 21 07:25:29.854766: | data for hmac: 6c 62 47 81 e2 d8 5f 79 5c 98 b0 ef 9a b5 35 c6 Sep 21 07:25:29.854767: | data for hmac: c9 8d 12 50 e1 7c 17 36 0c 72 68 fc a6 e3 6e 58 Sep 21 07:25:29.854769: | data for hmac: 04 5a b3 c9 d5 57 09 85 82 99 97 87 75 3e 8b f8 Sep 21 07:25:29.854770: | data for hmac: 45 a0 41 7d 12 2a 4d f4 70 ea b2 b4 ec 2f d4 34 Sep 21 07:25:29.854772: | data for hmac: 69 6a df bf c0 a4 62 66 8b 08 23 c1 c8 ff 05 17 Sep 21 07:25:29.854773: | data for hmac: 94 78 22 94 34 6a df 71 42 f8 38 22 1f 96 bc 6f Sep 21 07:25:29.854774: | data for hmac: 46 73 6b 85 55 ab 36 5a 7c 5c 27 bf 5a 61 62 38 Sep 21 07:25:29.854776: | data for hmac: 09 bf 7c 73 61 8e 72 98 42 d4 0d 98 af bf c1 e1 Sep 21 07:25:29.854777: | data for hmac: 67 a5 5d 13 2c 43 bf fe d6 30 a4 06 85 d7 3b 8c Sep 21 07:25:29.854779: | data for hmac: 4b 97 e5 8d aa 9e 3d 1e 25 2c 28 dd 9c fb d8 e3 Sep 21 07:25:29.854780: | data for hmac: c5 0e 17 d0 70 5d 44 81 ba ed cb 12 ec b9 44 8c Sep 21 07:25:29.854782: | data for hmac: 1a de 03 ea da db f3 09 02 3f de 26 bf 2e c9 19 Sep 21 07:25:29.854787: | calculated auth: 25 46 e6 be 1a 95 2f b5 e4 f0 31 af 95 81 9c a4 Sep 21 07:25:29.854793: | provided auth: 25 46 e6 be 1a 95 2f b5 e4 f0 31 af 95 81 9c a4 Sep 21 07:25:29.854795: | authenticator matched Sep 21 07:25:29.854801: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:29.854803: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:29.854805: | **parse IKEv2 Security Association Payload: Sep 21 07:25:29.854807: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:29.854808: | flags: none (0x0) Sep 21 07:25:29.854810: | length: 52 (0x34) Sep 21 07:25:29.854811: | processing payload: ISAKMP_NEXT_v2SA (len=48) Sep 21 07:25:29.854813: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:29.854814: | **parse IKEv2 Nonce Payload: Sep 21 07:25:29.854816: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:29.854817: | flags: none (0x0) Sep 21 07:25:29.854818: | length: 36 (0x24) Sep 21 07:25:29.854820: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:29.854821: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:29.854823: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:29.854825: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:29.854826: | flags: none (0x0) Sep 21 07:25:29.854827: | length: 392 (0x188) Sep 21 07:25:29.854829: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.854830: | processing payload: ISAKMP_NEXT_v2KE (len=384) Sep 21 07:25:29.854832: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:29.854834: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:29.854835: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:29.854836: | flags: none (0x0) Sep 21 07:25:29.854838: | length: 24 (0x18) Sep 21 07:25:29.854839: | number of TS: 1 (0x1) Sep 21 07:25:29.854841: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:29.854842: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:29.854844: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:29.854845: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:29.854847: | flags: none (0x0) Sep 21 07:25:29.854848: | length: 24 (0x18) Sep 21 07:25:29.854850: | number of TS: 1 (0x1) Sep 21 07:25:29.854851: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:29.854853: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:29.854856: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:29.854859: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:25:29.854861: | Now let's proceed with state specific processing Sep 21 07:25:29.854862: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:29.854868: | using existing local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.854871: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:25:29.854873: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:29.854874: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:29.854876: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:29.854877: | local proposal 1 type DH has 1 transforms Sep 21 07:25:29.854879: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:29.854881: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:29.854883: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:29.854884: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:29.854886: | length: 48 (0x30) Sep 21 07:25:29.854887: | prop #: 1 (0x1) Sep 21 07:25:29.854889: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:29.854890: | spi size: 4 (0x4) Sep 21 07:25:29.854892: | # transforms: 4 (0x4) Sep 21 07:25:29.854893: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:29.854895: | remote SPI a9 7b df 71 Sep 21 07:25:29.854897: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:25:29.854899: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.854900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.854902: | length: 12 (0xc) Sep 21 07:25:29.854903: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:29.854905: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:29.854906: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:29.854908: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:29.854910: | length/value: 128 (0x80) Sep 21 07:25:29.854912: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:29.854914: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.854916: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.854917: | length: 8 (0x8) Sep 21 07:25:29.854919: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:29.854920: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:29.854922: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:25:29.854924: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.854925: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:29.854927: | length: 8 (0x8) Sep 21 07:25:29.854928: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:29.854930: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:29.854932: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:29.854933: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:29.854935: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:29.854936: | length: 8 (0x8) Sep 21 07:25:29.854938: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:29.854939: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:29.854941: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:29.854944: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Sep 21 07:25:29.854946: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Sep 21 07:25:29.854948: | remote proposal 1 matches local proposal 1 Sep 21 07:25:29.854951: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Sep 21 07:25:29.854954: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=a97bdf71;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:29.854956: | converting proposal to internal trans attrs Sep 21 07:25:29.854959: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:25:29.854962: | adding ikev2 Child SA initiator pfs=yes work-order 8 for state #3 Sep 21 07:25:29.854964: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:29.854966: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:25:29.854968: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:29.854970: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555cbddca260 Sep 21 07:25:29.854972: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:29.854974: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:29.854976: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:29.854983: | #3 spent 0.118 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:25:29.854987: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.854989: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:25:29.854987: | crypto helper 1 resuming Sep 21 07:25:29.855002: | crypto helper 1 starting work-order 8 for state #3 Sep 21 07:25:29.855008: | crypto helper 1 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 8 Sep 21 07:25:29.854991: | suspending state #3 and saving MD Sep 21 07:25:29.855046: | #3 is busy; has a suspended MD Sep 21 07:25:29.855051: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:29.855054: | "north-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:29.855057: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:29.855061: | #1 spent 0.452 milliseconds in ikev2_process_packet() Sep 21 07:25:29.855064: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:29.855066: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:29.855067: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:29.855070: | spent 0.462 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:29.855072: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.855076: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.855078: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.855080: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.855082: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.855084: | spent 0.00232 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.855086: | processing signal PLUTO_SIGCHLD Sep 21 07:25:29.855088: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:29.855090: | spent 0.00228 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:29.857200: | crypto helper 1 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 8 time elapsed 0.002192 seconds Sep 21 07:25:29.857215: | (#3) spent 2.2 milliseconds in crypto helper computing work-order 8: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:25:29.857220: | crypto helper 1 sending results from work-order 8 for state #3 to event queue Sep 21 07:25:29.857223: | scheduling resume sending helper answer for #3 Sep 21 07:25:29.857227: | libevent_malloc: new ptr-libevent@0x7fd394006b50 size 128 Sep 21 07:25:29.857235: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:29.857243: | processing resume sending helper answer for #3 Sep 21 07:25:29.857253: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:29.857256: | crypto helper 1 replies to request ID 8 Sep 21 07:25:29.857258: | calling continuation function 0x555cbc3b14f0 Sep 21 07:25:29.857261: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:25:29.857264: | TSi: parsing 1 traffic selectors Sep 21 07:25:29.857267: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.857269: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.857270: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.857272: | length: 16 (0x10) Sep 21 07:25:29.857274: | start port: 0 (0x0) Sep 21 07:25:29.857277: | end port: 65535 (0xffff) Sep 21 07:25:29.857279: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.857281: | TS low c0 00 03 00 Sep 21 07:25:29.857282: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.857284: | TS high c0 00 03 ff Sep 21 07:25:29.857285: | TSi: parsed 1 traffic selectors Sep 21 07:25:29.857287: | TSr: parsing 1 traffic selectors Sep 21 07:25:29.857289: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:29.857291: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:29.857293: | IP Protocol ID: 0 (0x0) Sep 21 07:25:29.857295: | length: 16 (0x10) Sep 21 07:25:29.857296: | start port: 0 (0x0) Sep 21 07:25:29.857298: | end port: 65535 (0xffff) Sep 21 07:25:29.857299: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:29.857301: | TS low c0 00 16 00 Sep 21 07:25:29.857302: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:29.857304: | TS high c0 00 16 ff Sep 21 07:25:29.857306: | TSr: parsed 1 traffic selectors Sep 21 07:25:29.857311: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:25:29.857314: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.857318: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:29.857320: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:29.857322: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:29.857325: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:29.857327: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.857330: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:29.857333: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:25:29.857335: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:29.857337: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:29.857340: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:29.857342: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:29.857344: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:29.857345: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:29.857346: | printing contents struct traffic_selector Sep 21 07:25:29.857348: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:29.857349: | ipprotoid: 0 Sep 21 07:25:29.857351: | port range: 0-65535 Sep 21 07:25:29.857354: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:29.857356: | printing contents struct traffic_selector Sep 21 07:25:29.857358: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:29.857359: | ipprotoid: 0 Sep 21 07:25:29.857361: | port range: 0-65535 Sep 21 07:25:29.857363: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:25:29.857366: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:25:29.857603: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:25:29.857610: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:25:29.857613: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.857620: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.857623: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.857627: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.857630: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.857634: | route owner of "north-eastnets/0x2" erouted: self; eroute owner: self Sep 21 07:25:29.857637: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.857639: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.857641: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.857643: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.857645: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:25:29.857648: | netlink: enabling tunnel mode Sep 21 07:25:29.857650: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.857653: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.857711: | netlink response for Add SA esp.a97bdf71@192.1.2.23 included non-error error Sep 21 07:25:29.857716: | set up outgoing SA, ref=0/0 Sep 21 07:25:29.857720: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:25:29.857724: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:25:29.857727: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:25:29.857730: | setting IPsec SA replay-window to 32 Sep 21 07:25:29.857731: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:25:29.857733: | netlink: enabling tunnel mode Sep 21 07:25:29.857735: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:29.857736: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:29.857779: | netlink response for Add SA esp.d708ce0@192.1.3.33 included non-error error Sep 21 07:25:29.857788: | set up incoming SA, ref=0/0 Sep 21 07:25:29.857794: | sr for #3: erouted Sep 21 07:25:29.857798: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:29.857801: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:29.857804: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.857807: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:29.857810: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:29.857813: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:29.857817: | route owner of "north-eastnets/0x2" erouted: self; eroute owner: self Sep 21 07:25:29.857822: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:north-eastnets/0x2 esr:{(nil)} ro:north-eastnets/0x2 rosr:{(nil)} and state: #3 Sep 21 07:25:29.857826: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:29.857835: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:29.857839: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:29.857865: | raw_eroute result=success Sep 21 07:25:29.857869: | route_and_eroute: firewall_notified: true Sep 21 07:25:29.857874: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x555cbddc0a60,sr=0x555cbddc0a60} to #3 (was #5) (newest_ipsec_sa=#5) Sep 21 07:25:29.857929: | #1 spent 0.32 milliseconds in install_ipsec_sa() Sep 21 07:25:29.857933: | inR2: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #5) (spd.eroute=#3) cloned from #1 Sep 21 07:25:29.857935: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:29.857937: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:29.857939: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:29.857943: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:29.857948: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:25:29.857950: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:25:29.857952: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:29.857954: | Message ID: updating counters for #3 to 1 after switching state Sep 21 07:25:29.857957: | Message ID: recv #1.#3 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=2 responder.recv=2; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:29.857960: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:29.857962: | pstats #3 ikev2.child established Sep 21 07:25:29.857966: "north-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:25:29.857974: | NAT-T: encaps is 'auto' Sep 21 07:25:29.857977: "north-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xa97bdf71 <0x0d708ce0 xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Sep 21 07:25:29.857980: | releasing whack for #3 (sock=fd@24) Sep 21 07:25:29.857985: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:25:29.857987: | releasing whack and unpending for parent #1 Sep 21 07:25:29.857989: | unpending state #1 connection "north-eastnets/0x2" Sep 21 07:25:29.857991: | #3 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:29.857993: | event_schedule: new EVENT_SA_REKEY-pe@0x555cbddca260 Sep 21 07:25:29.857996: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #3 Sep 21 07:25:29.857997: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:29.858001: | #3 spent 0.74 milliseconds in resume sending helper answer Sep 21 07:25:29.858004: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:29.858006: | libevent_free: release ptr-libevent@0x7fd394006b50 Sep 21 07:25:29.919491: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:29.919661: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:29.919665: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:29.919765: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:29.919770: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:29.919779: | get_sa_info esp.c9118a85@192.1.3.33 Sep 21 07:25:29.919802: | get_sa_info esp.a8c71918@192.1.2.23 Sep 21 07:25:29.919820: | get_sa_info esp.53e891ee@192.1.3.33 Sep 21 07:25:29.919828: | get_sa_info esp.709ab278@192.1.2.23 Sep 21 07:25:29.919844: | get_sa_info esp.d708ce0@192.1.3.33 Sep 21 07:25:29.919852: | get_sa_info esp.a97bdf71@192.1.2.23 Sep 21 07:25:29.919866: | get_sa_info esp.46f5226f@192.1.3.33 Sep 21 07:25:29.919874: | get_sa_info esp.957b28d2@192.1.2.23 Sep 21 07:25:29.919894: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:29.919901: | spent 0.413 milliseconds in whack Sep 21 07:25:31.061264: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.061288: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:31.061292: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:31.061300: | get_sa_info esp.c9118a85@192.1.3.33 Sep 21 07:25:31.061318: | get_sa_info esp.a8c71918@192.1.2.23 Sep 21 07:25:31.061334: | get_sa_info esp.53e891ee@192.1.3.33 Sep 21 07:25:31.061342: | get_sa_info esp.709ab278@192.1.2.23 Sep 21 07:25:31.061353: | get_sa_info esp.d708ce0@192.1.3.33 Sep 21 07:25:31.061360: | get_sa_info esp.a97bdf71@192.1.2.23 Sep 21 07:25:31.061371: | get_sa_info esp.46f5226f@192.1.3.33 Sep 21 07:25:31.061378: | get_sa_info esp.957b28d2@192.1.2.23 Sep 21 07:25:31.061395: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.061403: | spent 0.147 milliseconds in whack Sep 21 07:25:31.884493: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.884512: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:31.884516: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:31.884522: | get_sa_info esp.c9118a85@192.1.3.33 Sep 21 07:25:31.884535: | get_sa_info esp.a8c71918@192.1.2.23 Sep 21 07:25:31.884548: | get_sa_info esp.53e891ee@192.1.3.33 Sep 21 07:25:31.884557: | get_sa_info esp.709ab278@192.1.2.23 Sep 21 07:25:31.884569: | get_sa_info esp.d708ce0@192.1.3.33 Sep 21 07:25:31.884576: | get_sa_info esp.a97bdf71@192.1.2.23 Sep 21 07:25:31.884586: | get_sa_info esp.46f5226f@192.1.3.33 Sep 21 07:25:31.884594: | get_sa_info esp.957b28d2@192.1.2.23 Sep 21 07:25:31.884607: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.884614: | spent 0.128 milliseconds in whack Sep 21 07:25:32.241866: | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.241888: | *received 80 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.241893: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.241896: | 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.241899: | 9a 2e 7b 76 df 23 23 2b 02 35 16 f3 8e 75 ae 90 Sep 21 07:25:32.241902: | 5b 34 d9 d9 81 8d 7c bd 0f 77 96 bc 91 4a d2 0e Sep 21 07:25:32.241904: | 5a 1f 25 97 0b ad 43 02 e6 59 8f 03 10 6d ee ca Sep 21 07:25:32.241910: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.241914: | **parse ISAKMP Message: Sep 21 07:25:32.241917: | initiator cookie: Sep 21 07:25:32.241919: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.241922: | responder cookie: Sep 21 07:25:32.241925: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.241928: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.241930: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.241932: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.241934: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.241935: | Message ID: 3 (0x3) Sep 21 07:25:32.241937: | length: 80 (0x50) Sep 21 07:25:32.241939: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.241941: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.241945: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:32.241949: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.241951: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.241954: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.241956: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 Sep 21 07:25:32.241959: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=2 responder.recv=2 Sep 21 07:25:32.241961: | unpacking clear payload Sep 21 07:25:32.241962: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.241964: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.241966: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.241967: | flags: none (0x0) Sep 21 07:25:32.241969: | length: 52 (0x34) Sep 21 07:25:32.241971: | processing payload: ISAKMP_NEXT_v2SK (len=48) Sep 21 07:25:32.241973: | Message ID: start-responder #1 request 3; ike: initiator.sent=1 initiator.recv=1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 Sep 21 07:25:32.241975: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.241997: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.241999: | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.242004: | data for hmac: 9a 2e 7b 76 df 23 23 2b 02 35 16 f3 8e 75 ae 90 Sep 21 07:25:32.242006: | data for hmac: 5b 34 d9 d9 81 8d 7c bd 0f 77 96 bc 91 4a d2 0e Sep 21 07:25:32.242008: | calculated auth: 5a 1f 25 97 0b ad 43 02 e6 59 8f 03 10 6d ee ca Sep 21 07:25:32.242009: | provided auth: 5a 1f 25 97 0b ad 43 02 e6 59 8f 03 10 6d ee ca Sep 21 07:25:32.242010: | authenticator matched Sep 21 07:25:32.242018: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.242020: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.242022: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.242023: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.242025: | flags: none (0x0) Sep 21 07:25:32.242026: | length: 12 (0xc) Sep 21 07:25:32.242028: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.242029: | SPI size: 4 (0x4) Sep 21 07:25:32.242031: | number of SPIs: 1 (0x1) Sep 21 07:25:32.242032: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:32.242034: | selected state microcode R2: process INFORMATIONAL Request Sep 21 07:25:32.242035: | Now let's proceed with state specific processing Sep 21 07:25:32.242037: | calling processor R2: process INFORMATIONAL Request Sep 21 07:25:32.242039: | an informational request should send a response Sep 21 07:25:32.242043: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.242045: | **emit ISAKMP Message: Sep 21 07:25:32.242047: | initiator cookie: Sep 21 07:25:32.242048: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.242050: | responder cookie: Sep 21 07:25:32.242051: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.242053: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.242054: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.242056: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.242057: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.242059: | Message ID: 3 (0x3) Sep 21 07:25:32.242061: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.242062: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.242064: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.242065: | flags: none (0x0) Sep 21 07:25:32.242067: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.242069: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.242071: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.242075: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:32.242076: | SPI a9 7b df 71 Sep 21 07:25:32.242078: | delete PROTO_v2_ESP SA(0xa97bdf71) Sep 21 07:25:32.242080: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:32.242082: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:32.242084: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xa97bdf71) Sep 21 07:25:32.242086: "north-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:25:32.242088: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.242091: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:32.242092: | free_event_entry: release EVENT_SA_REKEY-pe@0x555cbddca260 Sep 21 07:25:32.242094: | event_schedule: new EVENT_SA_REPLACE-pe@0x555cbddca260 Sep 21 07:25:32.242097: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:25:32.242099: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:32.242102: | ****emit IKEv2 Delete Payload: Sep 21 07:25:32.242103: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.242105: | flags: none (0x0) Sep 21 07:25:32.242106: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.242109: | SPI size: 4 (0x4) Sep 21 07:25:32.242110: | number of SPIs: 1 (0x1) Sep 21 07:25:32.242112: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:32.242114: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.242116: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:32.242118: | local SPIs 0d 70 8c e0 Sep 21 07:25:32.242119: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:32.242121: | adding 4 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.242123: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.242125: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.242126: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.242128: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.242130: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.242131: | emitting length of IKEv2 Encryption Payload: 52 Sep 21 07:25:32.242133: | emitting length of ISAKMP Message: 80 Sep 21 07:25:32.242147: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.242149: | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.242151: | data being hmac: 70 70 3e 62 23 03 5c 1a e8 80 ea a4 e1 88 27 f1 Sep 21 07:25:32.242152: | data being hmac: 78 73 0e 32 d7 7e b2 45 06 f4 94 83 29 c7 7b 14 Sep 21 07:25:32.242153: | out calculated auth: Sep 21 07:25:32.242155: | 56 bb 3a 9d 46 d6 e0 8a 6a dd b3 4b 17 44 bd a4 Sep 21 07:25:32.242160: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.242161: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.242163: | 2e 20 25 20 00 00 00 03 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.242164: | 70 70 3e 62 23 03 5c 1a e8 80 ea a4 e1 88 27 f1 Sep 21 07:25:32.242166: | 78 73 0e 32 d7 7e b2 45 06 f4 94 83 29 c7 7b 14 Sep 21 07:25:32.242167: | 56 bb 3a 9d 46 d6 e0 8a 6a dd b3 4b 17 44 bd a4 Sep 21 07:25:32.242192: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 Sep 21 07:25:32.242195: | Message ID: sent #1 response 3; ike: initiator.sent=1 initiator.recv=1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 Sep 21 07:25:32.242200: | #1 spent 0.146 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:32.242203: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.242206: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Sep 21 07:25:32.242208: | Message ID: updating counters for #1 to 3 after switching state Sep 21 07:25:32.242210: | Message ID: recv #1 request 3; ike: initiator.sent=1 initiator.recv=1 responder.sent=3 responder.recv=2->3 wip.initiator=-1 wip.responder=3->-1 Sep 21 07:25:32.242213: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.242215: "north-eastnets/0x2" #1: STATE_PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.242218: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.242221: | #1 spent 0.329 milliseconds in ikev2_process_packet() Sep 21 07:25:32.242225: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.242227: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.242229: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.242232: | spent 0.34 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.242237: | timer_event_cb: processing event@0x555cbddca260 Sep 21 07:25:32.242239: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:25:32.242242: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.242244: | picked newest_ipsec_sa #3 for #3 Sep 21 07:25:32.242246: | replacing stale CHILD SA Sep 21 07:25:32.242249: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:32.242250: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.242253: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:32.242256: | creating state object #6 at 0x555cbddd73f0 Sep 21 07:25:32.242258: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:25:32.242261: | pstats #6 ikev2.child started Sep 21 07:25:32.242262: | duplicating state object #1 "north-eastnets/0x2" as #6 for IPSEC SA Sep 21 07:25:32.242265: | #6 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:32.242269: | Message ID: init_child #1.#6; ike: initiator.sent=1 initiator.recv=1 responder.sent=3 responder.recv=3; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.242272: | suspend processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:32.242275: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:32.242277: | child state #6: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:32.242283: | using existing local ESP/AH proposals for north-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:32.242333: | #6 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP3072 Sep 21 07:25:32.242341: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x555cbddc9740 Sep 21 07:25:32.242345: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #6 Sep 21 07:25:32.242349: | libevent_malloc: new ptr-libevent@0x7fd394006b50 size 128 Sep 21 07:25:32.242354: | RESET processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:32.242356: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fd394002b20 Sep 21 07:25:32.242359: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:25:32.242361: | libevent_malloc: new ptr-libevent@0x7fd388006e20 size 128 Sep 21 07:25:32.242363: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:32.242365: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555cbddca260 Sep 21 07:25:32.242368: | #3 spent 0.096 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:32.242370: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.242374: | timer_event_cb: processing event@0x555cbddc9740 Sep 21 07:25:32.242376: | handling event EVENT_v2_INITIATE_CHILD for child state #6 Sep 21 07:25:32.242379: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.242382: | adding Child Rekey Initiator KE and nonce ni work-order 9 for state #6 Sep 21 07:25:32.242384: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:32.242386: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:25:32.242388: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:32.242393: | libevent_free: release ptr-libevent@0x7fd394006b50 Sep 21 07:25:32.242397: | crypto helper 0 resuming Sep 21 07:25:32.242406: | crypto helper 0 starting work-order 9 for state #6 Sep 21 07:25:32.242410: | crypto helper 0 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 9 Sep 21 07:25:32.242398: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x555cbddc9740 Sep 21 07:25:32.242426: | #6 spent 0.0444 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:32.242433: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.242438: | timer_event_cb: processing event@0x7fd394002b20 Sep 21 07:25:32.242441: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:25:32.242446: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.242449: | picked newest_ipsec_sa #3 for #3 Sep 21 07:25:32.242452: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:32.242455: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:25:32.242457: | pstats #3 ikev2.child deleted completed Sep 21 07:25:32.242461: | #3 spent 5.13 milliseconds in total Sep 21 07:25:32.242465: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.242469: "north-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 2.449s and NOT sending notification Sep 21 07:25:32.242472: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:32.242476: | get_sa_info esp.a97bdf71@192.1.2.23 Sep 21 07:25:32.242488: | get_sa_info esp.d708ce0@192.1.3.33 Sep 21 07:25:32.242496: "north-eastnets/0x2" #3: ESP traffic information: in=0B out=672B Sep 21 07:25:32.242500: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.242551: | running updown command "ipsec _updown" for verb down Sep 21 07:25:32.242555: | command executing down-client Sep 21 07:25:32.242582: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050729' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:25:32.242586: | popen cmd is 1053 chars long Sep 21 07:25:32.242589: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Sep 21 07:25:32.242591: | cmd( 80):2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Sep 21 07:25:32.242594: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:25:32.242596: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:32.242599: | cmd( 320):TO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:32.242602: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO: Sep 21 07:25:32.242604: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:32.242607: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050729' PLUTO_CONN_POLICY: Sep 21 07:25:32.242611: | cmd( 640):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:25:32.242614: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:25:32.242617: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:25:32.242620: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:25:32.242622: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa97bdf71 SPI_OUT=0xd708ce0 ipsec: Sep 21 07:25:32.242625: | cmd(1040): _updown 2>&1: Sep 21 07:25:32.243980: | crypto helper 0 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 9 time elapsed 0.00157 seconds Sep 21 07:25:32.243990: | (#6) spent 1.57 milliseconds in crypto helper computing work-order 9: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:32.243992: | crypto helper 0 sending results from work-order 9 for state #6 to event queue Sep 21 07:25:32.243994: | scheduling resume sending helper answer for #6 Sep 21 07:25:32.243997: | libevent_malloc: new ptr-libevent@0x7fd38c00fd60 size 128 Sep 21 07:25:32.244000: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:32.257224: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:25:32.257244: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:25:32.257249: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.257252: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:32.257302: | delete esp.a97bdf71@192.1.2.23 Sep 21 07:25:32.257333: | netlink response for Del SA esp.a97bdf71@192.1.2.23 included non-error error Sep 21 07:25:32.257338: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.257345: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.257387: | raw_eroute result=success Sep 21 07:25:32.257392: | delete esp.d708ce0@192.1.3.33 Sep 21 07:25:32.257413: | netlink response for Del SA esp.d708ce0@192.1.3.33 included non-error error Sep 21 07:25:32.257420: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:32.257423: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:25:32.257427: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.257449: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.257460: | State DB: found IKEv2 state #6 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:32.257463: | can't expire unused IKE SA #1; it has the child #6 Sep 21 07:25:32.257468: | libevent_free: release ptr-libevent@0x7fd388006e20 Sep 21 07:25:32.257471: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fd394002b20 Sep 21 07:25:32.257474: | in statetime_stop() and could not find #3 Sep 21 07:25:32.257477: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.257494: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.257506: | *received 80 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.257508: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.257511: | 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.257513: | 44 51 54 0d db 38 0f 20 9c 4c 7b 2d c5 bb 4a f7 Sep 21 07:25:32.257515: | 67 0c f5 ca a5 8b 9e 7c f9 f2 81 39 33 e1 b8 12 Sep 21 07:25:32.257517: | 0d f7 04 0b fa 35 dc ad 00 f0 31 8c 6c 6b 98 1c Sep 21 07:25:32.257521: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.257525: | **parse ISAKMP Message: Sep 21 07:25:32.257528: | initiator cookie: Sep 21 07:25:32.257530: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.257532: | responder cookie: Sep 21 07:25:32.257534: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.257538: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.257541: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.257544: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.257546: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.257548: | Message ID: 4 (0x4) Sep 21 07:25:32.257550: | length: 80 (0x50) Sep 21 07:25:32.257553: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.257556: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.257559: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:32.257566: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.257569: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.257574: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.257577: | #1 st.st_msgid_lastrecv 3 md.hdr.isa_msgid 00000004 Sep 21 07:25:32.257581: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=3 responder.recv=3 Sep 21 07:25:32.257584: | unpacking clear payload Sep 21 07:25:32.257586: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.257589: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.257590: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.257592: | flags: none (0x0) Sep 21 07:25:32.257593: | length: 52 (0x34) Sep 21 07:25:32.257595: | processing payload: ISAKMP_NEXT_v2SK (len=48) Sep 21 07:25:32.257598: | Message ID: start-responder #1 request 4; ike: initiator.sent=1 initiator.recv=1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=-1->4 Sep 21 07:25:32.257600: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.257624: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.257626: | data for hmac: 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.257627: | data for hmac: 44 51 54 0d db 38 0f 20 9c 4c 7b 2d c5 bb 4a f7 Sep 21 07:25:32.257629: | data for hmac: 67 0c f5 ca a5 8b 9e 7c f9 f2 81 39 33 e1 b8 12 Sep 21 07:25:32.257630: | calculated auth: 0d f7 04 0b fa 35 dc ad 00 f0 31 8c 6c 6b 98 1c Sep 21 07:25:32.257632: | provided auth: 0d f7 04 0b fa 35 dc ad 00 f0 31 8c 6c 6b 98 1c Sep 21 07:25:32.257633: | authenticator matched Sep 21 07:25:32.257642: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.257645: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.257648: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.257652: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.257657: | flags: none (0x0) Sep 21 07:25:32.257660: | length: 12 (0xc) Sep 21 07:25:32.257663: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.257666: | SPI size: 4 (0x4) Sep 21 07:25:32.257669: | number of SPIs: 1 (0x1) Sep 21 07:25:32.257672: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:32.257675: | selected state microcode R2: process INFORMATIONAL Request Sep 21 07:25:32.257678: | Now let's proceed with state specific processing Sep 21 07:25:32.257681: | calling processor R2: process INFORMATIONAL Request Sep 21 07:25:32.257686: | an informational request should send a response Sep 21 07:25:32.257691: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.257694: | **emit ISAKMP Message: Sep 21 07:25:32.257698: | initiator cookie: Sep 21 07:25:32.257700: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.257703: | responder cookie: Sep 21 07:25:32.257706: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.257709: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.257712: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.257715: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.257720: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.257723: | Message ID: 4 (0x4) Sep 21 07:25:32.257727: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.257731: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.257734: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.257737: | flags: none (0x0) Sep 21 07:25:32.257741: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.257744: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.257748: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.257758: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:32.257761: | SPI 70 9a b2 78 Sep 21 07:25:32.257764: | delete PROTO_v2_ESP SA(0x709ab278) Sep 21 07:25:32.257768: | v2 CHILD SA #4 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:32.257771: | State DB: found IKEv2 state #4 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:32.257774: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x709ab278) Sep 21 07:25:32.257778: "north-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #4 now Sep 21 07:25:32.257782: | state #4 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.257804: | libevent_free: release ptr-libevent@0x7fd390005780 Sep 21 07:25:32.257808: | free_event_entry: release EVENT_SA_REKEY-pe@0x555cbddca3a0 Sep 21 07:25:32.257812: | event_schedule: new EVENT_SA_REPLACE-pe@0x555cbddca3a0 Sep 21 07:25:32.257816: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 Sep 21 07:25:32.257820: | libevent_malloc: new ptr-libevent@0x7fd390005780 size 128 Sep 21 07:25:32.257825: | ****emit IKEv2 Delete Payload: Sep 21 07:25:32.257827: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.257829: | flags: none (0x0) Sep 21 07:25:32.257830: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.257832: | SPI size: 4 (0x4) Sep 21 07:25:32.257833: | number of SPIs: 1 (0x1) Sep 21 07:25:32.257835: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:32.257837: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.257839: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:32.257841: | local SPIs 53 e8 91 ee Sep 21 07:25:32.257842: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:32.257844: | adding 4 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.257846: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.257848: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.257850: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.257851: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.257853: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.257855: | emitting length of IKEv2 Encryption Payload: 52 Sep 21 07:25:32.257856: | emitting length of ISAKMP Message: 80 Sep 21 07:25:32.257874: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.257877: | data being hmac: 2e 20 25 20 00 00 00 04 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.257878: | data being hmac: f5 13 d9 f3 47 5c 95 47 58 5d 1d 35 fd 03 3b e4 Sep 21 07:25:32.257880: | data being hmac: 38 7c a6 fa df a7 53 7d a9 88 31 7f 7b e2 9a db Sep 21 07:25:32.257881: | out calculated auth: Sep 21 07:25:32.257883: | bd 8a 7b bb 45 04 fd 0c 4e 30 40 2b 42 6e f2 fa Sep 21 07:25:32.257888: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.257892: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.257893: | 2e 20 25 20 00 00 00 04 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.257895: | f5 13 d9 f3 47 5c 95 47 58 5d 1d 35 fd 03 3b e4 Sep 21 07:25:32.257896: | 38 7c a6 fa df a7 53 7d a9 88 31 7f 7b e2 9a db Sep 21 07:25:32.257898: | bd 8a 7b bb 45 04 fd 0c 4e 30 40 2b 42 6e f2 fa Sep 21 07:25:32.257934: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=4 Sep 21 07:25:32.257938: | Message ID: sent #1 response 4; ike: initiator.sent=1 initiator.recv=1 responder.sent=3->4 responder.recv=3 wip.initiator=-1 wip.responder=4 Sep 21 07:25:32.257942: | #1 spent 0.222 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:32.257946: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.257949: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Sep 21 07:25:32.257951: | Message ID: updating counters for #1 to 4 after switching state Sep 21 07:25:32.257954: | Message ID: recv #1 request 4; ike: initiator.sent=1 initiator.recv=1 responder.sent=4 responder.recv=3->4 wip.initiator=-1 wip.responder=4->-1 Sep 21 07:25:32.257956: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=4 responder.recv=4 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.257958: "north-eastnets/0x2" #1: STATE_PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.257962: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.257964: | #1 spent 0.432 milliseconds in ikev2_process_packet() Sep 21 07:25:32.257967: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.257969: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.257971: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.257974: | spent 0.442 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.257981: | processing resume sending helper answer for #6 Sep 21 07:25:32.257984: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:32.257986: | crypto helper 0 replies to request ID 9 Sep 21 07:25:32.257988: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:32.257990: | ikev2_child_outI_continue for #6 STATE_V2_REKEY_CHILD_I0 Sep 21 07:25:32.257993: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.257995: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:32.257997: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:32.257999: | event_schedule: new EVENT_SA_REPLACE-pe@0x555cbddca260 Sep 21 07:25:32.258001: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #6 Sep 21 07:25:32.258003: | libevent_malloc: new ptr-libevent@0x555cbdd49c50 size 128 Sep 21 07:25:32.258005: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=4 responder.recv=4 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.258007: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:32.258009: | libevent_malloc: new ptr-libevent@0x7fd388006e20 size 128 Sep 21 07:25:32.258012: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.258014: | #6 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:25:32.258016: | suspending state #6 and saving MD Sep 21 07:25:32.258019: | #6 is busy; has a suspended MD Sep 21 07:25:32.258022: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:32.258024: | "north-eastnets/0x2" #6 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:32.258026: | resume sending helper answer for #6 suppresed complete_v2_state_transition() Sep 21 07:25:32.258029: | #6 spent 0.0426 milliseconds in resume sending helper answer Sep 21 07:25:32.258032: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:32.258034: | libevent_free: release ptr-libevent@0x7fd38c00fd60 Sep 21 07:25:32.258035: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.258039: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:32.258042: | spent 0.00388 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:32.258048: | spent 0.00122 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.258055: | *received 80 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.258056: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258058: | 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.258059: | 45 00 f8 8c 27 05 2b ce 3e e1 3b 99 48 9b 35 11 Sep 21 07:25:32.258061: | 0a 5d b5 d8 23 f5 e1 d4 91 70 e8 98 bb 4d 4f 60 Sep 21 07:25:32.258062: | 8a 01 12 aa a5 c7 c7 fe e5 9c ee 58 aa 4c e6 03 Sep 21 07:25:32.258064: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.258066: | **parse ISAKMP Message: Sep 21 07:25:32.258068: | initiator cookie: Sep 21 07:25:32.258070: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.258071: | responder cookie: Sep 21 07:25:32.258072: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258074: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.258076: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.258077: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.258079: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.258081: | Message ID: 5 (0x5) Sep 21 07:25:32.258082: | length: 80 (0x50) Sep 21 07:25:32.258084: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.258086: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.258088: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:32.258091: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.258093: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.258096: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.258097: | #1 st.st_msgid_lastrecv 4 md.hdr.isa_msgid 00000005 Sep 21 07:25:32.258100: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=4 responder.recv=4 Sep 21 07:25:32.258101: | unpacking clear payload Sep 21 07:25:32.258103: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.258104: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.258106: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.258108: | flags: none (0x0) Sep 21 07:25:32.258110: | length: 52 (0x34) Sep 21 07:25:32.258112: | processing payload: ISAKMP_NEXT_v2SK (len=48) Sep 21 07:25:32.258116: | Message ID: start-responder #1 request 5; ike: initiator.sent=1 initiator.recv=1 responder.sent=4 responder.recv=4 wip.initiator=-1 wip.responder=-1->5 Sep 21 07:25:32.258119: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.258138: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258142: | data for hmac: 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.258147: | data for hmac: 45 00 f8 8c 27 05 2b ce 3e e1 3b 99 48 9b 35 11 Sep 21 07:25:32.258150: | data for hmac: 0a 5d b5 d8 23 f5 e1 d4 91 70 e8 98 bb 4d 4f 60 Sep 21 07:25:32.258153: | calculated auth: 8a 01 12 aa a5 c7 c7 fe e5 9c ee 58 aa 4c e6 03 Sep 21 07:25:32.258157: | provided auth: 8a 01 12 aa a5 c7 c7 fe e5 9c ee 58 aa 4c e6 03 Sep 21 07:25:32.258161: | authenticator matched Sep 21 07:25:32.258173: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.258177: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.258180: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.258183: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.258186: | flags: none (0x0) Sep 21 07:25:32.258189: | length: 12 (0xc) Sep 21 07:25:32.258192: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.258194: | SPI size: 4 (0x4) Sep 21 07:25:32.258197: | number of SPIs: 1 (0x1) Sep 21 07:25:32.258200: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:32.258203: | selected state microcode R2: process INFORMATIONAL Request Sep 21 07:25:32.258206: | Now let's proceed with state specific processing Sep 21 07:25:32.258209: | calling processor R2: process INFORMATIONAL Request Sep 21 07:25:32.258213: | an informational request should send a response Sep 21 07:25:32.258218: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.258222: | **emit ISAKMP Message: Sep 21 07:25:32.258224: | initiator cookie: Sep 21 07:25:32.258227: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.258230: | responder cookie: Sep 21 07:25:32.258232: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258235: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.258238: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.258241: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.258244: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.258247: | Message ID: 5 (0x5) Sep 21 07:25:32.258250: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.258254: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.258260: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.258265: | flags: none (0x0) Sep 21 07:25:32.258269: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.258274: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.258278: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.258284: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:32.258288: | SPI 95 7b 28 d2 Sep 21 07:25:32.258291: | delete PROTO_v2_ESP SA(0x957b28d2) Sep 21 07:25:32.258296: | v2 CHILD SA #5 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R Sep 21 07:25:32.258300: | State DB: found IKEv2 state #5 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:32.258303: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x957b28d2) Sep 21 07:25:32.258307: "north-eastnets/0x2" #1: received Delete SA payload: delete IPsec State #5 now Sep 21 07:25:32.258310: | pstats #5 ikev2.child deleted completed Sep 21 07:25:32.258313: | #5 spent 5.96 milliseconds in total Sep 21 07:25:32.258318: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.258323: | start processing: state #5 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.258326: "north-eastnets/0x2" #5: deleting other state #5 (STATE_V2_IPSEC_R) aged 2.434s and NOT sending notification Sep 21 07:25:32.258328: | child state #5: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:32.258332: | get_sa_info esp.957b28d2@192.1.2.23 Sep 21 07:25:32.258343: | get_sa_info esp.46f5226f@192.1.3.33 Sep 21 07:25:32.258354: "north-eastnets/0x2" #5: ESP traffic information: in=672B out=0B Sep 21 07:25:32.258358: | child state #5: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.258361: | state #5 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.258364: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:32.258367: | free_event_entry: release EVENT_SA_REKEY-pe@0x555cbddc8ae0 Sep 21 07:25:32.258430: | delete esp.957b28d2@192.1.2.23 Sep 21 07:25:32.258461: | netlink response for Del SA esp.957b28d2@192.1.2.23 included non-error error Sep 21 07:25:32.258469: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.258478: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.258491: | raw_eroute result=success Sep 21 07:25:32.258496: | delete esp.46f5226f@192.1.3.33 Sep 21 07:25:32.258520: | netlink response for Del SA esp.46f5226f@192.1.3.33 included non-error error Sep 21 07:25:32.258524: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:32.258528: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:25:32.258531: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.258545: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.258550: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.258560: | ****emit IKEv2 Delete Payload: Sep 21 07:25:32.258566: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.258569: | flags: none (0x0) Sep 21 07:25:32.258572: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.258575: | SPI size: 4 (0x4) Sep 21 07:25:32.258578: | number of SPIs: 1 (0x1) Sep 21 07:25:32.258582: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:32.258586: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.258590: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:32.258593: | local SPIs 46 f5 22 6f Sep 21 07:25:32.258596: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:32.258602: | adding 4 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.258608: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.258612: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.258616: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.258619: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.258623: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.258626: | emitting length of IKEv2 Encryption Payload: 52 Sep 21 07:25:32.258629: | emitting length of ISAKMP Message: 80 Sep 21 07:25:32.258655: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258660: | data being hmac: 2e 20 25 20 00 00 00 05 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.258663: | data being hmac: 74 2b bc 87 cd 2a d6 83 f5 27 01 e3 7a 62 91 1a Sep 21 07:25:32.258666: | data being hmac: 79 1c 8a c8 0f 09 8d 62 c3 95 85 22 91 19 06 51 Sep 21 07:25:32.258669: | out calculated auth: Sep 21 07:25:32.258671: | d4 94 a1 ec 8c ba 68 c1 ba fa 39 1d d8 5c 58 96 Sep 21 07:25:32.258680: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.258683: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258686: | 2e 20 25 20 00 00 00 05 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.258689: | 74 2b bc 87 cd 2a d6 83 f5 27 01 e3 7a 62 91 1a Sep 21 07:25:32.258692: | 79 1c 8a c8 0f 09 8d 62 c3 95 85 22 91 19 06 51 Sep 21 07:25:32.258700: | d4 94 a1 ec 8c ba 68 c1 ba fa 39 1d d8 5c 58 96 Sep 21 07:25:32.258728: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=4 responder.recv=4 wip.initiator=-1 wip.responder=5 Sep 21 07:25:32.258735: | Message ID: sent #1 response 5; ike: initiator.sent=1 initiator.recv=1 responder.sent=4->5 responder.recv=4 wip.initiator=-1 wip.responder=5 Sep 21 07:25:32.258741: | #1 spent 0.511 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:32.258747: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.258751: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Sep 21 07:25:32.258754: | Message ID: updating counters for #1 to 5 after switching state Sep 21 07:25:32.258759: | Message ID: recv #1 request 5; ike: initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=4->5 wip.initiator=-1 wip.responder=5->-1 Sep 21 07:25:32.258763: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.258768: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.258771: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:32.258775: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:32.258778: "north-eastnets/0x2" #1: STATE_PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.258791: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.258799: | #1 spent 0.726 milliseconds in ikev2_process_packet() Sep 21 07:25:32.258804: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.258808: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.258810: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.258815: | spent 0.742 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.258819: | timer_event_cb: processing event@0x555cbddca3a0 Sep 21 07:25:32.258822: | handling event EVENT_SA_REPLACE for child state #4 Sep 21 07:25:32.258827: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.258831: | picked newest_ipsec_sa #4 for #4 Sep 21 07:25:32.258834: | replacing stale CHILD SA Sep 21 07:25:32.258838: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:32.258841: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.258845: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:32.258849: | creating state object #7 at 0x555cbddd1850 Sep 21 07:25:32.258852: | State DB: adding IKEv2 state #7 in UNDEFINED Sep 21 07:25:32.258855: | pstats #7 ikev2.child started Sep 21 07:25:32.258858: | duplicating state object #1 "north-eastnets/0x2" as #7 for IPSEC SA Sep 21 07:25:32.258863: | #7 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:32.258869: | Message ID: init_child #1.#7; ike: initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.258872: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:32.258877: | suspend processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:32.258882: | start processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:32.258887: | child state #7: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:32.258895: | using existing local ESP/AH proposals for north-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:25:32.258900: | #7 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #4 using IKE# 1 pfs=MODP3072 Sep 21 07:25:32.258903: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x555cbddc8ae0 Sep 21 07:25:32.258907: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #7 Sep 21 07:25:32.258909: | libevent_malloc: new ptr-libevent@0x7fd38c00fd60 size 128 Sep 21 07:25:32.258915: | RESET processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:32.258918: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fd394002b20 Sep 21 07:25:32.258921: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 Sep 21 07:25:32.258924: | libevent_malloc: new ptr-libevent@0x7fd394006b50 size 128 Sep 21 07:25:32.258927: | libevent_free: release ptr-libevent@0x7fd390005780 Sep 21 07:25:32.258930: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555cbddca3a0 Sep 21 07:25:32.258934: | #4 spent 0.113 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:32.258937: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.258940: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:32.258944: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:32.258950: | Message ID: #1.#6 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.258955: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:32.258959: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:32.258964: | **emit ISAKMP Message: Sep 21 07:25:32.258967: | initiator cookie: Sep 21 07:25:32.258969: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.258972: | responder cookie: Sep 21 07:25:32.258974: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.258977: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.258980: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.258982: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:32.258985: | flags: none (0x0) Sep 21 07:25:32.258988: | Message ID: 2 (0x2) Sep 21 07:25:32.258991: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.258994: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.258996: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.258999: | flags: none (0x0) Sep 21 07:25:32.259002: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.259004: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.259007: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.259024: | netlink_get_spi: allocated 0x5efc04e3 for esp.0@192.1.3.33 Sep 21 07:25:32.259027: | Emitting ikev2_proposals ... Sep 21 07:25:32.259029: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:32.259032: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.259034: | flags: none (0x0) Sep 21 07:25:32.259038: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:32.259040: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.259045: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.259048: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.259050: | prop #: 1 (0x1) Sep 21 07:25:32.259053: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.259055: | spi size: 4 (0x4) Sep 21 07:25:32.259057: | # transforms: 4 (0x4) Sep 21 07:25:32.259060: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.259063: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:32.259065: | our spi 5e fc 04 e3 Sep 21 07:25:32.259068: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.259070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.259073: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.259076: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.259078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.259081: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.259084: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.259086: | length/value: 128 (0x80) Sep 21 07:25:32.259089: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.259091: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.259094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.259096: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.259099: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.259102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.259105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.259107: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.259110: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.259112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.259115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.259117: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.259120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.259123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.259126: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.259128: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.259130: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.259133: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.259135: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.259138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.259141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.259143: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.259145: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:32.259148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.259151: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:25:32.259154: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:32.259157: "north-eastnets/0x2" #6: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:25:32.259160: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:25:32.259167: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.259171: | #6 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:25:32.259232: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:25:32.259243: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:32.259249: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:32.259256: | #1 spent 0.303 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:32.259262: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:32.259266: | libevent_free: release ptr-libevent@0x7fd388006e20 Sep 21 07:25:32.259275: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:32.259283: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:32.259290: | #1 spent 0.000956 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:32.259296: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:32.259300: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:32.259304: | timer_event_cb: processing event@0x555cbddc8ae0 Sep 21 07:25:32.259308: | handling event EVENT_v2_INITIATE_CHILD for child state #7 Sep 21 07:25:32.259314: | start processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.259320: | adding Child Rekey Initiator KE and nonce ni work-order 10 for state #7 Sep 21 07:25:32.259323: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca3a0 Sep 21 07:25:32.259328: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Sep 21 07:25:32.259331: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:32.259339: | libevent_free: release ptr-libevent@0x7fd38c00fd60 Sep 21 07:25:32.259343: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x555cbddc8ae0 Sep 21 07:25:32.259348: | #7 spent 0.0426 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:32.259356: | stop processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.259362: | timer_event_cb: processing event@0x7fd394002b20 Sep 21 07:25:32.259366: | handling event EVENT_SA_EXPIRE for child state #4 Sep 21 07:25:32.259370: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.259374: | picked newest_ipsec_sa #4 for #4 Sep 21 07:25:32.259376: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:32.259379: | pstats #4 ikev2.child re-failed exchange-timeout Sep 21 07:25:32.259382: | pstats #4 ikev2.child deleted completed Sep 21 07:25:32.259386: | #4 spent 5.22 milliseconds in total Sep 21 07:25:32.259390: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.259394: "north-eastnets/0x1" #4: deleting state (STATE_V2_IPSEC_I) aged 2.466s and NOT sending notification Sep 21 07:25:32.259398: | child state #4: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:32.259402: | get_sa_info esp.709ab278@192.1.2.23 Sep 21 07:25:32.259414: | get_sa_info esp.53e891ee@192.1.3.33 Sep 21 07:25:32.259423: "north-eastnets/0x1" #4: ESP traffic information: in=0B out=0B Sep 21 07:25:32.259427: | child state #4: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.259479: | crypto helper 5 resuming Sep 21 07:25:32.259488: | crypto helper 5 starting work-order 10 for state #7 Sep 21 07:25:32.259497: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 10 Sep 21 07:25:32.260224: | running updown command "ipsec _updown" for verb down Sep 21 07:25:32.260233: | command executing down-client Sep 21 07:25:32.260259: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050729' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n Sep 21 07:25:32.260262: | popen cmd is 1052 chars long Sep 21 07:25:32.260265: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Sep 21 07:25:32.260267: | cmd( 80):1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Sep 21 07:25:32.260270: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:25:32.260272: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:32.260275: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:32.260277: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:32.260279: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:32.260282: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050729' PLUTO_CONN_POLICY=': Sep 21 07:25:32.260284: | cmd( 640):RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Sep 21 07:25:32.260287: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:25:32.260289: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:25:32.260291: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:25:32.260294: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x709ab278 SPI_OUT=0x53e891ee ipsec : Sep 21 07:25:32.260296: | cmd(1040):_updown 2>&1: Sep 21 07:25:32.262916: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 10 time elapsed 0.003416 seconds Sep 21 07:25:32.262940: | (#7) spent 2.67 milliseconds in crypto helper computing work-order 10: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:32.262946: | crypto helper 5 sending results from work-order 10 for state #7 to event queue Sep 21 07:25:32.262950: | scheduling resume sending helper answer for #7 Sep 21 07:25:32.262955: | libevent_malloc: new ptr-libevent@0x7fd3840097c0 size 128 Sep 21 07:25:32.262964: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:32.269765: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:32.269780: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:32.269790: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.269796: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:32.269928: | delete esp.709ab278@192.1.2.23 Sep 21 07:25:32.270065: | netlink response for Del SA esp.709ab278@192.1.2.23 included non-error error Sep 21 07:25:32.270072: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.270099: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.270490: | raw_eroute result=success Sep 21 07:25:32.270498: | delete esp.53e891ee@192.1.3.33 Sep 21 07:25:32.270525: | netlink response for Del SA esp.53e891ee@192.1.3.33 included non-error error Sep 21 07:25:32.270531: | in connection_discard for connection north-eastnets/0x1 Sep 21 07:25:32.270534: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:25:32.270539: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.270561: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.270570: | State DB: found IKEv2 state #7 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:32.270573: | can't expire unused IKE SA #1; it has the child #7 Sep 21 07:25:32.270578: | libevent_free: release ptr-libevent@0x7fd394006b50 Sep 21 07:25:32.270582: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fd394002b20 Sep 21 07:25:32.270585: | in statetime_stop() and could not find #4 Sep 21 07:25:32.270588: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.270601: | processing resume sending helper answer for #7 Sep 21 07:25:32.270607: | start processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:32.270612: | crypto helper 5 replies to request ID 10 Sep 21 07:25:32.270614: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:32.270618: | ikev2_child_outI_continue for #7 STATE_V2_REKEY_CHILD_I0 Sep 21 07:25:32.270622: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.270624: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:32.270627: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca3a0 Sep 21 07:25:32.270631: | event_schedule: new EVENT_SA_REPLACE-pe@0x555cbddca3a0 Sep 21 07:25:32.270635: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #7 Sep 21 07:25:32.270639: | libevent_malloc: new ptr-libevent@0x7fd384005780 size 128 Sep 21 07:25:32.270645: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.270648: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:32.270650: | libevent_malloc: new ptr-libevent@0x7fd394006b50 size 128 Sep 21 07:25:32.270656: | [RE]START processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.270660: | #7 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:25:32.270926: | suspending state #7 and saving MD Sep 21 07:25:32.270935: | #7 is busy; has a suspended MD Sep 21 07:25:32.270941: | [RE]START processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:32.270945: | "north-eastnets/0x1" #7 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:32.270949: | resume sending helper answer for #7 suppresed complete_v2_state_transition() Sep 21 07:25:32.270956: | #7 spent 0.0822 milliseconds in resume sending helper answer Sep 21 07:25:32.270962: | stop processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:32.270965: | libevent_free: release ptr-libevent@0x7fd3840097c0 Sep 21 07:25:32.270968: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.270974: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:32.270978: | spent 0.00552 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:32.270983: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:32.270992: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:32.270998: | Message ID: #1.#7 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.271003: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:32.271008: | start processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:32.271013: | **emit ISAKMP Message: Sep 21 07:25:32.271017: | initiator cookie: Sep 21 07:25:32.271019: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.271021: | responder cookie: Sep 21 07:25:32.271024: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.271027: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.271029: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.271032: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:32.271035: | flags: none (0x0) Sep 21 07:25:32.271038: | Message ID: 2 (0x2) Sep 21 07:25:32.271041: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.271044: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.271047: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.271049: | flags: none (0x0) Sep 21 07:25:32.271052: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.271055: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.271059: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.271078: | netlink_get_spi: allocated 0x21f753f0 for esp.0@192.1.3.33 Sep 21 07:25:32.271081: | Emitting ikev2_proposals ... Sep 21 07:25:32.271083: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:32.271086: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.271088: | flags: none (0x0) Sep 21 07:25:32.271092: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:32.271095: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.271098: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.271100: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.271103: | prop #: 1 (0x1) Sep 21 07:25:32.271105: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.271108: | spi size: 4 (0x4) Sep 21 07:25:32.271110: | # transforms: 4 (0x4) Sep 21 07:25:32.271118: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.271121: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:32.271124: | our spi 21 f7 53 f0 Sep 21 07:25:32.271126: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.271129: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.271132: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.271135: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.271138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.271141: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.271143: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.271146: | length/value: 128 (0x80) Sep 21 07:25:32.271149: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.271151: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.271154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.271156: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.271161: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.271164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.271167: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.271169: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.271172: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.271174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.271177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.271180: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.271183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.271186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.271188: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.271191: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.271193: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.271196: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.271198: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.271201: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.271204: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.271207: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.271209: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:32.271212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.271215: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:25:32.271217: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:32.271221: "north-eastnets/0x1" #7: CHILD SA to rekey #4 vanished abort this exchange Sep 21 07:25:32.271224: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:25:32.271229: | [RE]START processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.271232: | #7 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:25:32.271379: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:25:32.271388: | stop processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:32.271393: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:32.271398: | #1 spent 0.319 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:32.271403: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:32.271406: | libevent_free: release ptr-libevent@0x7fd394006b50 Sep 21 07:25:32.273037: | spent 0.0022 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.273056: | *received 80 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.273060: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.273062: | 2e 20 25 08 00 00 00 06 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.273065: | a6 e0 00 27 88 fc 76 45 06 51 e0 47 76 6a 32 e1 Sep 21 07:25:32.273067: | a4 82 27 f4 f4 e8 9a 2a 12 b7 90 a7 dc d1 df 0f Sep 21 07:25:32.273069: | bc 9f 31 1a f4 04 6a 7a f9 fe 34 73 67 94 71 a1 Sep 21 07:25:32.273076: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.273081: | **parse ISAKMP Message: Sep 21 07:25:32.273083: | initiator cookie: Sep 21 07:25:32.273086: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.273088: | responder cookie: Sep 21 07:25:32.273090: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.273093: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.273096: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.273098: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.273300: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.273392: | Message ID: 6 (0x6) Sep 21 07:25:32.273396: | length: 80 (0x50) Sep 21 07:25:32.273400: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.273404: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.273408: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:32.273415: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.273419: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.273424: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.273427: | #1 st.st_msgid_lastrecv 5 md.hdr.isa_msgid 00000006 Sep 21 07:25:32.273432: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 Sep 21 07:25:32.273434: | unpacking clear payload Sep 21 07:25:32.273437: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.273440: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.273443: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.273446: | flags: none (0x0) Sep 21 07:25:32.273448: | length: 52 (0x34) Sep 21 07:25:32.273450: | processing payload: ISAKMP_NEXT_v2SK (len=48) Sep 21 07:25:32.273455: | Message ID: start-responder #1 request 6; ike: initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=-1->6 Sep 21 07:25:32.273458: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.273485: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.273488: | data for hmac: 2e 20 25 08 00 00 00 06 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.273490: | data for hmac: a6 e0 00 27 88 fc 76 45 06 51 e0 47 76 6a 32 e1 Sep 21 07:25:32.273493: | data for hmac: a4 82 27 f4 f4 e8 9a 2a 12 b7 90 a7 dc d1 df 0f Sep 21 07:25:32.273495: | calculated auth: bc 9f 31 1a f4 04 6a 7a f9 fe 34 73 67 94 71 a1 Sep 21 07:25:32.273498: | provided auth: bc 9f 31 1a f4 04 6a 7a f9 fe 34 73 67 94 71 a1 Sep 21 07:25:32.273500: | authenticator matched Sep 21 07:25:32.273511: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.273514: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.273517: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.273520: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.273522: | flags: none (0x0) Sep 21 07:25:32.273525: | length: 12 (0xc) Sep 21 07:25:32.273527: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.273529: | SPI size: 4 (0x4) Sep 21 07:25:32.273532: | number of SPIs: 1 (0x1) Sep 21 07:25:32.273535: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:32.273537: | selected state microcode R2: process INFORMATIONAL Request Sep 21 07:25:32.273540: | Now let's proceed with state specific processing Sep 21 07:25:32.273542: | calling processor R2: process INFORMATIONAL Request Sep 21 07:25:32.273546: | an informational request should send a response Sep 21 07:25:32.273551: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.273555: | **emit ISAKMP Message: Sep 21 07:25:32.273557: | initiator cookie: Sep 21 07:25:32.273562: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.273565: | responder cookie: Sep 21 07:25:32.273567: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.273569: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.273572: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.273574: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.273577: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.273580: | Message ID: 6 (0x6) Sep 21 07:25:32.273582: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.273585: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.273587: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.273590: | flags: none (0x0) Sep 21 07:25:32.273593: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.273596: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.273599: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.273605: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:32.273608: | SPI a8 c7 19 18 Sep 21 07:25:32.273610: | delete PROTO_v2_ESP SA(0xa8c71918) Sep 21 07:25:32.273613: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R Sep 21 07:25:32.273616: | State DB: found IKEv2 state #2 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:32.273619: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xa8c71918) Sep 21 07:25:32.273622: "north-eastnets/0x2" #1: received Delete SA payload: delete IPsec State #2 now Sep 21 07:25:32.273625: | pstats #2 ikev2.child deleted completed Sep 21 07:25:32.273630: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.273634: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.273638: "north-eastnets/0x1" #2: deleting other state #2 connection (STATE_V2_IPSEC_R) "north-eastnets/0x1" aged 2.519s and NOT sending notification Sep 21 07:25:32.273641: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:32.273645: | get_sa_info esp.a8c71918@192.1.2.23 Sep 21 07:25:32.273728: | get_sa_info esp.c9118a85@192.1.3.33 Sep 21 07:25:32.273740: "north-eastnets/0x1" #2: ESP traffic information: in=840B out=840B Sep 21 07:25:32.273744: | child state #2: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.273747: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.273751: | libevent_free: release ptr-libevent@0x555cbddcb900 Sep 21 07:25:32.273754: | free_event_entry: release EVENT_SA_REKEY-pe@0x555cbddca060 Sep 21 07:25:32.273971: | delete esp.a8c71918@192.1.2.23 Sep 21 07:25:32.274000: | netlink response for Del SA esp.a8c71918@192.1.2.23 included non-error error Sep 21 07:25:32.274004: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.274013: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.274027: | raw_eroute result=success Sep 21 07:25:32.274031: | delete esp.c9118a85@192.1.3.33 Sep 21 07:25:32.274057: | netlink response for Del SA esp.c9118a85@192.1.3.33 included non-error error Sep 21 07:25:32.274062: | in connection_discard for connection north-eastnets/0x1 Sep 21 07:25:32.274066: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:32.274070: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.274075: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.274082: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.274087: | ****emit IKEv2 Delete Payload: Sep 21 07:25:32.274092: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.274095: | flags: none (0x0) Sep 21 07:25:32.274098: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.274101: | SPI size: 4 (0x4) Sep 21 07:25:32.274104: | number of SPIs: 1 (0x1) Sep 21 07:25:32.274109: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:32.274113: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.274117: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:32.274119: | local SPIs c9 11 8a 85 Sep 21 07:25:32.274122: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:32.274124: | adding 4 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.274127: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274128: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274130: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274132: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274134: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.274135: | emitting length of IKEv2 Encryption Payload: 52 Sep 21 07:25:32.274137: | emitting length of ISAKMP Message: 80 Sep 21 07:25:32.274157: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274159: | data being hmac: 2e 20 25 20 00 00 00 06 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.274162: | data being hmac: a3 21 50 5a 4f 81 db 19 2b 52 b7 05 55 46 10 81 Sep 21 07:25:32.274167: | data being hmac: d8 47 c0 2e 0b a5 c2 c1 9a 78 58 97 73 20 43 c5 Sep 21 07:25:32.274169: | out calculated auth: Sep 21 07:25:32.274172: | b0 a8 98 25 da 54 aa b6 87 37 1c 05 fe 67 48 7e Sep 21 07:25:32.274179: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.274182: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274184: | 2e 20 25 20 00 00 00 06 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.274186: | a3 21 50 5a 4f 81 db 19 2b 52 b7 05 55 46 10 81 Sep 21 07:25:32.274189: | d8 47 c0 2e 0b a5 c2 c1 9a 78 58 97 73 20 43 c5 Sep 21 07:25:32.274191: | b0 a8 98 25 da 54 aa b6 87 37 1c 05 fe 67 48 7e Sep 21 07:25:32.274222: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=5 responder.recv=5 wip.initiator=-1 wip.responder=6 Sep 21 07:25:32.274228: | Message ID: sent #1 response 6; ike: initiator.sent=1 initiator.recv=1 responder.sent=5->6 responder.recv=5 wip.initiator=-1 wip.responder=6 Sep 21 07:25:32.274235: | #1 spent 0.446 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:32.274241: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.274245: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Sep 21 07:25:32.274248: | Message ID: updating counters for #1 to 6 after switching state Sep 21 07:25:32.274252: | Message ID: recv #1 request 6; ike: initiator.sent=1 initiator.recv=1 responder.sent=6 responder.recv=5->6 wip.initiator=-1 wip.responder=6->-1 Sep 21 07:25:32.274257: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=6 responder.recv=6 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.274260: "north-eastnets/0x2" #1: STATE_PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.274265: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.274273: | #1 spent 0.705 milliseconds in ikev2_process_packet() Sep 21 07:25:32.274277: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.274281: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.274284: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.274288: | spent 0.721 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.274299: | spent 0.00176 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.274308: | *received 80 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.274311: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274314: | 2e 20 25 08 00 00 00 07 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.274316: | 7e ad ef 62 4b 01 cd e4 ae 9c 56 5e 69 8f b8 38 Sep 21 07:25:32.274318: | 7f 8f 0d 4c 2d 23 19 95 c0 ad 7d 27 08 08 3b b2 Sep 21 07:25:32.274320: | c3 81 21 a1 c0 89 d3 01 ea a6 b9 72 3f 9d c8 e3 Sep 21 07:25:32.274324: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.274327: | **parse ISAKMP Message: Sep 21 07:25:32.274330: | initiator cookie: Sep 21 07:25:32.274332: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.274335: | responder cookie: Sep 21 07:25:32.274337: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274339: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.274342: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.274345: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.274347: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.274350: | Message ID: 7 (0x7) Sep 21 07:25:32.274353: | length: 80 (0x50) Sep 21 07:25:32.274355: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.274359: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.274362: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:25:32.274367: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.274370: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.274375: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.274378: | #1 st.st_msgid_lastrecv 6 md.hdr.isa_msgid 00000007 Sep 21 07:25:32.274381: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=6 responder.recv=6 Sep 21 07:25:32.274384: | unpacking clear payload Sep 21 07:25:32.274386: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.274389: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.274392: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.274395: | flags: none (0x0) Sep 21 07:25:32.274397: | length: 52 (0x34) Sep 21 07:25:32.274399: | processing payload: ISAKMP_NEXT_v2SK (len=48) Sep 21 07:25:32.274404: | Message ID: start-responder #1 request 7; ike: initiator.sent=1 initiator.recv=1 responder.sent=6 responder.recv=6 wip.initiator=-1 wip.responder=-1->7 Sep 21 07:25:32.274407: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:25:32.274427: | data for hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274431: | data for hmac: 2e 20 25 08 00 00 00 07 00 00 00 50 2a 00 00 34 Sep 21 07:25:32.274433: | data for hmac: 7e ad ef 62 4b 01 cd e4 ae 9c 56 5e 69 8f b8 38 Sep 21 07:25:32.274435: | data for hmac: 7f 8f 0d 4c 2d 23 19 95 c0 ad 7d 27 08 08 3b b2 Sep 21 07:25:32.274438: | calculated auth: c3 81 21 a1 c0 89 d3 01 ea a6 b9 72 3f 9d c8 e3 Sep 21 07:25:32.274440: | provided auth: c3 81 21 a1 c0 89 d3 01 ea a6 b9 72 3f 9d c8 e3 Sep 21 07:25:32.274442: | authenticator matched Sep 21 07:25:32.274450: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.274455: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.274458: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.274461: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.274463: | flags: none (0x0) Sep 21 07:25:32.274465: | length: 8 (0x8) Sep 21 07:25:32.274468: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:32.274470: | SPI size: 0 (0x0) Sep 21 07:25:32.274473: | number of SPIs: 0 (0x0) Sep 21 07:25:32.274475: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:32.274477: | selected state microcode R2: process INFORMATIONAL Request Sep 21 07:25:32.274480: | Now let's proceed with state specific processing Sep 21 07:25:32.274482: | calling processor R2: process INFORMATIONAL Request Sep 21 07:25:32.274485: | an informational request should send a response Sep 21 07:25:32.274489: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.274492: | **emit ISAKMP Message: Sep 21 07:25:32.274495: | initiator cookie: Sep 21 07:25:32.274497: | 33 11 ba a4 2b a3 9d 88 Sep 21 07:25:32.274499: | responder cookie: Sep 21 07:25:32.274501: | a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274504: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.274506: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.274509: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.274512: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.274514: | Message ID: 7 (0x7) Sep 21 07:25:32.274516: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.274519: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.274522: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.274524: | flags: none (0x0) Sep 21 07:25:32.274527: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.274530: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.274533: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.274538: | adding 16 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.274542: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274544: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274547: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274550: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274552: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274554: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274557: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274560: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274562: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274564: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274567: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274569: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274572: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274575: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274578: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274580: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.274585: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.274588: | emitting length of IKEv2 Encryption Payload: 52 Sep 21 07:25:32.274590: | emitting length of ISAKMP Message: 80 Sep 21 07:25:32.274612: | data being hmac: 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274615: | data being hmac: 2e 20 25 20 00 00 00 07 00 00 00 50 00 00 00 34 Sep 21 07:25:32.274618: | data being hmac: 7a a3 12 45 7f 69 0e 46 5a 98 d6 32 4e 14 56 6e Sep 21 07:25:32.274620: | data being hmac: c7 65 2c c4 8f 35 f8 e4 54 0a ce fd cc c5 b8 9f Sep 21 07:25:32.274622: | out calculated auth: Sep 21 07:25:32.274625: | a1 b8 29 ab 0b b4 2e 51 33 46 b2 9f 11 b7 3a 6c Sep 21 07:25:32.274632: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.274634: | 33 11 ba a4 2b a3 9d 88 a7 b7 d4 22 04 b0 8e d1 Sep 21 07:25:32.274637: | 2e 20 25 20 00 00 00 07 00 00 00 50 00 00 00 34 Sep 21 07:25:32.274639: | 7a a3 12 45 7f 69 0e 46 5a 98 d6 32 4e 14 56 6e Sep 21 07:25:32.274641: | c7 65 2c c4 8f 35 f8 e4 54 0a ce fd cc c5 b8 9f Sep 21 07:25:32.274643: | a1 b8 29 ab 0b b4 2e 51 33 46 b2 9f 11 b7 3a 6c Sep 21 07:25:32.274666: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=6 responder.recv=6 wip.initiator=-1 wip.responder=7 Sep 21 07:25:32.274672: | Message ID: sent #1 response 7; ike: initiator.sent=1 initiator.recv=1 responder.sent=6->7 responder.recv=6 wip.initiator=-1 wip.responder=7 Sep 21 07:25:32.274676: | child state #7: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.274679: | pstats #7 ikev2.child deleted other Sep 21 07:25:32.274682: | #7 spent 2.8 milliseconds in total Sep 21 07:25:32.274687: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.274692: | start processing: state #7 connection "north-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.274695: "north-eastnets/0x1" #7: deleting other state #7 connection (STATE_CHILDSA_DEL) "north-eastnets/0x1" aged 0.015s and NOT sending notification Sep 21 07:25:32.274699: | child state #7: CHILDSA_DEL(informational) => delete Sep 21 07:25:32.274702: | state #7 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:32.274705: | libevent_free: release ptr-libevent@0x7fd384005780 Sep 21 07:25:32.274708: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555cbddca3a0 Sep 21 07:25:32.274712: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.274718: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.274730: | raw_eroute result=success Sep 21 07:25:32.274734: | in connection_discard for connection north-eastnets/0x1 Sep 21 07:25:32.274736: | State DB: deleting IKEv2 state #7 in CHILDSA_DEL Sep 21 07:25:32.274740: | child state #7: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.274752: | stop processing: state #7 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.274757: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.274761: | child state #6: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.274764: | pstats #6 ikev2.child deleted other Sep 21 07:25:32.274767: | #6 spent 1.66 milliseconds in total Sep 21 07:25:32.274771: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.274776: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.274780: "north-eastnets/0x2" #6: deleting other state #6 (STATE_CHILDSA_DEL) aged 0.032s and NOT sending notification Sep 21 07:25:32.274789: | child state #6: CHILDSA_DEL(informational) => delete Sep 21 07:25:32.274795: | state #6 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:32.274798: | libevent_free: release ptr-libevent@0x555cbdd49c50 Sep 21 07:25:32.274801: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555cbddca260 Sep 21 07:25:32.274804: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.274811: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.274822: | raw_eroute result=success Sep 21 07:25:32.274825: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:32.274828: | State DB: deleting IKEv2 state #6 in CHILDSA_DEL Sep 21 07:25:32.274830: | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.274842: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.274847: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.274851: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:32.274854: | parent state #1: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:32.274857: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:32.274861: | #1 spent 19.4 milliseconds in total Sep 21 07:25:32.274865: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.274869: "north-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 2.538s and NOT sending notification Sep 21 07:25:32.274872: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:32.274933: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.274940: | libevent_free: release ptr-libevent@0x555cbddc06f0 Sep 21 07:25:32.274944: | free_event_entry: release EVENT_SA_REKEY-pe@0x555cbddc0870 Sep 21 07:25:32.274948: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:32.274951: | picked newest_isakmp_sa #0 for #1 Sep 21 07:25:32.274954: "north-eastnets/0x2" #1: deleting IKE SA for connection 'north-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:32.274958: | add revival: connection 'north-eastnets/0x2' added to the list and scheduled for 0 seconds Sep 21 07:25:32.274962: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:25:32.274966: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:32.274969: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:32.274973: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:32.274977: | unreference key: 0x555cbdd226c0 @east cnt 2-- Sep 21 07:25:32.274990: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.275006: | in statetime_stop() and could not find #1 Sep 21 07:25:32.275013: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.275017: | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK Sep 21 07:25:32.275020: | STF_OK but no state object remains Sep 21 07:25:32.275023: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.275026: | in statetime_stop() and could not find #1 Sep 21 07:25:32.275030: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.275033: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.275036: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.275041: | spent 0.72 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.275047: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:25:32.275050: Initiating connection north-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:25:32.275058: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:32.275063: | start processing: connection "north-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:32.275066: | connection 'north-eastnets/0x2' +POLICY_UP Sep 21 07:25:32.275069: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:32.275072: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.275080: | creating state object #8 at 0x555cbddd1850 Sep 21 07:25:32.275083: | State DB: adding IKEv2 state #8 in UNDEFINED Sep 21 07:25:32.275089: | pstats #8 ikev2.ike started Sep 21 07:25:32.275093: | Message ID: init #8: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:32.275096: | parent state #8: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:32.275101: | Message ID: init_ike #8; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.275107: | suspend processing: connection "north-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:32.275112: | start processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:32.275115: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:32.275119: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-eastnets/0x2" IKE SA #8 "north-eastnets/0x2" Sep 21 07:25:32.275123: "north-eastnets/0x2" #8: initiating v2 parent SA Sep 21 07:25:32.275130: | using existing local IKE proposals for connection north-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:32.275134: | adding ikev2_outI1 KE work-order 11 for state #8 Sep 21 07:25:32.275137: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:32.275141: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8 Sep 21 07:25:32.275144: | libevent_malloc: new ptr-libevent@0x7fd394006b50 size 128 Sep 21 07:25:32.275156: | #8 spent 0.0923 milliseconds in ikev2_parent_outI1() Sep 21 07:25:32.275159: | crypto helper 3 resuming Sep 21 07:25:32.275161: | RESET processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:32.275171: | crypto helper 3 starting work-order 11 for state #8 Sep 21 07:25:32.275178: | RESET processing: connection "north-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:32.275185: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 11 Sep 21 07:25:32.275188: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:32.275194: | spent 0.136 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:25:32.275985: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 11 time elapsed 0.000799 seconds Sep 21 07:25:32.275996: | (#8) spent 0.806 milliseconds in crypto helper computing work-order 11: ikev2_outI1 KE (pcr) Sep 21 07:25:32.275999: | crypto helper 3 sending results from work-order 11 for state #8 to event queue Sep 21 07:25:32.276001: | scheduling resume sending helper answer for #8 Sep 21 07:25:32.276003: | libevent_malloc: new ptr-libevent@0x7fd390005fe0 size 128 Sep 21 07:25:32.276011: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:32.276018: | processing resume sending helper answer for #8 Sep 21 07:25:32.276026: | start processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:32.276030: | crypto helper 3 replies to request ID 11 Sep 21 07:25:32.276032: | calling continuation function 0x555cbc3b0630 Sep 21 07:25:32.276034: | ikev2_parent_outI1_continue for #8 Sep 21 07:25:32.276040: | **emit ISAKMP Message: Sep 21 07:25:32.276042: | initiator cookie: Sep 21 07:25:32.276044: | e9 08 b0 33 40 8d 7c 8b Sep 21 07:25:32.276052: | responder cookie: Sep 21 07:25:32.276054: | 00 00 00 00 00 00 00 00 Sep 21 07:25:32.276057: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.276059: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.276061: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:32.276064: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.276066: | Message ID: 0 (0x0) Sep 21 07:25:32.276069: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.276076: | using existing local IKE proposals for connection north-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:25:32.276078: | Emitting ikev2_proposals ... Sep 21 07:25:32.276080: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:32.276083: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.276085: | flags: none (0x0) Sep 21 07:25:32.276088: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:32.276091: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.276094: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.276096: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.276099: | prop #: 1 (0x1) Sep 21 07:25:32.276101: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.276103: | spi size: 0 (0x0) Sep 21 07:25:32.276105: | # transforms: 4 (0x4) Sep 21 07:25:32.276108: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.276111: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.276113: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.276115: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.276118: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.276120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.276123: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.276126: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.276128: | length/value: 256 (0x100) Sep 21 07:25:32.276130: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.276133: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.276135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.276137: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.276140: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.276143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.276145: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.276148: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.276150: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.276152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.276154: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.276157: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.276159: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.276162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.276164: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.276167: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.276169: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.276172: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.276175: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.276177: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.276180: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.276182: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.276185: | emitting length of IKEv2 Proposal Substructure Payload: 44 Sep 21 07:25:32.276187: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.276190: | emitting length of IKEv2 Security Association Payload: 48 Sep 21 07:25:32.276192: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:32.276194: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:32.276197: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.276199: | flags: none (0x0) Sep 21 07:25:32.276201: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.276204: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:32.276207: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.276210: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:32.276212: | ikev2 g^x a9 bb 6f 37 25 3f da c0 e9 ee 30 fc e2 e1 8a 31 Sep 21 07:25:32.276214: | ikev2 g^x f8 7f 7f 87 3e 0a f3 73 ee 93 b2 2b b9 31 25 24 Sep 21 07:25:32.276217: | ikev2 g^x 76 7c 2e a3 dc 9a 59 ee 5c f7 cc fd 1a c9 8f 23 Sep 21 07:25:32.276219: | ikev2 g^x 05 bf 27 fb c5 74 6d 88 84 4a be f0 0a 20 1d 18 Sep 21 07:25:32.276221: | ikev2 g^x 8c 27 a7 1b b0 02 57 2a b8 58 4e bf ba 71 5f e8 Sep 21 07:25:32.276223: | ikev2 g^x 17 42 76 5a b4 60 67 cd a5 77 54 bc 86 e5 6b 21 Sep 21 07:25:32.276225: | ikev2 g^x 13 f8 b7 d5 ac 19 bb fc 7f e1 04 59 47 30 2d c2 Sep 21 07:25:32.276227: | ikev2 g^x 41 0d c6 84 16 23 43 54 3b 47 95 08 e3 da 45 8f Sep 21 07:25:32.276229: | ikev2 g^x d5 7e a7 5a 06 d6 1d 5e 64 59 97 29 88 91 6e 6d Sep 21 07:25:32.276232: | ikev2 g^x 9f 93 17 31 9e b3 08 a9 22 8b bd 7d ae a8 98 1b Sep 21 07:25:32.276234: | ikev2 g^x 46 6d 1d ac 9b c4 8f 71 ce 73 75 6e 9b 01 58 83 Sep 21 07:25:32.276236: | ikev2 g^x 78 3b 9b 96 54 a3 4c 8f 86 99 79 65 96 78 8a a1 Sep 21 07:25:32.276238: | ikev2 g^x e5 12 f0 68 89 c7 90 0c a7 8c 2f d5 d9 50 89 a7 Sep 21 07:25:32.276240: | ikev2 g^x cb b2 5d 39 ec ee 4b f0 2a 50 80 90 a8 37 a9 c1 Sep 21 07:25:32.276242: | ikev2 g^x 39 31 82 01 20 16 e1 51 34 b4 3f 04 c0 1d 2b d9 Sep 21 07:25:32.276245: | ikev2 g^x a0 6e fc 96 0d e4 c0 d3 16 d7 02 60 81 21 b6 fc Sep 21 07:25:32.276247: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:32.276249: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:32.276251: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:32.276253: | flags: none (0x0) Sep 21 07:25:32.276256: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:32.276260: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:32.276262: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.276265: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:32.276267: | IKEv2 nonce d7 c1 46 fe fb dc 6c 5a f6 e9 d5 2c 4e f1 9b fd Sep 21 07:25:32.276269: | IKEv2 nonce 2a b0 fa 07 06 42 79 c7 e6 45 eb 17 4a d2 cd a6 Sep 21 07:25:32.276271: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:32.276275: | Adding a v2N Payload Sep 21 07:25:32.276278: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.276280: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.276282: | flags: none (0x0) Sep 21 07:25:32.276487: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.276491: | SPI size: 0 (0x0) Sep 21 07:25:32.276494: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:32.276497: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.276500: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.276502: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:32.276506: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:32.276509: | natd_hash: rcookie is zero Sep 21 07:25:32.276519: | natd_hash: hasher=0x555cbc4867a0(20) Sep 21 07:25:32.276521: | natd_hash: icookie= e9 08 b0 33 40 8d 7c 8b Sep 21 07:25:32.276524: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:32.276526: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:32.276528: | natd_hash: port= 01 f4 Sep 21 07:25:32.276530: | natd_hash: hash= 97 13 1b a7 1b fa bb 55 e4 4f 67 43 3e 5b a5 7a Sep 21 07:25:32.276532: | natd_hash: hash= f0 37 f2 6f Sep 21 07:25:32.276535: | Adding a v2N Payload Sep 21 07:25:32.276537: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.276539: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.276542: | flags: none (0x0) Sep 21 07:25:32.276544: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.276546: | SPI size: 0 (0x0) Sep 21 07:25:32.276549: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:32.276552: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.276554: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.276557: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:32.276559: | Notify data 97 13 1b a7 1b fa bb 55 e4 4f 67 43 3e 5b a5 7a Sep 21 07:25:32.276562: | Notify data f0 37 f2 6f Sep 21 07:25:32.276564: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:32.276566: | natd_hash: rcookie is zero Sep 21 07:25:32.276572: | natd_hash: hasher=0x555cbc4867a0(20) Sep 21 07:25:32.276574: | natd_hash: icookie= e9 08 b0 33 40 8d 7c 8b Sep 21 07:25:32.276577: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:32.276579: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:32.276581: | natd_hash: port= 01 f4 Sep 21 07:25:32.276583: | natd_hash: hash= 1f cb 4e 89 b1 ec 55 04 03 33 43 d2 15 15 67 1e Sep 21 07:25:32.276585: | natd_hash: hash= 5b 4d 4e 8d Sep 21 07:25:32.276587: | Adding a v2N Payload Sep 21 07:25:32.276590: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.276592: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.276594: | flags: none (0x0) Sep 21 07:25:32.276597: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.276599: | SPI size: 0 (0x0) Sep 21 07:25:32.276601: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:32.276604: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.276606: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.276609: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:32.276611: | Notify data 1f cb 4e 89 b1 ec 55 04 03 33 43 d2 15 15 67 1e Sep 21 07:25:32.276614: | Notify data 5b 4d 4e 8d Sep 21 07:25:32.276616: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:32.276618: | emitting length of ISAKMP Message: 440 Sep 21 07:25:32.276624: | stop processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:32.276632: | start processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.276636: | #8 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:32.276639: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:32.276641: | parent state #8: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:32.276644: | Message ID: updating counters for #8 to 4294967295 after switching state Sep 21 07:25:32.276647: | Message ID: IKE #8 skipping update_recv as MD is fake Sep 21 07:25:32.276651: | Message ID: sent #8 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:32.276654: "north-eastnets/0x2" #8: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:32.276659: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:32.276665: | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #8) Sep 21 07:25:32.276667: | e9 08 b0 33 40 8d 7c 8b 00 00 00 00 00 00 00 00 Sep 21 07:25:32.276669: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:25:32.276672: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:25:32.276674: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:32.276676: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:25:32.276678: | 00 0e 00 00 a9 bb 6f 37 25 3f da c0 e9 ee 30 fc Sep 21 07:25:32.276680: | e2 e1 8a 31 f8 7f 7f 87 3e 0a f3 73 ee 93 b2 2b Sep 21 07:25:32.276682: | b9 31 25 24 76 7c 2e a3 dc 9a 59 ee 5c f7 cc fd Sep 21 07:25:32.276684: | 1a c9 8f 23 05 bf 27 fb c5 74 6d 88 84 4a be f0 Sep 21 07:25:32.276687: | 0a 20 1d 18 8c 27 a7 1b b0 02 57 2a b8 58 4e bf Sep 21 07:25:32.276689: | ba 71 5f e8 17 42 76 5a b4 60 67 cd a5 77 54 bc Sep 21 07:25:32.276691: | 86 e5 6b 21 13 f8 b7 d5 ac 19 bb fc 7f e1 04 59 Sep 21 07:25:32.276693: | 47 30 2d c2 41 0d c6 84 16 23 43 54 3b 47 95 08 Sep 21 07:25:32.276695: | e3 da 45 8f d5 7e a7 5a 06 d6 1d 5e 64 59 97 29 Sep 21 07:25:32.276697: | 88 91 6e 6d 9f 93 17 31 9e b3 08 a9 22 8b bd 7d Sep 21 07:25:32.276699: | ae a8 98 1b 46 6d 1d ac 9b c4 8f 71 ce 73 75 6e Sep 21 07:25:32.276701: | 9b 01 58 83 78 3b 9b 96 54 a3 4c 8f 86 99 79 65 Sep 21 07:25:32.276704: | 96 78 8a a1 e5 12 f0 68 89 c7 90 0c a7 8c 2f d5 Sep 21 07:25:32.276706: | d9 50 89 a7 cb b2 5d 39 ec ee 4b f0 2a 50 80 90 Sep 21 07:25:32.276708: | a8 37 a9 c1 39 31 82 01 20 16 e1 51 34 b4 3f 04 Sep 21 07:25:32.276710: | c0 1d 2b d9 a0 6e fc 96 0d e4 c0 d3 16 d7 02 60 Sep 21 07:25:32.276712: | 81 21 b6 fc 29 00 00 24 d7 c1 46 fe fb dc 6c 5a Sep 21 07:25:32.276714: | f6 e9 d5 2c 4e f1 9b fd 2a b0 fa 07 06 42 79 c7 Sep 21 07:25:32.276716: | e6 45 eb 17 4a d2 cd a6 29 00 00 08 00 00 40 2e Sep 21 07:25:32.276718: | 29 00 00 1c 00 00 40 04 97 13 1b a7 1b fa bb 55 Sep 21 07:25:32.276721: | e4 4f 67 43 3e 5b a5 7a f0 37 f2 6f 00 00 00 1c Sep 21 07:25:32.276723: | 00 00 40 05 1f cb 4e 89 b1 ec 55 04 03 33 43 d2 Sep 21 07:25:32.276725: | 15 15 67 1e 5b 4d 4e 8d Sep 21 07:25:32.276765: | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.276770: | libevent_free: release ptr-libevent@0x7fd394006b50 Sep 21 07:25:32.276773: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555cbddca260 Sep 21 07:25:32.276776: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:32.276780: | event_schedule: new EVENT_RETRANSMIT-pe@0x555cbddca260 Sep 21 07:25:32.276790: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8 Sep 21 07:25:32.276795: | libevent_malloc: new ptr-libevent@0x7fd394006b50 size 128 Sep 21 07:25:32.276800: | #8 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49378.645044 Sep 21 07:25:32.276805: | resume sending helper answer for #8 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:32.276810: | #8 spent 0.552 milliseconds in resume sending helper answer Sep 21 07:25:32.276815: | stop processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:32.276818: | libevent_free: release ptr-libevent@0x7fd390005fe0 Sep 21 07:25:32.449886: | kernel_process_msg_cb process netlink message Sep 21 07:25:32.449903: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:32.449905: | xfrm netlink msg len 376 Sep 21 07:25:32.449907: | xfrm acquire rtattribute type 5 Sep 21 07:25:32.449908: | xfrm acquire rtattribute type 16 Sep 21 07:25:32.449918: | add bare shunt 0x7fd390005fe0 192.0.3.254/32:0 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.449923: initiate on demand from 192.0.3.254:0 to 192.0.2.254:0 proto=1 because: acquire Sep 21 07:25:32.449927: | find_connection: looking for policy for connection: 192.0.3.254:1/0 -> 192.0.2.254:1/0 Sep 21 07:25:32.449929: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:32.449933: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.3.0/24:0 -> 192.0.2.0/24:0 [pri: 25214988] Sep 21 07:25:32.449935: | find_connection: first OK "north-eastnets/0x1" [pri:25214988]{0x555cbddbf8c0} (child none) Sep 21 07:25:32.449937: | find_connection: concluding with "north-eastnets/0x1" [pri:25214988]{0x555cbddbf8c0} kind=CK_PERMANENT Sep 21 07:25:32.449939: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:32.449940: | assign_holdpass() need broad(er) shunt Sep 21 07:25:32.449943: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.449946: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:32.449949: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:32.449950: | raw_eroute result=success Sep 21 07:25:32.449952: | assign_holdpass() eroute_connection() done Sep 21 07:25:32.449953: | fiddle_bare_shunt called Sep 21 07:25:32.449955: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:32.449956: | removing specific host-to-host bare shunt Sep 21 07:25:32.449959: | delete narrow %hold eroute 192.0.3.254/32:0 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Sep 21 07:25:32.449961: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:32.449972: | raw_eroute result=success Sep 21 07:25:32.449975: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:32.449978: | delete bare shunt 0x7fd390005fe0 192.0.3.254/32:0 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.449980: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:32.449981: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:32.449983: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.449987: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-eastnets/0x1" IKE SA #8 "north-eastnets/0x2" Sep 21 07:25:32.449990: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Sep 21 07:25:32.449996: | spent 0.0947 milliseconds in kernel message Sep 21 07:25:32.512869: | kernel_process_msg_cb process netlink message Sep 21 07:25:32.512890: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:32.512893: | xfrm netlink msg len 376 Sep 21 07:25:32.512896: | xfrm acquire rtattribute type 5 Sep 21 07:25:32.512898: | xfrm acquire rtattribute type 16 Sep 21 07:25:32.512910: | add bare shunt 0x7fd390005fe0 192.0.3.254/32:0 --1--> 192.0.2.251/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.512916: initiate on demand from 192.0.3.254:0 to 192.0.2.251:0 proto=1 because: acquire Sep 21 07:25:32.512922: | find_connection: looking for policy for connection: 192.0.3.254:1/0 -> 192.0.2.251:1/0 Sep 21 07:25:32.512925: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:32.512934: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.3.0/24:0 -> 192.0.2.0/24:0 [pri: 25214988] Sep 21 07:25:32.512938: | find_connection: first OK "north-eastnets/0x1" [pri:25214988]{0x555cbddbf8c0} (child none) Sep 21 07:25:32.512941: | find_connection: concluding with "north-eastnets/0x1" [pri:25214988]{0x555cbddbf8c0} kind=CK_PERMANENT Sep 21 07:25:32.512944: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:32.512946: | assign_holdpass() need broad(er) shunt Sep 21 07:25:32.512949: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.512956: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:32.512958: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:32.512961: | raw_eroute result=success Sep 21 07:25:32.512963: | assign_holdpass() eroute_connection() done Sep 21 07:25:32.512965: | fiddle_bare_shunt called Sep 21 07:25:32.512968: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:32.512970: | removing specific host-to-host bare shunt Sep 21 07:25:32.512975: | delete narrow %hold eroute 192.0.3.254/32:0 --1-> 192.0.2.251/32:0 => %hold (raw_eroute) Sep 21 07:25:32.512978: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:32.512990: | raw_eroute result=success Sep 21 07:25:32.512993: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:32.512999: | delete bare shunt 0x7fd390005fe0 192.0.3.254/32:0 --1--> 192.0.2.251/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.513001: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:32.513004: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:32.513006: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.513011: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-eastnets/0x1" Sep 21 07:25:32.513016: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.251 Sep 21 07:25:32.513023: | spent 0.135 milliseconds in kernel message Sep 21 07:25:32.640841: | kernel_process_msg_cb process netlink message Sep 21 07:25:32.640859: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:32.640863: | xfrm netlink msg len 376 Sep 21 07:25:32.640865: | xfrm acquire rtattribute type 5 Sep 21 07:25:32.640868: | xfrm acquire rtattribute type 16 Sep 21 07:25:32.640879: | add bare shunt 0x7fd390005fe0 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.640885: initiate on demand from 192.0.3.254:8 to 192.0.22.254:0 proto=1 because: acquire Sep 21 07:25:32.640891: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.22.254:1/0 Sep 21 07:25:32.640894: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:32.640899: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.3.0/24:0 -> 192.0.22.0/24:0 [pri: 25214986] Sep 21 07:25:32.640902: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x555cbddc0910} (child none) Sep 21 07:25:32.640906: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x555cbddc0910} kind=CK_PERMANENT Sep 21 07:25:32.640909: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:32.640911: | assign_holdpass() need broad(er) shunt Sep 21 07:25:32.640914: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.640921: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:32.640924: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:32.640926: | raw_eroute result=success Sep 21 07:25:32.640929: | assign_holdpass() eroute_connection() done Sep 21 07:25:32.640931: | fiddle_bare_shunt called Sep 21 07:25:32.640933: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:32.640936: | removing specific host-to-host bare shunt Sep 21 07:25:32.640941: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.22.254/32:0 => %hold (raw_eroute) Sep 21 07:25:32.640947: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:32.640958: | raw_eroute result=success Sep 21 07:25:32.640962: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:32.640967: | delete bare shunt 0x7fd390005fe0 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.640970: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:32.640972: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:32.640975: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.640980: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-eastnets/0x2" Sep 21 07:25:32.640984: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.22.254 Sep 21 07:25:32.640992: | spent 0.133 milliseconds in kernel message Sep 21 07:25:32.704845: | kernel_process_msg_cb process netlink message Sep 21 07:25:32.704866: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:32.704869: | xfrm netlink msg len 376 Sep 21 07:25:32.704872: | xfrm acquire rtattribute type 5 Sep 21 07:25:32.704874: | xfrm acquire rtattribute type 16 Sep 21 07:25:32.704886: | add bare shunt 0x7fd390005fe0 192.0.3.254/32:8 --1--> 192.0.22.251/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.704892: initiate on demand from 192.0.3.254:8 to 192.0.22.251:0 proto=1 because: acquire Sep 21 07:25:32.704899: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.22.251:1/0 Sep 21 07:25:32.704902: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:32.704908: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.3.0/24:0 -> 192.0.22.0/24:0 [pri: 25214986] Sep 21 07:25:32.704911: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x555cbddc0910} (child none) Sep 21 07:25:32.704915: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x555cbddc0910} kind=CK_PERMANENT Sep 21 07:25:32.704918: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:32.704920: | assign_holdpass() need broad(er) shunt Sep 21 07:25:32.704923: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.704930: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:32.704933: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:32.704936: | raw_eroute result=success Sep 21 07:25:32.704938: | assign_holdpass() eroute_connection() done Sep 21 07:25:32.704940: | fiddle_bare_shunt called Sep 21 07:25:32.704943: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:32.704945: | removing specific host-to-host bare shunt Sep 21 07:25:32.704950: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.22.251/32:0 => %hold (raw_eroute) Sep 21 07:25:32.704953: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:32.704963: | raw_eroute result=success Sep 21 07:25:32.704967: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:32.704972: | delete bare shunt 0x7fd390005fe0 192.0.3.254/32:8 --1--> 192.0.22.251/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.704975: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:32.704978: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:32.704980: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.704986: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-eastnets/0x2" Sep 21 07:25:32.704991: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.22.251 Sep 21 07:25:32.704998: | spent 0.133 milliseconds in kernel message Sep 21 07:25:32.731025: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.731079: shutting down Sep 21 07:25:32.731088: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:32.731096: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:32.731103: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:32.731105: forgetting secrets Sep 21 07:25:32.731111: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:32.731115: | unreference key: 0x555cbdd226c0 @east cnt 1-- Sep 21 07:25:32.731119: | unreference key: 0x555cbdd198f0 @north cnt 1-- Sep 21 07:25:32.731136: | start processing: connection "north-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:25:32.731140: | removing pending policy for no connection {0x555cbdd1e8f0} Sep 21 07:25:32.731142: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:32.731145: | pass 0 Sep 21 07:25:32.731147: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:32.731149: | state #8 Sep 21 07:25:32.731153: | suspend processing: connection "north-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:32.731159: | start processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:32.731161: | pstats #8 ikev2.ike deleted other Sep 21 07:25:32.731166: | #8 spent 1.45 milliseconds in total Sep 21 07:25:32.731171: | [RE]START processing: state #8 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.731175: "north-eastnets/0x2" #8: deleting state (STATE_PARENT_I1) aged 0.456s and NOT sending notification Sep 21 07:25:32.731178: | parent state #8: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:32.731181: | state #8 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:32.731184: | #8 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:32.731188: | libevent_free: release ptr-libevent@0x7fd394006b50 Sep 21 07:25:32.731190: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555cbddca260 Sep 21 07:25:32.731193: | in connection_discard for connection north-eastnets/0x1 Sep 21 07:25:32.731196: | removing pending policy for "north-eastnets/0x1" {0x555cbdd1de10} Sep 21 07:25:32.731199: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:32.731201: | picked newest_isakmp_sa #0 for #8 Sep 21 07:25:32.731204: "north-eastnets/0x2" #8: deleting IKE SA for connection 'north-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:32.731207: | add revival: connection 'north-eastnets/0x2' added to the list and scheduled for 5 seconds Sep 21 07:25:32.731210: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:25:32.731216: | stop processing: connection "north-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:32.731219: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:32.731221: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:25:32.731224: | State DB: deleting IKEv2 state #8 in PARENT_I1 Sep 21 07:25:32.731227: | parent state #8: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:32.731246: | stop processing: state #8 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.731250: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:32.731253: | pass 1 Sep 21 07:25:32.731255: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:32.731261: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:25:32.731267: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:25:32.731270: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.731314: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:25:32.731338: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:32.731344: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.731346: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:32.731349: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.731352: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:32.731355: | route owner of "north-eastnets/0x2" unrouted: NULL Sep 21 07:25:32.731358: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:32.731361: | command executing unroute-client Sep 21 07:25:32.731388: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n Sep 21 07:25:32.731391: | popen cmd is 1035 chars long Sep 21 07:25:32.731394: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:25:32.731397: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:25:32.731399: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:25:32.731402: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:32.731404: | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Sep 21 07:25:32.731419: | cmd( 400):D='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' P: Sep 21 07:25:32.731422: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:25:32.731424: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSA: Sep 21 07:25:32.731426: | cmd( 640):SIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:25:32.731429: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:25:32.731432: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:25:32.731434: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:25:32.731437: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:32.742127: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742143: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742145: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742154: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742165: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742177: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742190: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742201: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742213: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742225: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742237: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742251: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742263: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742276: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742292: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742298: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742312: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742323: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742336: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742348: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742359: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742769: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742781: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742797: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742809: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742823: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742835: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742847: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742858: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742870: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742883: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742896: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742908: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742920: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742931: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742945: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742958: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742970: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742982: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.742993: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743007: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743019: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743031: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743042: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743054: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743068: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743081: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743092: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743104: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743116: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743129: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743142: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743155: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743167: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743179: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743194: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743206: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743218: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743229: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743242: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743256: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743268: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743280: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743292: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743303: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743317: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743332: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743350: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743359: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743368: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743382: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743395: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743406: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743419: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743430: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743444: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743456: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743468: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743481: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743492: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743506: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743519: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743531: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743543: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743555: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743569: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743580: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743595: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743603: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743615: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743629: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743641: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743652: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743664: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743676: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743690: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743703: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743715: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743727: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743739: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.743753: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.749007: | flush revival: connection 'north-eastnets/0x2' revival flushed Sep 21 07:25:32.749021: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:32.749029: | start processing: connection "north-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:25:32.749033: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:32.749039: | pass 0 Sep 21 07:25:32.749041: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:32.749044: | pass 1 Sep 21 07:25:32.749046: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:32.749054: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:32.749059: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:32.749063: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.749109: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:25:32.749121: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:32.749125: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.749127: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:32.749131: | route owner of "north-eastnets/0x1" unrouted: NULL Sep 21 07:25:32.749134: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:32.749137: | command executing unroute-client Sep 21 07:25:32.749166: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:25:32.749169: | popen cmd is 1033 chars long Sep 21 07:25:32.749172: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:25:32.749175: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:25:32.749177: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:25:32.749180: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:32.749183: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Sep 21 07:25:32.749185: | cmd( 400):D='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLU: Sep 21 07:25:32.749188: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:25:32.749190: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASI: Sep 21 07:25:32.749193: | cmd( 640):G+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Sep 21 07:25:32.749196: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Sep 21 07:25:32.749198: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Sep 21 07:25:32.749201: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Sep 21 07:25:32.749204: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:32.760459: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760476: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760485: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760489: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760502: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760513: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760526: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760538: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760550: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760562: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760574: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760589: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760601: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760612: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760624: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760636: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760649: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760661: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760673: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760686: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.760698: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761115: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761126: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761138: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761150: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761163: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761174: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761186: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761198: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761209: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761222: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761234: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761246: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761257: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761269: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761282: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761294: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761307: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761318: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761330: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761343: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761355: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761366: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761379: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761391: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761404: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761415: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761427: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761439: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761451: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761464: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761478: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761490: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761502: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761514: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761527: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761539: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761550: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761567: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761579: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761592: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761605: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761617: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761628: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761640: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761652: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761665: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761677: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761689: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761700: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761713: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761724: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761736: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761749: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761760: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761773: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761787: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761800: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761812: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761823: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761836: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761849: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761861: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761874: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761886: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761899: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761910: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761923: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761935: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761947: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761960: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761972: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761985: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.761996: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762008: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762020: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762033: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762045: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762058: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762070: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.762083: "north-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:32.768206: | free hp@0x555cbdd8b6c0 Sep 21 07:25:32.768236: | flush revival: connection 'north-eastnets/0x1' wasn't on the list Sep 21 07:25:32.768240: | stop processing: connection "north-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:25:32.768246: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:32.768249: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:32.768258: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:32.768262: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:32.768265: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:32.768268: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:25:32.768271: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:32.768274: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:25:32.768278: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:32.768286: | libevent_free: release ptr-libevent@0x555cbddbeb80 Sep 21 07:25:32.768290: | free_event_entry: release EVENT_NULL-pe@0x555cbddbeb40 Sep 21 07:25:32.768299: | libevent_free: release ptr-libevent@0x555cbddbec70 Sep 21 07:25:32.768302: | free_event_entry: release EVENT_NULL-pe@0x555cbddbec30 Sep 21 07:25:32.768308: | libevent_free: release ptr-libevent@0x555cbddbed60 Sep 21 07:25:32.768311: | free_event_entry: release EVENT_NULL-pe@0x555cbddbed20 Sep 21 07:25:32.768317: | libevent_free: release ptr-libevent@0x555cbddbee50 Sep 21 07:25:32.768320: | free_event_entry: release EVENT_NULL-pe@0x555cbddbee10 Sep 21 07:25:32.768329: | libevent_free: release ptr-libevent@0x555cbddbef40 Sep 21 07:25:32.768332: | free_event_entry: release EVENT_NULL-pe@0x555cbddbef00 Sep 21 07:25:32.768338: | libevent_free: release ptr-libevent@0x555cbddbf030 Sep 21 07:25:32.768340: | free_event_entry: release EVENT_NULL-pe@0x555cbddbeff0 Sep 21 07:25:32.768345: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:32.768801: | libevent_free: release ptr-libevent@0x555cbddbe4a0 Sep 21 07:25:32.768808: | free_event_entry: release EVENT_NULL-pe@0x555cbdda2350 Sep 21 07:25:32.768813: | libevent_free: release ptr-libevent@0x555cbddb3fb0 Sep 21 07:25:32.768815: | free_event_entry: release EVENT_NULL-pe@0x555cbdda7dc0 Sep 21 07:25:32.768819: | libevent_free: release ptr-libevent@0x555cbddb3f20 Sep 21 07:25:32.768821: | free_event_entry: release EVENT_NULL-pe@0x555cbdda7e00 Sep 21 07:25:32.768824: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:32.768827: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:32.768829: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:32.768832: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:32.768834: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:32.768837: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:32.768839: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:32.768841: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:32.768844: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:32.768848: | libevent_free: release ptr-libevent@0x555cbddbe570 Sep 21 07:25:32.768851: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:32.768854: | libevent_free: release ptr-libevent@0x555cbddbe650 Sep 21 07:25:32.768856: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:32.768859: | libevent_free: release ptr-libevent@0x555cbddbe710 Sep 21 07:25:32.768862: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:32.768864: | libevent_free: release ptr-libevent@0x555cbddb3320 Sep 21 07:25:32.768867: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:32.768869: | releasing event base Sep 21 07:25:32.768881: | libevent_free: release ptr-libevent@0x555cbddbe7d0 Sep 21 07:25:32.768883: | libevent_free: release ptr-libevent@0x555cbdd93ed0 Sep 21 07:25:32.768887: | libevent_free: release ptr-libevent@0x555cbdda2690 Sep 21 07:25:32.768889: | libevent_free: release ptr-libevent@0x555cbddc94c0 Sep 21 07:25:32.768892: | libevent_free: release ptr-libevent@0x555cbdda26b0 Sep 21 07:25:32.768895: | libevent_free: release ptr-libevent@0x555cbddbe530 Sep 21 07:25:32.768897: | libevent_free: release ptr-libevent@0x555cbddbe610 Sep 21 07:25:32.768900: | libevent_free: release ptr-libevent@0x555cbdda2740 Sep 21 07:25:32.768914: | libevent_free: release ptr-libevent@0x555cbdda70e0 Sep 21 07:25:32.768917: | libevent_free: release ptr-libevent@0x555cbdda7100 Sep 21 07:25:32.768919: | libevent_free: release ptr-libevent@0x555cbddbf0c0 Sep 21 07:25:32.768921: | libevent_free: release ptr-libevent@0x555cbddbefd0 Sep 21 07:25:32.768923: | libevent_free: release ptr-libevent@0x555cbddbeee0 Sep 21 07:25:32.768926: | libevent_free: release ptr-libevent@0x555cbddbedf0 Sep 21 07:25:32.768928: | libevent_free: release ptr-libevent@0x555cbddbed00 Sep 21 07:25:32.768930: | libevent_free: release ptr-libevent@0x555cbddbec10 Sep 21 07:25:32.768933: | libevent_free: release ptr-libevent@0x555cbdd24370 Sep 21 07:25:32.768935: | libevent_free: release ptr-libevent@0x555cbddbe6f0 Sep 21 07:25:32.768937: | libevent_free: release ptr-libevent@0x555cbddbe630 Sep 21 07:25:32.768940: | libevent_free: release ptr-libevent@0x555cbddbe550 Sep 21 07:25:32.768942: | libevent_free: release ptr-libevent@0x555cbddbe7b0 Sep 21 07:25:32.768944: | libevent_free: release ptr-libevent@0x555cbdd225b0 Sep 21 07:25:32.768947: | libevent_free: release ptr-libevent@0x555cbdda26d0 Sep 21 07:25:32.768949: | libevent_free: release ptr-libevent@0x555cbdda2700 Sep 21 07:25:32.768951: | libevent_free: release ptr-libevent@0x555cbdda23f0 Sep 21 07:25:32.768956: | releasing global libevent data Sep 21 07:25:32.768959: | libevent_free: release ptr-libevent@0x555cbdda10e0 Sep 21 07:25:32.768961: | libevent_free: release ptr-libevent@0x555cbdda2390 Sep 21 07:25:32.768964: | libevent_free: release ptr-libevent@0x555cbdda23c0